Re: Where's the AUTOEXEC ???
"I then sent the database to another computer, here in my office. But I sent it via GOTOASSIST. Unpacked the database. The AUTOEXEC WAS THERE !"
What were you using before the GoToAssist test that worked? If another remote app service was used, could it be the culprit?
I use SimpleHelp. An early version did not overwrite existing files on the target computer. It said it did, but it did not.
Why are you zipping just 4 small files? Try just sending the files needed without the zipping, as I suggested above.
How about using Google drive to move the files, without zipping or remote transfer touching them?
Ted has a good question with what zip tool are you zipping with? I can see a zip tool on one end or the other fouling a file... Never happened to me before, but maybe the zip tool is infecting memo-like files?
Is Larry's computer infecting the zip file, which seems unlikely with such a seasoned user. I would assume he has solid AV running?
Larry, are you and I think Ted suggesting an antivirus surgically scraped out the just autoexec script? Are there other scripts in the library after the alleged removal, with just the autoexec disappearing?? Are they still there? Did the date modified on the alx, alm, or alb files change at the point it was removed? What is in the script that might trigger a heuristic false-positive? Are you calling out to an infected file with SYS_OPEN(), SYS_SHELL(), popups messages, or something?
The sample you provided has the autoexec by me, as Tim also confirmed. I use McAfee AV.
I'm sticking with the idea that the file isn't getting overwritten, or my (& some of Ted's) other ideas above. (I still find a Window's update unlikely as there would be a flurry of activity on the board, and my phone would be ringing like crazy with hundreds of callers.)
Please be sure to post your solution. This is something of a puzzle, and I find it intriguing...
"I then sent the database to another computer, here in my office. But I sent it via GOTOASSIST. Unpacked the database. The AUTOEXEC WAS THERE !"
What were you using before the GoToAssist test that worked? If another remote app service was used, could it be the culprit?
I use SimpleHelp. An early version did not overwrite existing files on the target computer. It said it did, but it did not.
Why are you zipping just 4 small files? Try just sending the files needed without the zipping, as I suggested above.
How about using Google drive to move the files, without zipping or remote transfer touching them?
Ted has a good question with what zip tool are you zipping with? I can see a zip tool on one end or the other fouling a file... Never happened to me before, but maybe the zip tool is infecting memo-like files?
Is Larry's computer infecting the zip file, which seems unlikely with such a seasoned user. I would assume he has solid AV running?
Larry, are you and I think Ted suggesting an antivirus surgically scraped out the just autoexec script? Are there other scripts in the library after the alleged removal, with just the autoexec disappearing?? Are they still there? Did the date modified on the alx, alm, or alb files change at the point it was removed? What is in the script that might trigger a heuristic false-positive? Are you calling out to an infected file with SYS_OPEN(), SYS_SHELL(), popups messages, or something?
The sample you provided has the autoexec by me, as Tim also confirmed. I use McAfee AV.
I'm sticking with the idea that the file isn't getting overwritten, or my (& some of Ted's) other ideas above. (I still find a Window's update unlikely as there would be a flurry of activity on the board, and my phone would be ringing like crazy with hundreds of callers.)
Please be sure to post your solution. This is something of a puzzle, and I find it intriguing...
Comment