What
is this ~ file?
The file appearing on your desktop with the
filename ~, commonly known as a tilde, is a backup of your Windows Address
Book. It is appearing as a result of the
April 2003 Cumulative Patch for Outlook Express (330994). The patch is
installed for Outlook Express 5.5 or 6 in response to
a vulnerability that could allow an attacker to run code of the
attacker’s choice on a user’s machine. To exploit the vulnerability, an
attacker would have to be able to cause Windows to open a specially
constructed MHTML URL, either on a web site or included in an HTML email
message.
Unfortunately, there is a bug in the
patch.Whenever you make a change in your Windows Address Book file (*.wab
file), Windows makes a backup of this file. Generally this backup is called
username.wa~ , however after the patch is installed the backup gets renamed
to just ~ instead and saved in the directory where you start your Outlook
Express. Most of the time, people start Outlook Express from a shortcut on
their desktop, so the backup file gets placed there. This is how the tilde
(~) file arrives on your desktop.
Is the File a Virus and will
Spyware or Anti-virus Utilities Find it?
Because the file is simply a backup of your
Windows Address Book, spyware searching utilities or anti-virus products
wont flag it as anything suspicious.
Can I Delete the ~ File?
The simple answer is yes, the file can be
deleted. However if it is deleted, you wont have a backup of your Windows
Address Book if a virus or something else corrupts it or you accidentally
delete the information in the address book. So I wouldnt necessarily delete
the file without backing it up first. Personally, here are the steps I would
take to remain safe in case you need the file again.
- Right click on the file and choose Rename
- Type in a name for the file and add the .wab
extension to it
For Example, you might want to rename it to addressbook.wab or something
similar
- Now, put a blank, formatted floppy disk in
your floppy drive and right-click on the newly named file
- Choose Send To,
Floppy Drive (most likely A)
- Now the file is backed up in case of
emergency, right-click on the file on your desktop and choose Delete
Each time you make a change to your address
book, this file will reappear so its a good idea to keep that floppy drive
around and make a backup each time you make changes. This protects you from
losing valuable email addresses in case of a disaster.
An alternative to this would be to change the
Start in option for Outlook Express. This has been suggested by a few
visitors and works well.
- Find the shortcut to Outlook Express and
right-click on it
- Click on Properties
- Make sure Read-only is unchecked on the
General tab
- Click on the Shortcut tab
- In the "Start In" field, change it to an
alternative path where the tilde file will appear, for example C:\
- Click on Apply
Is There a Patch to fix this?
Although Microsoft has indicated that it knows
about this problem and intends to make a patch available, they have not
released one yet, as of July 2003.
Can I uninstall the April 2003
patch to fix it?
Yes, you can uninstall the patch, this will fix
the tilde (~) file from appearing, however you will not be protected from
this security vulnerability either. If you want to uninstall the April 2003
(330994) patch,
simply visit this link and follow the uninstall directions. Although I
wouldn't advise anyone doing this. |