Re: Help with Trojan Email
ON Saturday, October 19, 2002, 2:36:28 AM, you wrote: RO Now the cure of your problem. RO I'll mention a few possibilities: Hi Roelof, Assuming for that it is a problem HTML code that is causing this (I once had TB! crash on that) would it not be possible to install an older TB! version without the HTML engine or an other HTML engine and just delete the msg in that version? -- Best regards, Gerard -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Show respect for age. Drink good scotch. Using The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 3 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
Hallo Jonathan, On Fri, 18 Oct 2002 20:41:40 -0500GMT (19-10-02, 3:41 +0200GMT, where I live), you wrote: JA Another option is to copy the TBB file to another location. Rename JA that file to messages.uue, and open the file in winzip. You should see JA a lot of text files in it. Each text file is an email (except maybe JA the first). I know this and even tried it, but according to me it treats attachments (even html attachments) as separate files. And especially for a large folder it would be a hell of a job connecting (html-)attachments and messages back. My version of WinZip (8.0) was unable to delete specific files from the .uue and therefore I decided not to mention it. -- Groetjes, Roelof Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
Hello Jonathan, On Fri, 18 Oct 2002 20:45:53 -0500 GMT (19/10/02, 08:45 +0700 GMT), Jonathan Angliss wrote: A virus that freezes TB? I would like to know which one that is. I'd probably guess it not to be a virus, but maybe a bad encoding type or some format in the email itself that is causing it to screw up. I believe Marck offered the most logical explanation and solution. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. I wonder how much deeper would the ocean be without sponges. Message reply created with The Bat! 1.62/Beta6 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday, October 19, 2002, Roelof Otten wrote... JA Another option is to copy the TBB file to another location. JA Rename that file to messages.uue, and open the file in winzip. JA You should see a lot of text files in it. Each text file is an JA email (except maybe the first). I know this and even tried it, but according to me it treats attachments (even html attachments) as separate files. And especially for a large folder it would be a hell of a job connecting (html-)attachments and messages back. This'd only apply if you store attachments seperately. And in some cases, the HTML portion isn't an attachment, it's the only part of the message. My version of WinZip (8.0) was unable to delete specific files from the .uue and therefore I decided not to mention it. It cannot... you have to extract it (as per my instructions), delete/move offending emails, recompress the file into .zip format and inside winzip go to Actions - UUEncode. I think I put those details in my instructions Or was it late and I only thought I did? - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPbHq2CuD6BT4/R9zEQIrmACcDw10NWAxaTNAOR5RIDHDJfP96OsAn2KS JllY1SxLHbVbFEouX4TjbiFB =EvRR -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday, October 19, 2002, Thomas Fernandez wrote... A virus that freezes TB? I would like to know which one that is. I'd probably guess it not to be a virus, but maybe a bad encoding type or some format in the email itself that is causing it to screw up. I believe Marck offered the most logical explanation and solution. Indeed he did... and if there is a remote chance he is mistaken (I have no doubt he isn't), there are now plenty of options to try :) - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPbHt3yuD6BT4/R9zEQIqYACgxHbGlscHyuH4QDdfZeNm3Uql+M8AoJlT oT57oW0H956o7AIg8Xb+qhPO =1EFh -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
Hallo M.D., On Fri, 18 Oct 2002 16:39:56 -0500GMT (18-10-02, 23:39 +0200GMT, where I live), you wrote: JPCMD I have received two emails from a friend that cause TB to freeze JPCMD completely. I cannot even delete them, TB is so frozen. Once I was First thing you do is to close TB and zip both the messages.tbb and the messages.tbi files in the folder that causes TB to freeze. Since this is obviously a bug, you attach it to a mail addressed to the developers (in the menu: help - feedback - bug report) so it can be fixed in a next version. That won't help you right now, but it's a start. (Of course when that folder contains real sensitive info, you could consider not to do so, but that's up to you.) Now the cure of your problem. I'll mention a few possibilities: 1) Close TB. Run Scandisk on the drive with your message base. There could be a disk problem. When Scandisk reports errors and fixes them, try TB again and see if it is fixed. If not, no harm's done. 2) Close TB , delete the messages.tbi file, your index could be corrupt. When you start TB, it creates a new index file for the folder with a missing one. If your problem is cured, it probably had nothing to do with the e-mails from your friend. This action (deleting the messages.tbi) will cause all messages deleted after the last time you compressed that folder to show up again. (I'll explain this at the bottom of my message.) 