BoiseNetWiz
April 10, 2009 9:16 AM Subscribe
I was looking in my TEMP folder in a wave of paranoia related to the conficker virus and I found these two files: BoiseNetWiz.his and BoiseNetWiz.txt. I didn't find the text file too illuminating nor did a Google search help too much.
What is this file for? Should I delete it?
Best answer: This page suggests it's related to the HP Officejet 7310 printer. Since it's dated 2004, it's unlikely that this file is anything to do with conflicker.
Few viruses give away their presence by always using the same filename - virus detection would be a lot easier if that were so! Instead of looking for viruses manually, have a look at some previous AskMe questions on detecting and removing malware.
posted by Busy Old Fool at 9:28 AM on April 10, 2009
Few viruses give away their presence by always using the same filename - virus detection would be a lot easier if that were so! Instead of looking for viruses manually, have a look at some previous AskMe questions on detecting and removing malware.
posted by Busy Old Fool at 9:28 AM on April 10, 2009
Response by poster: Busy Old Fool, I do have an HP printer so that is likely it. Thanks for that find!
I do have virus protection but I was reading about Conficker today and the article mentioned:
"The rogue anti-virus software, however, was not the only piece of rubbish to be sent to Conficker infected systems this week. Researchers at Trend Micro reported the first stirrings of Conficker.C on Wednesday, when they noticed a new file show up in the temporary director of a number of test machines they'd infected with the worm. They later determined the file had been placed there via Conficker's built-in peer-to-peer (P2P) communications capability, which allows large groupings of infected systems to hand off software updates and instructions being pushed out by the worm authors.
Trend found that the update was a version of the Waledac family of spam Trojans. Due to similarities in the code and other telltale signs, researchers consider Waledac to be the reincarnation of the "Storm worm," a spam virus that also used a sophisticated P2P mechanism to spread and share updates. "
posted by Red58 at 9:33 AM on April 10, 2009
I do have virus protection but I was reading about Conficker today and the article mentioned:
"The rogue anti-virus software, however, was not the only piece of rubbish to be sent to Conficker infected systems this week. Researchers at Trend Micro reported the first stirrings of Conficker.C on Wednesday, when they noticed a new file show up in the temporary director of a number of test machines they'd infected with the worm. They later determined the file had been placed there via Conficker's built-in peer-to-peer (P2P) communications capability, which allows large groupings of infected systems to hand off software updates and instructions being pushed out by the worm authors.
Trend found that the update was a version of the Waledac family of spam Trojans. Due to similarities in the code and other telltale signs, researchers consider Waledac to be the reincarnation of the "Storm worm," a spam virus that also used a sophisticated P2P mechanism to spread and share updates. "
posted by Red58 at 9:33 AM on April 10, 2009
FWIW, part of the group that develops HP Printers are based in Boise.
posted by mmascolino at 9:33 AM on April 10, 2009
posted by mmascolino at 9:33 AM on April 10, 2009
Here's a Conficker Eye Chart. If you don't see all six logos you may be infected.
posted by carsonb at 10:12 AM on April 10, 2009 [4 favorites]
posted by carsonb at 10:12 AM on April 10, 2009 [4 favorites]
Download scs.exe from here.
Type scs.exe YOURIPADDRESS
or do a whole range, lets say your lan consists of 192.168.1.x
scs.exe 192.168.1.1 192.168.1.254
posted by damn dirty ape at 10:16 AM on April 10, 2009
Type scs.exe YOURIPADDRESS
or do a whole range, lets say your lan consists of 192.168.1.x
scs.exe 192.168.1.1 192.168.1.254
posted by damn dirty ape at 10:16 AM on April 10, 2009
I had to deal with 5 infected computers last week. All files that the virus produced or sent over the network to attempt to infect other machines with were randomly named and had, for the most part, a bmp, gif, or c extension. There were definitely no text files, and nothing with English words.
Also, the only reason those machines were infected was because the antivirus software was non-operational. The AV software on the rest of the unpatched machines stopped network infection as soon as any files showed up.
posted by niles at 10:44 AM on April 10, 2009
Also, the only reason those machines were infected was because the antivirus software was non-operational. The AV software on the rest of the unpatched machines stopped network infection as soon as any files showed up.
posted by niles at 10:44 AM on April 10, 2009
« Older Simple Easter game for the whole family? | Help me plan an international vacation for two.... Newer »
This thread is closed to new comments.
posted by umbĂș at 9:24 AM on April 10, 2009