email | 403.809.1176    

TOMAX7 - DIGITAL SMILES
"making learning fun again"

The file appearing on your desktop with the filename ~, commonly known as a tilde, is a backup of your Windows Address Book. It is appearing as a result of the April 2003 Cumulative Patch for Outlook Express (330994). The patch is installed for Outlook Express 5.5 or 6 in response to a vulnerability that could allow an attacker to run code of the attacker’s choice on a user’s machine. To exploit the vulnerability, an attacker would have to be able to cause Windows to open a specially constructed MHTML URL, either on a web site or included in an HTML email message.

Unfortunately, there is a bug in the patch.Whenever you make a change in your Windows Address Book file (*.wab file), Windows makes a backup of this file. Generally this backup is called username.wa~ , however after the patch is installed the backup gets renamed to just ~ instead and saved in the directory where you start your Outlook Express. Most of the time, people start Outlook Express from a shortcut on their desktop, so the backup file gets placed there. This is how the tilde (~) file arrives on your desktop.

Is the File a Virus and will Spyware or Anti-virus Utilities Find it?

Because the file is simply a backup of your Windows Address Book, spyware searching utilities or anti-virus products wont flag it as anything suspicious.

Can I Delete the ~ File?

The simple answer is yes, the file can be deleted. However if it is deleted, you wont have a backup of your Windows Address Book if a virus or something else corrupts it or you accidentally delete the information in the address book. So I wouldnt necessarily delete the file without backing it up first. Personally, here are the steps I would take to remain safe in case you need the file again.

1. Right click on the file and choose Rename
    
2. Type in a name for the file and add the .wab extension to it
   For Example, you might want to rename it to addressbook.wab or something similar
    
3. Now, put a blank, formatted floppy disk in your floppy drive and right-click on the newly named file
    
4. Choose Send To, Floppy Drive (most likely A)
    
5. Now the file is backed up in case of emergency, right-click on the file on your desktop and choose Delete

Each time you make a change to your address book, this file will reappear so its a good idea to keep that floppy drive around and make a backup each time you make changes. This protects you from losing valuable email addresses in case of a disaster.

An alternative to this would be to change the Start in option for Outlook Express. This has been suggested by a few visitors and works well.

• Find the shortcut to Outlook Express and right-click on it
• Click on Properties
• Make sure Read-only is unchecked on the General tab
• Click on the Shortcut tab
• In the "Start In" field, change it to an alternative path where the tilde file will appear, for example C:\
• Click on Apply

Is There a Patch to fix this?

Although Microsoft has indicated that it knows about this problem and intends to make a patch available, they have not released one yet, as of July 2003. 

Can I uninstall the April 2003 patch to fix it?

Yes, you can uninstall the patch, this will fix the tilde (~) file from appearing, however you will not be protected from this security vulnerability either. If you want to uninstall the April 2003 (330994) patch, simply visit this link and follow the uninstall directions. Although I wouldn't advise anyone doing this.