3) The third option. This means you've got a real problem. Close TB (All my options start with that. g) Move the messages.tbb from your problem folder to a different location (move it, don't delete it, cause this is the file containing your messages) you can move the matching .tbi or delete it, that's up to you. Now start TB and the messages in the other folders can be accessed again. Now you're still missing the messages in your problem folder. OK. Copy the replaced messages.tbi to a file called messages.txt. Since the messages.tbb is in plain text, you can open it with notepad (or whatever text-editor), provided it's not to big for it. Now search for the suspect messages (new messages are appended to end of the file) and cut them from your messages.txt. Save your messages.txt as plain text!!! Create a new text file and paste your suspect messages in it, so that you have copies of them. Start TB, create a new folder in it. Close TB. Copy your messages.txt to the new folder as messages.tbb and don't forget that the messages.tbi in that folder doesn't match the .tbb, so deltete it. Start TB. If you haven't made any mistakes, you can now view the other messages. (Unless another message is the real culprit.) Copy the messages you want to keep to their folders. Now you can try the same with the two messages you've saved in the new textfile. Remember that all manual manipulations with the tbi or tbb files ought to be done with TB closed. ** Now something completely different. You asked your question by replying to a message on this list and changing the subject. You shouldn't do that, because: The Bat is able to thread messages properly, in order to see what I mean, just select the folder where you're storing the messages from this list. Go to the menu: view - view threads by - references. Now you'll see that all messages are lined up after the message to which they're first, second (or whatever) level replies to. You started what's essentially a new thread by replying to another message. That means it shows up as listed in another thread. Since people sometimes skip messages in threads they don't consider interesting (for lack of time). They might skip your message too, since they're not aware of the newly started thread. So next time you'd do yourself a favor by sending a new message in stead of a reply, because you're reaching a larger audience and one of those might have the answer you've been waiting for. ** Since I promised to explain why your deleted messages return from the dustbin after deleting the messages.tbi, here's the explanation: TB manages your messages as a database or to be more precisely: stores them in a database. This database is organized per folder. Each folder has a messages.tbb and a messages.tbi file. The real messages are stored in the messages.tbb (The Bat Base) and to shorten the access time to the messages additional info is stored in the messages.tbi (The Bat Index). This additional info can be a flag you've set to the message, the info whether you've replied to it or whether you deleted the message. Deleted? you'll say. Yes. When you delete a message, TB flags the message as deleted in the index file, but leaves it in the actual message base. That's because setting a bit in the index is faster than rewriting the full messages.tbb. In the folder menu you'll see an option 'browse deleted messages' where you can view and undelete your deleted messages. Will TB never delete messages from the messages.tbb? Yes, it can do that, but that's called 'compressing', you'll see an option 'compress' in
Re: Help with Trojan Email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi M.D., 18-Oct-2002, 16:39 -0500 (22:39 UK time) John P. Case, M.D. [JPC] in mid:803383495.20021018163956;attglobal.net said: JPC I have received two emails from a friend that cause TB to JPC freeze completely. ... snip JPC What can I do? Turn off HTML Autoview. I'm betting the mail from your friend is HTML mail and includes some either invalid or at least eccentric markup that is killing TB's HTML renderer. JPC A virus was found neither by Norton nor PCillin, both with JPC recent virus updates. No, it doesn't sound like a virus. If it turns out that the above suggestion works, you should MIME forward (Alternative forward) the offending messages to RITlabs or at least file a bug report about it. If you are unsure of how to do this, send me the MIME forwarded messages off-list and I'll submit the bug report for you. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta6 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0-nr2 (Windows 2000) iD8DBQE9sKfaOeQkq5KdzaARAqIcAKD4IHM1BAc3nrzt8I1D4G5f24PDCQCfVe2d JH9e0L2lnpvC421c51ZcOt4= =/v3I -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
