a new type of malwares ?

I double click on the document file named Invoice_08.15.2011_Stropol‮cod.exe

then, CIS sandbox it automatically

Is that a new type of malwares?

the extension is exe.doc, not doc.exe

[attachment deleted by admin]

Me thinks you have Windows set to the default setting to hide extensions of known files. See attached image.

When using that setting you won’t see files with double extensions. In this case the user sees it is a .doc file and may open it because it is “only” a .doc file where the file is an executable.

[attachment deleted by admin]

?sdrawkcab epyt uoy ekam erawlam siht seoD


Even if it hid the extension, it wouldn’t mangle the file name like that and reverse the extension type. It would actually be something like doc.exe, not cod.exe.

I’m almost more interested in all the extra characters in there than I am about the reversed extension. Did the filename by chance contain any language specific characters and your system is set for a different character set?

Caught red handed. Can’t believe I missed that… 88) :o ;D

CIMA report:

FVS report:

CAV does not detect it by heuristics, “Heur.Dual.Extensions” :o

!srettel nacirema htous ro neporue nretsae adnik emos saw taht thguoht I !nmaD

:cry: >:-D

?yhw tub ,revelC


My response was to the OP first post. Originally lines 2,3,4 were reversed like that.
Have since been edited.
.dab kool I woN


They have? ??? Still looks backwards to me…

You have it cached?
It appears all straight here today.

Nope. I run my browser in Sandboxie and it wipes everything when I close the browser. Nothing cached whatsoever.

Are you trying to ■■■■■ with my head man? ??? Lines 2,3, & 4 in your quote are reversed… :-\

[attachment deleted by admin]

This is one of the most bizarre forum glitches I’ve seen.

My quote reads straight, yet your quote is how it appeared yesterday. ???

Owwwwwwwwww my head. :-\


This new type of malware has infected the forum! :o >:-D :smiley:

Yours is seriously showing straight? ??? I don’t even know how it could be possible for it to be showing us different things. It couldn’t be a server mirror issue, because if your post exists on the mirror, it couldn’t be using an old quote.

I don’t know what’s happening. :-\

Dead serious see pics. ???

[attachment deleted by admin]

It is the correct way in IE9, but it still appears wrong in FF V6.

I will logout do a full cache/cookie/history clean and see what happens.

[attachment deleted by admin]

Even more bizarre. Just closed my browser again (FF V6) to wipe all browsing data through Sandboxie.

I get the same results as posted before.

In Dragon (New 13 release) which I haven’t had on the forum for weeks shows correctly.

IE 8 which I’ve never used to access the forum shows exactly the same as FF 6! :cry:

Screenshots in order listed.

Edit: Could it possibly be an HTTP vs. HTTPS thing? I view the forums using HTTPS.

Edit 2: No, nevermind that. Dragon was also HTTPS…

[attachment deleted by admin]

i am using newest alpha build of opera 12 and i also see it backwards

[attachment deleted by admin]

Does the Forum itself cache somehow for set IPs or something?

I’m always in HTTPS as well.

I was on FF6, then yesterday I went to FF7 through Beta channel.

At least it explains the responses to my first backward post.
Others weren’t seeing it bass ackwards like I was.
I also checked the times, the OP did not edit his post after I responded, so to him I was way out there.

What changed was how I see it, but for you not yet.