Worm Guard/GoBack/XP Restore

Sealander · May 17, 2003

Greetings,
A couple of days ago I installed Worm Guard and when I went to do a XP SYstem Restore WG saw and did not like script file mzo. I quarantined file and when I went to do restore w/GoBack all the history had gone byby. Is mzo cool or not and does anyone have any feedback? ... thanks

Jooske · May 17, 2003

Hi Sealander,
i'm not familiar with your script file mzo, hope others are. There sounds some vague alarm but not sure if this is related. Is this one file or a program? In case a file, zip it and send it in to support for advice please, support@diamondcs.com.au
How can all history have gone, did you run the file otr whatever it was? Did you check it first in the safe mode for the alerts? Which was the alarm?
Did you scan it with other scanners, TDS perhaps? Double extensions of an executable?

Gavin - DiamondCS · May 17, 2003

MZ is the start of an executable.

Please simply click ALWAYS Allow for this particular file, and you wont see the alarms anymore This is normal

Rainwalker · May 18, 2003

Is an mo file the same as an mzo file ?

Gavin - DiamondCS · May 19, 2003

If you are seeing the "script" when viewing it safely, and you see MZ... then it is an EXE file.

MO... would not be an EXE file no, so they are different. MO isnt any known script either, most likely a TEXT file = harmless

Rainwalker · May 19, 2003

Thank you Gavin but being a Newbie I am still not clear on this. The file that I also found with WG was not mz nor mo. It was script file mzo. On the WG dialog box it read 'Script File MZO'.

Jooske · May 19, 2003

Hi Rainwalker,
i think i asked you a few postings above to send it to Gavin for investigation, as it's not clear what have it seems.
Ans please keep us updated!

LowWaterMark · May 19, 2003

quoting: Rainwalker link=board=6;threadid=9316;start=0#msg61498 date=1053360412]Thank you Gavin but being a Newbie I am still not clear on this. The file that I also found with WG was not mz nor mo. It was script file mzo. On the WG dialog box it read 'Script File MZO'.
Click to expand...

When Gavin said "MZ is the start of an executable" file, he meant just the first two characters in the file. However, if you look at the third character in an EXE file, it looks a bit like an O (oh), but it's actually not. See hex dump image (below) and notice the first three characters.

If the file you were alerted on started with "MZ[]" (closest thing to a box I could post here) then most likely it was an executable file. I agree with Jooske, sending the file in question to Gavin is probably best.

Rainwalker · May 19, 2003

Thank you for your time and help. That clears it up.

Log in or Sign up

Worm Guard/GoBack/XP Restore

Sealander Guest

Jooske Registered Member

Gavin - DiamondCS Former DCS Moderator

Rainwalker Registered Member

Gavin - DiamondCS Former DCS Moderator

Rainwalker Registered Member

Jooske Registered Member

LowWaterMark Administrator

Attached Files:

exefile-hexdump-lwm.gif

Rainwalker Registered Member

Log in or Sign up

Worm Guard/GoBack/XP Restore

Sealander Guest

Jooske Registered Member

Gavin - DiamondCS Former DCS Moderator

Rainwalker Registered Member

Gavin - DiamondCS Former DCS Moderator

Rainwalker Registered Member

Jooske Registered Member

LowWaterMark Administrator

Attached Files:

exefile-hexdump-lwm.gif

Rainwalker Registered Member

Useful Searches