Try checking by date. List new files since the event. However "real" buggernuts malware can modify the dates too.
A way to do this is to actually - for the OS and known apps - create a signature for each file and master list of files for each directory and then run a utility to spin through and do an "audit". I suggested this as a project many years ago but even more advanced whereby a directory would effectively be a .zip which could be "mounted" on the fly. This is not the loopback mount but more powerful. The concept is an old one. IBM used it in the mainframes and called it a "partition DataSet". The thing is these can be moved from DASD to DASD with the apps running! Then can even be moved from CPU to CPU. A partition Data Set is effectively what the file system for a VM is. The thing is that it can be mounted by the host OS or the Virtual OS. In your situation you would run the mail app in its own playpen then it can't pddle with anything outside of its playpen. This would make your life easier. In the mean time try looking by date. On Thu, Apr 21, 2011 at 10:52:01PM -0600, Ellen Mably wrote: > Hi Terr: > > I tried various parts of "Find" on Dolphin including looking for .zip in > subfiles, but it came up with nothing. I don't remember the file name and > did everything I could yesterday to get rid of it. > > Ellen > > On 21 April 2011 03:47, <t...@terralogic.net> wrote: > > > Do you still have the original. If so please send it to me. > > > > > > You should be able to do a simple "locate" and you can do a "find" and you > > can also look for a signature which can be done many ways including using > > "dd" but don't do that unless you are a real programmer and plan on dealing > > with real binary. There is expertise. I doubt you need it. > > > > This "virus" is probably some silly exploit which wants to love windows and > > since you are on Linux unless you also have wine installed its probably > > totally impotent. > > > > > > But I don't know. I don't know how your computers are configured. > > > > Personally I just use "mutt". I sometimes get many viruses a day and mutt > > is my favorite dog like friend who eats them, I get no bells and whistles > > and nothing is click and paste but I have to say over the years Mutt is > > Man's best friend. > > > > > > > > > > > > On Thu, Apr 21, 2011 at 01:51:53AM -0600, Ellen Mably wrote: > > > I look at my email too fast. I didn't send anything, and I didn't think I > > > was expecting anything. I don't think in computer language often; I've > > been > > > thinking in legal language lately. > > > > > > The email was scanned by Norton before downloading and it didn't report > > > anything. I took Mark's advice and looked in my "download" file and > > trashed > > > it x2. Hopefully, there won't be any consequences. > > > > > > Ellen > > > > > > On 20 April 2011 22:30, <kw...@csa-pdk.com> wrote: > > > > > > > I get those emails on one of my accounts. Just stand back and think > > about > > > > it - legitimate organizations like UPS would not bury the contents of > > their > > > > email in a zip file. Secondly, there is usually a website and a > > waybill > > > > number for you to track the progress of your shipment - they usually > > let you > > > > look it up rather than tell you the anticipated arrival, this way they > > make > > > > you go to their website and you get exposure to their services. It is > > like > > > > grocery stores placing the milk, bread and eggs at the back of the > > store - > > > > you bound to pickup something else along the way. > > > > > > > > Even seasoned computer people on occassion activate a virus, we just > > don't > > > > like admitting it. > > > > > > > > > > > > > > > > Sent from my BlackBerry device on the Rogers Wireless Network > > > > > > > > -----Original Message----- > > > > From: Ellen Mably <embiol...@gmail.com> > > > > Sender: clug-talk-boun...@clug.ca > > > > Date: Wed, 20 Apr 2011 20:56:55 > > > > To: CLUG General<clug-talk@clug.ca> > > > > Reply-To: CLUG General <clug-talk@clug.ca> > > > > Subject: Re: [clug-talk] UPS spam with attached zip file > > > > > > > > _______________________________________________ > > > > clug-talk mailing list > > > > clug-talk@clug.ca > > > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > > > **Please remove these lines when replying > > > > _______________________________________________ > > > > clug-talk mailing list > > > > clug-talk@clug.ca > > > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > > > **Please remove these lines when replying > > > > > > > > > _______________________________________________ > > > clug-talk mailing list > > > clug-talk@clug.ca > > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > > **Please remove these lines when replying > > > > _______________________________________________ > > clug-talk mailing list > > clug-talk@clug.ca > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
