The file appearing on your desktop with the
filename ~, commonly known as a tilde, is a backup of your Windows
Address Book. It is appearing as a result of the April
2003 Cumulative Patch for Outlook Express (330994). The patch
is installed for Outlook Express 5.5 or 6 in response to a
vulnerability that could allow an attacker to run code of the
attacker’s choice on a user’s machine. To exploit
the vulnerability, an attacker would have to be able to cause Windows
to open a specially constructed MHTML URL, either on a web site or
included in an HTML email message.
Unfortunately,
there is a bug in the patch.Whenever you make a change in your Windows
Address Book file (*.wab file), Windows makes a backup of this file.
Generally this backup is called username.wa~ , however after the patch
is installed the backup gets renamed to just ~ instead and saved in the
directory where you start your Outlook Express. Most of the time,
people start Outlook Express from a shortcut on their desktop, so the
backup file gets placed there. This is how the tilde (~) file arrives
on your desktop.
Is the File a Virus and will Spyware or Anti-virus Utilities Find it?
Because the
file is simply a backup of your Windows Address Book, spyware searching
utilities or anti-virus products wont flag it as anything suspicious.
Can I Delete the ~ File?
The simple
answer is yes, the file can be deleted. However if it is deleted, you
wont have a backup of your Windows Address Book if a virus or something
else corrupts it or you accidentally delete the information in the
address book. So I wouldnt necessarily delete the file without backing
it up first. Personally, here are the steps I would take to remain safe
in case you need the file again.
Each time
you make a change to your address book, this file will reappear so its
a good idea to keep that floppy drive around and make a backup each
time you make changes. This protects you from losing valuable email
addresses in case of a disaster.
An
alternative to this would be to change the Start in option for Outlook
Express. This has been suggested by a few visitors and works well.
Is There a Patch to fix this?
Although
Microsoft has indicated that it knows about this problem and intends to
make a patch available, they have not released one yet, as of July 2003.
UPDATE:
Finally, in June 2004, Microsoft has released a hotfix for this issue. Visit
this link for more information about this
problem and a solution for it.
Can I uninstall the April 2003 patch to fix it?
Yes, you
can uninstall the patch, this will fix the tilde (~) file from
appearing, however you will not be protected from this security
vulnerability either. If you want to uninstall the April 2003 (330994)
patch, simply
visit this link and follow the uninstall directions. Although
I wouldn't advise anyone doing this.
filename ~, commonly known as a tilde, is a backup of your Windows
Address Book. It is appearing as a result of the April
2003 Cumulative Patch for Outlook Express (330994). The patch
is installed for Outlook Express 5.5 or 6 in response to a
vulnerability that could allow an attacker to run code of the
attacker’s choice on a user’s machine. To exploit
the vulnerability, an attacker would have to be able to cause Windows
to open a specially constructed MHTML URL, either on a web site or
included in an HTML email message.
Unfortunately,
there is a bug in the patch.Whenever you make a change in your Windows
Address Book file (*.wab file), Windows makes a backup of this file.
Generally this backup is called username.wa~ , however after the patch
is installed the backup gets renamed to just ~ instead and saved in the
directory where you start your Outlook Express. Most of the time,
people start Outlook Express from a shortcut on their desktop, so the
backup file gets placed there. This is how the tilde (~) file arrives
on your desktop.
Is the File a Virus and will Spyware or Anti-virus Utilities Find it?
Because the
file is simply a backup of your Windows Address Book, spyware searching
utilities or anti-virus products wont flag it as anything suspicious.
Can I Delete the ~ File?
The simple
answer is yes, the file can be deleted. However if it is deleted, you
wont have a backup of your Windows Address Book if a virus or something
else corrupts it or you accidentally delete the information in the
address book. So I wouldnt necessarily delete the file without backing
it up first. Personally, here are the steps I would take to remain safe
in case you need the file again.
- Right
click on the file and choose Rename
- Type in
a name for the file and add the .wab extension to it
For Example, you might want to rename it to addressbook.wab or
something similar
- Now, put
a blank, formatted floppy disk in your floppy drive and right-click on
the newly named file
- Choose Send
To, Floppy Drive (most
likely A)
- Now the
file is backed up in case of emergency, right-click on the file on your
desktop and choose Delete
Each time
you make a change to your address book, this file will reappear so its
a good idea to keep that floppy drive around and make a backup each
time you make changes. This protects you from losing valuable email
addresses in case of a disaster.
An
alternative to this would be to change the Start in option for Outlook
Express. This has been suggested by a few visitors and works well.
- Find the
shortcut to Outlook Express and right-click on it - Click on
Properties - Make
sure Read-only is unchecked on the General tab - Click on
the Shortcut tab - In the
"Start In" field, change it to an alternative path where the tilde file
will appear, for example C:\ - Click on
Apply
Is There a Patch to fix this?
Although
Microsoft has indicated that it knows about this problem and intends to
make a patch available, they have not released one yet, as of July 2003.
UPDATE:
Finally, in June 2004, Microsoft has released a hotfix for this issue. Visit
this link for more information about this
problem and a solution for it.
Can I uninstall the April 2003 patch to fix it?
Yes, you
can uninstall the patch, this will fix the tilde (~) file from
appearing, however you will not be protected from this security
vulnerability either. If you want to uninstall the April 2003 (330994)
patch, simply
visit this link and follow the uninstall directions. Although
I wouldn't advise anyone doing this.