Results 1 to 8 of 8
  1. #1
    Shortstop
    Guest

    Default Help! Mysterious emails

    I have had 2 mysterious emails, about 3 hours apart. The first, from a sender unknown to me, had no address; a message about stories for someone called Barbara and a large attachment. The second was from a person known to me; addressed to "undisclosed recipients" and contained part of a FW message that was Fwed to me in July. It also had a large attachment. I should have looked at the attachments more closely but I think the files were .wls.

    I've deleted both emails - have I got a problem?

  2. #2
    Jen C
    Guest

    Default Re: Help! Mysterious emails

    Hi, I don't know what .wls extension belongs to but there is a nasty virus going around at the moment. Nortons and AVG have released new updates so download them and run your antiviral software to make sure nothing is on the loose.

    With OE, it is best not to have the preview pane open, as some viruses can open and run by just viewing the email with the preview pane.

  3. #3
    Billy T
    Guest

    Default Re: Help! Mysterious emails

    Hi Shortstop

    I was just about to post a similar query (see new post about to appear above) as i have received two strange emails out of the blue today too.

    Only one of my two had an attachment vbut ZoneAlarm quarantined it as suspicious because it was a filename.doc.xxx which suggests a virus.

    Right click the message in your inbox and click options, then see if they come from the same Ihug server as mine. I also have nothing in the "To" field.

    Cheers

    Billy 8-{)

    Quite mysterious

  4. #4
    Davesdad
    Guest

    Default Re: Help! Mysterious emails

    Could be the new Bugbear virus. Here is the alert from MyE-Trust

    ************************

    Virus Alert Notification

    Win32.Bugbear
    Alias: WORM_NATOSTA.A, Worm/Tanatos
    Category: Win32
    Type: Worm

    CHARACTERISTICS
    Win32.Bugbear is an e-mail worm written in MSVC.

    The worm arrives attached to an e-mail. It appears to get the attachment name from files on the infected system. Therefore, the attachment name is unpredictable. The telltale sign is the double extension. The second extension can be pif, exe or scr. The file size is 50,688 bytes (UPX packed).

    The message appears to be an existing message taken from the infected system, then replied to or re-sent with the worm attached.

    To ensure the executable component of the worm will be run when Windows restarts, the worm drops a copy of itself to the current user's startup folder with a random filename starting with the letter C, for example "CGK.EXE". A second copy is dropped to the system directory, with a filename starting with letter F, for example "FCMY.EXE". The following registry key is then created and points to this copy:

    "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersion\RunOnce"

    The name of the key value starts with letter T followed by two randomly generated letters, for example "TSE".

    Three files are dropped into the system directory by the worm with random names which will each have a .DLL extension. Two of them are data files, the other is a key logging trojan. In addition, two other data files with random names and .DAT extensions are dropped to the Windows directory.

    The worm regularly searches and terminates the following Antivirus/Firewall processes if they are found in memory:

