Jump to content


Photo

Trend Micro Housecall 8ball.txt file


  • Please log in to reply
5 replies to this topic

#1 eth

eth

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 12 October 2007 - 02:13 AM

After using Trend Micro Housecall (java online scanner) to remove spyware/malware from two computers, I noticed that it had placed a file called 8ball.txt on my computers, in the temporary scan folder it creates for the scan. In the 8ball.txt file, there are 9 occurances of (seemingly random) email addresses. An example of the contents of the file:

%%+
="mailto:info@cnnweek.com">?e/eE'ZJj^4^oJ-RJY)et#T_#gGabcotRQ>WJSsl*P2T]=jd(L?PiMT#u"/V.M&2-5s$=5
%o:=NEFAimYbTtpS:@'cH2k5_iB'b3s[Mmd+45'sVYIQdN#d=^-]F/ELjuq)9INoVuh.4H$1QE>n"TK)2dfK.em[kT\rf0g)2X2j<
%3X`jNJY="mailto:michael@ebayupdater.net">mRgCB;16jN6-\SqW#6D;c?jT%sX14HGkT2K4'Hdt]sUV"KE7aAbJpB74d`]

I've also found a configuration file in the Housecall temp folder, called local.conf, which contains the following lines (abbreviated here):

#Housecall Local Client Configuration
#Thu Oct 11 20:29:27 CEST 2007
Package.lib-jni-engine-common=6.51.1000
Package.8ball-pattern=6.51.1000

I have scanned the computers with Spyware Doctor, F-secure, Ad-aware, used HijackThis - all report the computers to be clean and free of spyware and viruses.

I have searced the net trying to find out if anyone has experienced the same thing, and if anyone knows what the 8ball.txt file is and what it does. I have also contacted Trend Micro and am currently waiting for an answer from them.

Has anybody experienced the same as me?

#2 unboy

unboy

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 November 2007 - 04:03 AM

i also have that file with similar contents.
i don't recall the details of how i acquired it.
my files are from April of 2007.
it doesn't seem to have actively done anything since that time,
nor does it seem to be malicious.

i just discovered it in my Documents and Settings folder and found you and this forum by searching for items contained in my file 8ball.txt


#3 LivingSamsara

LivingSamsara

    Member

  • New Member
  • Pip
  • 1 posts

Posted 26 November 2007 - 09:26 PM

After using Trend Micro Housecall (java online scanner) to remove spyware/malware from two computers, I noticed that it had placed a file called 8ball.txt on my computers, in the temporary scan folder it creates for the scan. In the 8ball.txt file, there are 9 occurances of (seemingly random) email addresses. An example of the contents of the file:

%%+
="mailto:info@cnnweek.com">?e/eE'ZJj^4^oJ-RJY)et#T_#gGabcotRQ>WJSsl*P2T]=jd(L?PiMT#u"/V.M&2-5s$=5
%o:=NEFAimYbTtpS:@'cH2k5_iB'b3s[Mmd+45'sVYIQdN#d=^-]F/ELjuq)9INoVuh.4H$1QE>n"TK)2dfK.em[kT\rf0g)2X2j<
%3X`jNJY="mailto:michael@ebayupdater.net">mRgCB;16jN6-\SqW#6D;c?jT%sX14HGkT2K4'Hdt]sUV"KE7aAbJpB74d`]
[...]
Has anybody experienced the same as me?


Yep. Me too. I was picking through my BF's laptop trying to discover why it's been acting funny and this was just one file I noticed that looked peculiar. I am so very curious as to what it's for and why the different email addresses and mailto's in the file. I got an account here just to tell you that and to say I appreciated your postong it so hopefully we can get some insight.

I googled "8ball.txt" and thankfully your post came up. Unfortunately I can find not one thing on it elsewhere.

I would post the entire contents here but I'm on my computer now.

Idea
:!:

Maybe next thing I'll do is extract all the email addresses from the file and visit the domains and see if there is a common denominator among them. And since now I have an account here I can post back anything I notice.


#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,466 posts

Posted 26 November 2007 - 09:36 PM

I suggest you ask TrendMicro rather than visiting those domains... Those are likely to be a record of bad items found in your computers... TrendMicro should be able to tell you...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 eth

eth

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 30 November 2007 - 12:06 PM

I registered a case with TrendMicro on October 11, and they have still not found out what is happening. My support case is "pending" and they are working on an answer, but so far I have not recieved more than a case number.

To be certain of my case, I have tested Housecall on 3 separate computers, all with the same result (now formatted and reinstalled post-Housecall). On each computer, I find an 8ball.txt file, with the same date and timestamp as the Housecall scan. The 8ball.txt file also is the same on all 3 computers. To me, that seems to indicate that the Housecall scan is the source of the 8ball.txt file.

I would recommend that people who experience this problem, report it to TrendMicro. Perhaps there is an explanation for the file? But until then, maybe we could escalate the problem solving if more people report the same problem?

TrendMicro, and Housecall, is recommended on a variaty of spyware sites - and I think it probably would be a good scan to run - as long as we can trust that the scan does what is says it does. We should be able to trust TrendMicro with this scan?

Until my support case is solved, with a reasonable explanation - no more Housecall for me. Had I found the 8ball.txt file on my computer, and not in the TrendMicro folder - I would be pretty sure it was some sort of spyware. My only cause for (momentary) non-panic is because TrendMicro is a large company who relies on it's reputation as an anti-spyware internet-security company. They would not risk damage to their reputation due to, say, an infected server.

I hope.

Worse things have happened before, I'm sure, but please - if anyone has experienced the same as me: register a case with TrendMicro so as to set some focus on this. I'm sure Housecall is a great tool - but we need to be able to trust the spyware-removal tool to not do unexpected things.

#6 tantrix

tantrix

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 21 January 2008 - 11:37 AM

I had this file too and have also contacted Trendmicro with no response amounting to anything and was wondering if anyone has gotten a response and answer about this?

EDIT:I just noticed that the partial 8ball.txt eth posted is verbatim for mine- at least as far as the first three lines go.

Edited by tantrix, 21 January 2008 - 11:49 AM.

Posted Image




Member of UNITE
Support SpywareInfo Forum - click the button