Suspicious email

Discussion in 'NOD32 version 2 Forum' started by Hod, Dec 26, 2003.

Thread Status:
Not open for further replies.
  1. Hod

    Hod Registered Member

    Dec 1, 2003
    I've received this email today:

    "Warning: This message has had one or more attachments removed
    Warning: (gzhbptqa.exe, msg-26136-143.html).
    Warning: Please read the "" attachment(s) for more information."

    It looks highly suspicious but wasn't marked as a virus by NOD.

    Has anyone else had this?
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    What does the attached text file "" actually say? Does it have more information?

    If this warning (and the removal of the infected pieces) occurred at your ISP or somewhere else prior to the email reaching your system, then that email is not infected so NOD won't warn you about it. It was already cleaned elsewhere.
  3. Hod

    Hod Registered Member

    Dec 1, 2003
    You are right.

    The Message Source includes this:

    "This is a message from the MailScanner E-Mail Virus Protection Service
    The original e-mail attachment "gzhbptqa.exe"
    was believed to be infected by a virus and has been replaced by this warning

    If you wish to receive a copy of the *infected* attachment, please
    e-mail helpdesk and include the whole of this message
    in your request. Alternatively, you can call them, with
    the contents of this message to hand when you call.

    At Fri Dec 26 09:42:25 2003 the virus scanner said:
    SophosSAVI: gzhbptqa.exe was infected by W32/Gibe-F
    F-Prot: gzhbptqa.exe Infection: W32/Swen.A@mm

    Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quaran=
    tine/20031226 (message hBQ1adC8001303).
    MailScanner thanks transtec Computers for their support"

    Nice to know there are some guardian angels about!
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.