    ZONEALARM.EXE
    WFINDV32.EXE
    WEBSCANX.EXE
    VSSTAT.EXE
    VSHWIN32.EXE
    VSECOMR.EXE
    VSCAN40.EXE
    VETTRAY.EXE
    VET95.EXE
    TDS2-NT.EXE
    TDS2-98.EXE
    TCA.EXE
    TBSCAN.EXE
    SWEEP95.EXE
    SPHINX.EXE
    SMC.EXE
    SERV95.EXE
    SCRSCAN.EXE
    SCANPM.EXE
    SCAN95.EXE
    SCAN32.EXE
    SAFEWEB.EXE
    RESCUE.EXE
    RAV7WIN.EXE
    RAV7.EXE
    PERSFW.EXE
    PCFWALLICON.EXE
    PCCWIN98.EXE
    PAVW.EXE
    PAVSCHED.EXE
    PAVCL.EXE
    PADMIN.EXE
    OUTPOST.EXE
    NVC95.EXE
    NUPGRADE.EXE
    NORMIST.EXE
    NMAIN.EXE
    NISUM.EXE
    NAVWNT.EXE
    NAVW32.EXE
    NAVNT.EXE
    NAVLU32.EXE
    NAVAPW32.EXE
    N32SCANW.EXE
    MPFTRAY.EXE
    MOOLIVE.EXE
    LUALL.EXE
    LOOKOUT.EXE
    LOCKDOWN2000.EXE
    JEDI.EXE
    IOMON98.EXE
    IFACE.EXE
    ICSUPPNT.EXE
    ICSUPP95.EXE
    ICMON.EXE
    ICLOADNT.EXE
    ICLOAD95.EXE
    IBMAVSP.EXE
    IBMASN.EXE
    IAMSERV.EXE
    IAMAPP.EXE
    FRW.EXE
    FPROT.EXE
    FP-WIN.EXE
    FINDVIRU.EXE
    F-STOPW.EXE
    F-PROT95.EXE
    F-PROT.EXE
    F-AGNT95.EXE
    ESPWATCH.EXE
    ESAFE.EXE
    ECENGINE.EXE
    DVP95_0.EXE
    DVP95.EXE
    CLEANER3.EXE
    CLEANER.EXE
    CLAW95CF.EXE
    CLAW95.EXE
    CFINET32.EXE
    CFINET.EXE
    CFIAUDIT.EXE
    CFIADMIN.EXE
    BLACKICE.EXE
    BLACKD.EXE
    AVWUPD32.EXE
    AVWIN95.EXE
    AVSCHED32.EXE
    AVPUPD.EXE
    AVPTC32.EXE
    AVPM.EXE
    AVPDOS32.EXE
    AVPCC.EXE
    AVP32.EXE
    AVP.EXE
    AVNT.EXE
    AVKSERV.EXE
    AVGCTRL.EXE
    AVE32.EXE
    AVCONSOL.EXE
    AUTODOWN.EXE
    APVXDWIN.EXE
    ANTI-TROJAN.EXE
    ACKWIN32.EXE
    _AVPM.EXE
    _AVPCC.EXE
    _AVP32.EXE


    It also enumerates network shares and listens on TCP port 36794.

    Analysis by Hamish O'Dea



  5. #5
    Pauline
    Guest

    Default Re: Help! Mysterious emails

    I had a strange one too. It came into my Hotmail accc. It was from Support USA & had an attachment with a double ext & it was addressed to Ken Love & it contained what looked like passwords. I did not open the attachment. Some queer stuff is going on or maybe I have just been lucky up till now, who knows.
    Pauline.

  6. #6
    godfather
    Guest

    Default Re: Help! Mysterious emails

    Yes, me too. Was Bugbear, but I updated my definitions this morning.

  7. #7
    Billy T
    Guest

    Default Re: Help! Mysterious emails

    Hmmm

    My second odd email did not have any attachment, and the first was quarantined by ZA and remains unopened. That maybe differentiates my problem from the new virus, and I've done a manual check and there are no new exe's on my C: drive (that is, assuming that the virus installs the exe with a reasonably current date, like after 2000.

    Curiouser and curiouser ?:|

    Cheers

    Billy 8-{)

  8. #8
    Shortstop
    Guest

    Default Re: Help! Mysterious emails

    Further to my first post, I then launched NAV which fluttered feebly; said Auto Protect wasn't enabled; wouldn't enable it; wouldn't run a Virus scan and kept disappearing. So back to trusty System Restore; NAV back in control; updated Definitions and hopefully Bugbear's been swatted.
    Cheers

Similar Threads

  1. Mysterious & Unknown
    By ramu in forum PressF1
    Replies: 3
    Last Post: 03-04-2007, 07:11 PM
  2. Mysterious reboot
    By Greg in forum PressF1
    Replies: 7
    Last Post: 12-09-2006, 01:27 PM
  3. Mysterious 404
    By george12 in forum PressF1
    Replies: 14
    Last Post: 19-01-2005, 04:27 PM
  4. Replies: 5
    Last Post: 15-02-2002, 04:32 PM
  5. mysterious reboots
    By in forum PressF1
    Replies: 1
    Last Post: 10-02-2002, 11:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •