1. Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 15, 2003
This is a multi-part message in MIME format.
------=_NextPart_000_0027_01C37BA8.7E070FA0
charset="iso-8859-1"
Recently I noticed after running Euphoria program "EXW.EXE" would =
become a 240K file (rather than 72K working file). I keep on having to =
replace the corrupt file with the original file. Has anyone got any =
idea or experienced anything similar ? It seems too selective to be a =
virus.
Thanks for any ideas,
Peter
------=_NextPart_000_0027_01C37BA8.7E070FA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Recently I noticed after running =
Euphoria=20
program </FONT><FONT face=3DArial size=3D2>"EXW.EXE" would become =
a 240K file=20
(rather than 72K working file). I keep on having to replace the =
corrupt=20
file with the original file. Has anyone got any =
idea or=20
experienced anything similar ? It seems too selective to be a=20
virus.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks for any ideas,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Peter</FONT></DIV>
<P><FONT face=3DArial size=3D2></FONT> </P>
------=_NextPart_000_0027_01C37BA8.7E070FA0--
2. Re: Corruption of "EXW.EXE"
I have botched system files before, when messing around with piping and
redirecting. As in "ps -ef > grep whatever" and I overwrite grep.
Maybe something like this is happening to you? Otherwise no, I've never
run into what you're describing with exw.exe.
Try flagging the exw.exe read-only and see if it still happens. If its
something in your code, maybe you'll get an error when the code tries to
modify it.
Ted
--On Monday, September 15, 2003 4:43 PM +1000 peter at blonner.com wrote:
>
>
> Recently I noticed after running Euphoria program "EXW.EXE" would become
> a 240K file (rather than 72K working file). I keep on having to replace
> the corrupt file with the original file. Has anyone got any idea or
> experienced anything similar ? It seems too selective to be a virus.
> Thanks for any ideas,
> Peter
>
>
>
>
> TOPICA - Start your own email discussion group. FREE!
3. Re: Corruption of "EXW.EXE"
On Mon, 15 Sep 2003 16:43:29 +1000, peter at blonner.com wrote:
>
>Recently I noticed after running Euphoria program "EXW.EXE" would =
become a 240K file (rather than 72K working file). I keep on having to =
replace the corrupt file with the original file. Has anyone got any =
idea or experienced anything similar ? It seems too selective to be a =
virus.
>
>Thanks for any ideas,
Not managing to run bindw -out exw.exe or similar by any chance are
you?
Pete
4. Re: Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 16, 2003
I had tried the Read-Only flag but it still corrupts the file. Actually,
the corruption happens when I restart the computer i.e during shutdown or
startup (I'm running XP).
These type of bugs can be difficult to isolate - (I was wrong about it
happening after running Euphoria)
Thanks,
Peter
----- Original Message -----
From: "Ted Fines" <fines at macalester.edu>
To: "EUforum" <EUforum at topica.com>
Sent: Monday, September 15, 2003 11:23 PM
Subject: Re: Corruption of "EXW.EXE"
>
>
> I have botched system files before, when messing around with piping and
> redirecting. As in "ps -ef > grep whatever" and I overwrite grep.
>
> Maybe something like this is happening to you? Otherwise no, I've never
> run into what you're describing with exw.exe.
>
> Try flagging the exw.exe read-only and see if it still happens. If its
> something in your code, maybe you'll get an error when the code tries to
> modify it.
>
> Ted
>
>
> --On Monday, September 15, 2003 4:43 PM +1000 peter at blonner.com wrote:
>
> >
> > Recently I noticed after running Euphoria program "EXW.EXE" would
become
> > a 240K file (rather than 72K working file). I keep on having to replace
> > the corrupt file with the original file. Has anyone got any idea or
> > experienced anything similar ? It seems too selective to be a virus.
> > Thanks for any ideas,
> > Peter
> >
> >
> > TOPICA - Start your own email discussion group. FREE!
>
>
>
> TOPICA - Start your own email discussion group. FREE!
>
>
5. Re: Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 16, 2003
Actually, the corruption happens when I restart the computer i.e during
shutdown or startup (I'm running XP).
These type of bugs can be difficult to isolate - (I was wrong about it
happening after running Euphoria)
I appreciate your suggestions for debugging which will be useful not just
for this case
Thanks,
Peter
----- Original Message -----
From: "Al Getz" <Xaxo at aol.com>
To: <EUforum at topica.com>
Sent: Monday, September 15, 2003 11:49 PM
Subject: RE: Corruption of "EXW.EXE"
>
>
> peter at blonner.com wrote:
> > Recently I noticed after running Euphoria program "EXW.EXE" would
> > become a 240K file (rather than 72K working file). I keep on having to
> > replace the corrupt file with the original file. Has anyone got any
> > idea or experienced anything similar ? It seems too selective to be a
> > virus.
> >
> > Thanks for any ideas,
> > Peter
> >
> >
> Hi Peter,
>
> Wow, dont think i've heard of that happening before, but
> as Ted was saying, it might be something that your program is
> doing when it tries to write a file.
> So, the next obvious question is:
> What does your program do; is it trying to write a file,
> and
> is this the only program it happens with?
>
> Try running a few other programs and if it doesnt happen with
> them, then you know it's that particular program overwriting
> the file.
>
> When you find suspect lines in the program (such as
> where a file is opened or redirection in a 'system' command
> occurs) you can insert a 'trace' command. Open an
> W Explorer view and watch the 'exw.exe' file.
> When you execute the suspect command, refresh the Explorer
> view and see if the file changed. When you get to the
> line that actually causes the problem, the file bytes shown
> in Explorer will change.
> Of course you could also write a program that simply looks
> at the 'exw.exe' file bytes and run that after every suspect
> line in your current program.
>
> Take care for now,
> Al
>
>
>
> TOPICA - Start your own email discussion group. FREE!
>
>
6. Re: Corruption of "EXW.EXE"
Hi Peter,
Can you send this corrupted exw.exe
to me at my private e-mail address?
Regards,
Igor Kachan
kinz at peterlink.ru
----------
> From: peter at blonner.com
> Subject: Re: Corruption of "EXW.EXE"
> Sent: 16 sep 2003 y. 10:24
>
> Actually, the corruption happens when I restart the computer i.e during
> shutdown or startup (I'm running XP).
> These type of bugs can be difficult to isolate - (I was wrong about it
> happening after running Euphoria)
> I appreciate your suggestions for debugging which will be useful not just
> for this case
>
> Thanks,
> Peter
7. Re: Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 16, 2003
No I have a registered version but have not tried bindw yet.
Actually, the corruption happens when I restart the computer i.e during
shutdown or startup (I'm running XP).
These type of bugs can be difficult to isolate - (I was wrong about it
happening after running Euphoria)
Thanks,
Peter
----- Original Message -----
From: "Pete Lomax" <petelomax at blueyonder.co.uk>
To: "EUforum" <EUforum at topica.com>
Sent: Tuesday, September 16, 2003 12:55 AM
Subject: Re: Corruption of "EXW.EXE"
>
>
> On Mon, 15 Sep 2003 16:43:29 +1000, peter at blonner.com wrote:
>
> >
> >Recently I noticed after running Euphoria program "EXW.EXE" would become
a 240K file (rather than 72K working file). I keep on having to replace the
corrupt file with the original file. Has anyone got any idea or
experienced anything similar ? It seems too selective to be a virus.
> >
> >Thanks for any ideas,
> Not managing to run bindw -out exw.exe or similar by any chance are
> you?
>
> Pete
>
>
>
> TOPICA - Start your own email discussion group. FREE!
>
>
8. Re: Corruption of "EXW.EXE"
- Posted by eugtk at yahoo.com
Sep 16, 2003
--- peter at blonner.com wrote:
> No I have a registered version but have not tried
> bindw yet.
> Actually, the corruption happens when I restart the
> computer i.e during
> shutdown or startup (I'm running XP).
> These type of bugs can be difficult to isolate - (I
> was wrong about it
> happening after running Euphoria)
First things first - get this:
http://www.mlin.net/StartupMonitor.shtml
and see what programs are running on startup which
shouldn't be running.
I suspect you have been infected with a form of
spyware. I would try removing exw, and replacing it
with a small text file of the same name. Then reboot,
and look at that file.
Also, I would take a look thru the corrupted exw with
'strings' or a hex editor, looking for clues. Most of
this spyware has some readable text. You may see
commands which are used to send e-mail, or snoop out
passwords, etc.
Irv
9. Re: Corruption of "EXW.EXE"
--=======140443AC=======
At 04:24 PM 9/16/03 +1000, you wrote:
>
>
>Actually, the corruption happens when I restart the computer i.e during
>shutdown or startup (I'm running XP).
>These type of bugs can be difficult to isolate - (I was wrong about it
>happening after running Euphoria)
>I appreciate your suggestions for debugging which will be useful not just
>for this case
>
>Thanks,
>Peter
Have you run chkdsk.exe on the drive containing exw.exe? I don't
know if there's such a thing as cross-linked files with NTFS, but you never
can tell. Run it *WITHOUT* the /F parameter first and see what
happens. It could be that WinXP is writing a log or something over exw.exe
upon startup.
Bob
--=======140443AC=======
Content-Type: text/plain; charset=us-ascii; x-avg=cert;
x-avg-checked=avg-ok-1FEA53B0
Content-Disposition: inline
---
--=======140443AC=======--
10. Re: Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 17, 2003
Thanks again and 'basic' is good! Igor found that my problem was in fact a
virus.
I have been battling to eradicate it, but it may require a complete clean
out and reinstall of everything.
Cheers,
Peter
----- Original Message -----
From: "Al Getz" <Xaxo at aol.com>
To: <EUforum at topica.com>
Sent: Wednesday, September 17, 2003 1:32 AM
Subject: RE: Corruption of "EXW.EXE"
>
>
> peter at blonner.com wrote:
> >
> >
> > Actually, the corruption happens when I restart the computer i.e during
> > shutdown or startup (I'm running XP).
> > These type of bugs can be difficult to isolate - (I was wrong about it
> > happening after running Euphoria)
> > I appreciate your suggestions for debugging which will be useful not
> > just
> > for this case
> >
> > Thanks,
> > Peter
> >
>
> Sorry if i got too 'basic' on you 
> Im used to getting questions from people that dont know
> much about programming, so i usually automatically
> default to explaining things from the ground up.
>
>
> If i were you i would
> check the boot up files to see if anything
> else uses the same path to the original file
> that is being altered.
>
> You might try renaming your Euphoria directory to
> something else, like Euphoria2 or something like that,
> then reboot.
> You could then verify that the file wasnt altered.
> If it wasnt altered, you could then modify your
> boot up files to point again to your Eu directory
> and boot up again, then check again for alteration.
>
> You could also check to see that you dont have any
> files in the startup directory that use Euphoria, just
> in case you have a program that runs automatically
> when you boot up that uses the exw.exe file.
>
> I hate to say 'reinstall Eu' but i guess that's an option.
> Copy all your files to another directory first of course.
>
>
> Just some ideas.
>
> Take care for now,
> Al
>
>
>
> TOPICA - Start your own email discussion group. FREE!
>
>
11. Re: Corruption of "EXW.EXE"
- Posted by peter at blonner.com
Sep 17, 2003
Thanks Irv. Igor found that my problem was in fact a virus.
I have been battling to eradicate it, but it may require a complete clean
out and reinstall of everything.
----- Original Message -----
From: <eugtk at yahoo.com>
To: "EUforum" <EUforum at topica.com>
Sent: Tuesday, September 16, 2003 11:41 PM
Subject: Re: Corruption of "EXW.EXE"
>
>
> --- peter at blonner.com wrote:
>
> > No I have a registered version but have not tried
> > bindw yet.
> > Actually, the corruption happens when I restart the
> > computer i.e during
> > shutdown or startup (I'm running XP).
> > These type of bugs can be difficult to isolate - (I
> > was wrong about it
> > happening after running Euphoria)
>
> First things first - get this:
> http://www.mlin.net/StartupMonitor.shtml
> and see what programs are running on startup which
> shouldn't be running.
>
> I suspect you have been infected with a form of
> spyware. I would try removing exw, and replacing it
> with a small text file of the same name. Then reboot,
> and look at that file.
>
> Also, I would take a look thru the corrupted exw with
> 'strings' or a hex editor, looking for clues. Most of
> this spyware has some readable text. You may see
> commands which are used to send e-mail, or snoop out
> passwords, etc.
>
> Irv
>
>
>
> TOPICA - Start your own email discussion group. FREE!
>
>
