Trend Micro Housecall 8ball.txt file
Posted 12 October 2007 - 02:13 AM
I've also found a configuration file in the Housecall temp folder, called local.conf, which contains the following lines (abbreviated here):
#Housecall Local Client Configuration
#Thu Oct 11 20:29:27 CEST 2007
I have scanned the computers with Spyware Doctor, F-secure, Ad-aware, used HijackThis - all report the computers to be clean and free of spyware and viruses.
I have searced the net trying to find out if anyone has experienced the same thing, and if anyone knows what the 8ball.txt file is and what it does. I have also contacted Trend Micro and am currently waiting for an answer from them.
Has anybody experienced the same as me?
Posted 05 November 2007 - 04:03 AM
i don't recall the details of how i acquired it.
my files are from April of 2007.
it doesn't seem to have actively done anything since that time,
nor does it seem to be malicious.
i just discovered it in my Documents and Settings folder and found you and this forum by searching for items contained in my file 8ball.txt
Posted 26 November 2007 - 09:26 PM
After using Trend Micro Housecall (java online scanner) to remove spyware/malware from two computers, I noticed that it had placed a file called 8ball.txt on my computers, in the temporary scan folder it creates for the scan. In the 8ball.txt file, there are 9 occurances of (seemingly random) email addresses. An example of the contents of the file:
Has anybody experienced the same as me?
Yep. Me too. I was picking through my BF's laptop trying to discover why it's been acting funny and this was just one file I noticed that looked peculiar. I am so very curious as to what it's for and why the different email addresses and mailto's in the file. I got an account here just to tell you that and to say I appreciated your postong it so hopefully we can get some insight.
I googled "8ball.txt" and thankfully your post came up. Unfortunately I can find not one thing on it elsewhere.
I would post the entire contents here but I'm on my computer now.
Posted 26 November 2007 - 09:36 PM
Helpful link: SpywareBlaster...
MS MVP 2006 and ASAP Member since 2004
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
Posted 30 November 2007 - 12:06 PM
To be certain of my case, I have tested Housecall on 3 separate computers, all with the same result (now formatted and reinstalled post-Housecall). On each computer, I find an 8ball.txt file, with the same date and timestamp as the Housecall scan. The 8ball.txt file also is the same on all 3 computers. To me, that seems to indicate that the Housecall scan is the source of the 8ball.txt file.
I would recommend that people who experience this problem, report it to TrendMicro. Perhaps there is an explanation for the file? But until then, maybe we could escalate the problem solving if more people report the same problem?
TrendMicro, and Housecall, is recommended on a variaty of spyware sites - and I think it probably would be a good scan to run - as long as we can trust that the scan does what is says it does. We should be able to trust TrendMicro with this scan?
Until my support case is solved, with a reasonable explanation - no more Housecall for me. Had I found the 8ball.txt file on my computer, and not in the TrendMicro folder - I would be pretty sure it was some sort of spyware. My only cause for (momentary) non-panic is because TrendMicro is a large company who relies on it's reputation as an anti-spyware internet-security company. They would not risk damage to their reputation due to, say, an infected server.
Worse things have happened before, I'm sure, but please - if anyone has experienced the same as me: register a case with TrendMicro so as to set some focus on this. I'm sure Housecall is a great tool - but we need to be able to trust the spyware-removal tool to not do unexpected things.
Posted 21 January 2008 - 11:37 AM
EDIT:I just noticed that the partial 8ball.txt eth posted is verbatim for mine- at least as far as the first three lines go.
Edited by tantrix, 21 January 2008 - 11:49 AM.