Greetings, A couple of days ago I installed Worm Guard and when I went to do a XP SYstem Restore WG saw and did not like script file mzo. I quarantined file and when I went to do restore w/GoBack all the history had gone byby. Is mzo cool or not and does anyone have any feedback? ... thanks
Hi Sealander, i'm not familiar with your script file mzo, hope others are. There sounds some vague alarm but not sure if this is related. Is this one file or a program? In case a file, zip it and send it in to support for advice please, support@diamondcs.com.au How can all history have gone, did you run the file otr whatever it was? Did you check it first in the safe mode for the alerts? Which was the alarm? Did you scan it with other scanners, TDS perhaps? Double extensions of an executable?
MZ is the start of an executable. Please simply click ALWAYS Allow for this particular file, and you wont see the alarms anymore This is normal
If you are seeing the "script" when viewing it safely, and you see MZ... then it is an EXE file. MO... would not be an EXE file no, so they are different. MO isnt any known script either, most likely a TEXT file = harmless
Thank you Gavin but being a Newbie I am still not clear on this. The file that I also found with WG was not mz nor mo. It was script file mzo. On the WG dialog box it read 'Script File MZO'.
Hi Rainwalker, i think i asked you a few postings above to send it to Gavin for investigation, as it's not clear what have it seems. Ans please keep us updated!
When Gavin said "MZ is the start of an executable" file, he meant just the first two characters in the file. However, if you look at the third character in an EXE file, it looks a bit like an O (oh), but it's actually not. See hex dump image (below) and notice the first three characters. If the file you were alerted on started with "MZ[]" (closest thing to a box I could post here) then most likely it was an executable file. I agree with Jooske, sending the file in question to Gavin is probably best.