Hello John, On Fri, 18 Oct 2002 16:39:56 -0500 GMT (19/10/02, 04:39 +0700 GMT), John P. Case, M.D. wrote: I have received two emails from a friend that cause TB to freeze completely. I cannot even delete them, TB is so frozen. Once I was able to restart TB and quickly change to another account and that was okay--but any time I try to return to my main account, the offending message (one of them) is highlighted and immediately freezes things. A virus that freezes TB? I would like to know which one that is. What can I do? That account has all my email in it. I have renamed it and re-formed it in order to make the account that I am sending this email to and receive tbudl, but obviously I need to be able to recover my old emails. Rename the message.tbb file for now (while TB is closed), so at least you can use TB without problems. We'll think about how you can retrieve the old mails. A virus was found neither by Norton nor PCillin, both with recent virus updates. I don't know about Norton, but PC-Cillin have a virus doctor service. Send them a copy of the .tbb file and ask them to check. However, I have a feeling something else is wrong and this is not a virus in an email. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. The most precious thing we have is life. Yet it has absolutely no trade-in value. Message reply created with The Bat! 1.62/Beta6 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, October 18, 2002, Roelof Otten wrote... JPCMD I have received two emails from a friend that cause TB to freeze JPCMD completely. I cannot even delete them, TB is so frozen. Once I was First thing you do is to close TB and zip both the messages.tbb and the messages.tbi files in the folder that causes TB to freeze. Since this is obviously a bug, you attach it to a mail addressed to the developers (in the menu: help - feedback - bug report) so it can be fixed in a next version. That won't help you right now, but it's a start. (Of course when that folder contains real sensitive info, you could consider not to do so, but that's up to you.) Another option is to copy the TBB file to another location. Rename that file to messages.uue, and open the file in winzip. You should see a lot of text files in it. Each text file is an email (except maybe the first). You can then extract the uue file to a safe location, for easy of working with, extract it to currentdir\messages\. Go into the folder, and find the offending mails, delete/move out of the messages folder. Select all the files in the folder, and create a ZIP file out of them and call it messages.zip. Then reopen the zip file in winzip and go to Actions - UUEncode. It'll ask you what file to create, let it create it as messages.uue. Go back to your folder with the problem mails in it (make sure you have TB! closed btw). Copy the TBB file to a safe location for backup, copy the messages.uue file into the offending folder, and rename to messages.tbb. You might need to delete messages.tbi... then try opening TheBat again... and in theory you *should* be back up and running again, no loss of mail (except the offenders), and if you just moved the two offending mails instead of deleting them, you can open in notepad and have a look at them... and if you've nice, send them onto RitLabs for bug testing :) - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPbC4WSuD6BT4/R9zEQJjyACePHzBNridIGojFmgMXaTf5EhxJq0AmwVw qk6zmNvlEWlEPg//CnVoxGRC =NDOU -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with Trojan Email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, October 18, 2002, Thomas Fernandez wrote... I have received two emails from a friend that cause TB to freeze completely. I cannot even delete them, TB is so frozen. Once I was able to restart TB and quickly change to another account and that was okay--but any time I try to return to my main account, the offending message (one of them) is highlighted and immediately freezes things. A virus that freezes TB? I would like to know which one that is. I'd probably guess it not to be a virus, but maybe a bad encoding type or some format in the email itself that is causing it to screw up. What can I do? That account has all my email in it. I have renamed it and re-formed it in order to make the account that I am sending this email to and receive tbudl, but obviously I need to be able to recover my old emails. Rename the message.tbb file for now (while TB is closed), so at least you can use TB without problems. We'll think about how you can retrieve the old mails. See the email I just posted... messages.tbb are uuencoded files (thanks RitLabs... makes working with them nice). Winzip and a fair few other zip utilities read uuencoded files, so you can just play about with it there :) Somebody mentioned this a while ago, just a random bit of knowledge that got stuck in my head ;) A virus was found neither by Norton nor PCillin, both with recent virus updates. I don't know about Norton, but PC-Cillin have a virus doctor service. Send them a copy of the .tbb file and ask them to check. However, I have a feeling something else is wrong and this is not a virus in an email. I'd probably send it to RitLabs before sending it to PC-Cilling because it may be something simple as a bad header, or bad content that makes TB fail a proper read of the email. - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPbC5VSuD6BT4/R9zEQJMbgCgrSc33JxO+bmHRJH0kaJzrgRExY8AoLvw Gx6QJPQ5yLcXLOmtR9HHTj9Z =JuSc -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
