Random Outlook files

This is really weird. I am getting random Micrsoft Outlook files in my music download folder. "Proceduralbrief.eml" and "religionandsociety.eml". What the hell is an .eml and where are these coming from? I don't even use Microsoft Outlook.

Virus? http://www.google.com/search?q=.eml+virus&hl=sv&lr=

/Michael

I looked over that page and i don't think its that virus.

Maybe not -THAT- virus specifically, but its behavior is consistent with one of the Nimda clones. I would seriosuly consider the possibility that you are infected.

ahh crap

Yeah, when we got hit with Nimda at work, we had TONS of those Outlook files on our machines. With funny names too like "backpack" etc. Eventually, the machines got very very slow and the hard drives filled up...

One cool thing about AntiVirus (at least Norton) is that you can scan networked drives. So, my laptop had Norton on it and I just tapped into all the infected machines via a crossover cable and started cleaning them up. It wont check the memory and registry, but it at least got these things on their feet enough to install their own AntiVirus SW.

Yeah there was some developer here at work that refused to have mcafee installed on his wks, and he also refused to use the network to save his projects and code. Well when we got hit with nimda, lets just say he got what was coming to him. We had to shut his network port, then when I sat at the computer, it was almost humorous.... it was totally screwed up - all the shortcuts were replaced - icons and dialog boxes were screwed up, etc. and those .eml files were EVERYWHERE.

I laughed at him when he asked if we could recover his projects and code. I pitched his partition into the proverbial bit bucket.

part of my job at work is to keep the AV system fully upto date. I also planned and installed it.
Believe me, if you don't have AV software install because it slows you down a bit or is slightly inconvenient then you are a danger to everyone you will ever come into contact with and a whole lot more.
I am still trapping emails being sent from joe home user PCs that are still sending out 2 year old viruses.
Not accusing anyone of anything here, but if you don't have AV installed and your machine blows up, you deserve everything that happens to you.
I will laugh all the way home ;D
Put another way, the defense that you don't use Outlook means nothing. Todays viruses have the SMTP server built in and reads its email list from your web browser cache, then happily floods the net with garbage from your pc.
Its a scary world out there boys and girls.

True. My company does not use Outlook at all. We use Lotus Notes. Yet we were hit. Even our machines that were running NT 4.0 Client (not Server) without IIS, were hit.

A few years ago I plunked down $1200 for 20 nodes/2year licence of McAfee Anti Virus Suite, which includes a monitoring/policy enforcement suite that's run on a separate server. It is the best investment I've made to date. Update files are pushed to me weekly (or sooner if there's a real baddie). It can be set up to notify other people/machines/pagers 12 ways till Sunday. The only tweak I had to do was run a registry mod (we're a Win2k shop) to limit processor use during the daily 'full machine' scans that I've required for everyone. In three years (yes, I renewed the lic's) I've not lost one file due to virus, despite hundreds of hits from every concievable source. I highly recommend it (and no, I don't work for McAfee).

-Zeke

Ironicially enough, I've never had an AV programmed installed on my main systems at home, and have had one virus, the michelangelo virus on a 5 1/4 disk without boot files, and that was many years ago. I think I was e-mailed a virus today, making that the 2ed I have ever received via e-mail at home.

Every once in a while I'll be suspicious of a virus, and use a scanner just to make sure.

To me though, the anti virus software needs to evolve soon and be able to stop new viruses before McAfee or Norton gets it, and sends out a new definition file. Honestly enough they scan for odd boot sector changes, why not odd activity on the outgoing SMTP ports and such? Otherwise, I think someone soon is going to release a nasty virus that takes advantage of more MS security holes and make Nimda look tame.

In reply to:

---

One cool thing about AntiVirus (at least Norton) is that you can scan networked drives

---

One cool thing about nimda is that it does exactly the same thing, except it goes ahead and does it to any network shares without even telling you. -)

Matthew

Ha! True! That is why simply not using Outlook didn't mean that we were safe!

Yup, so EVERYONE was right. McAfee found Nimda and to my surprise a virus called PWS-gen.hooker. What pisses me off about this PWS virus is that it said method of infection is through email attachments. I don't even get any freakin' email attachments? This virus apparantly runs a keylog program and a couple other not-so-good things. Ran McAfee a deleted a bunch of stuff so everything should be alright.

yeah, its a bitch out there now.
As I run a server at home as well, have file and email scanner running 24x7 as well as a port watcher on the firewall.
You would scare the crap out of yourself looking at all the hits on the port watcher! I log all occurences and IP address and look for patterns just in case.
Not to be too paranoid but...Any regularly connected PC, especially DSL and Cable internet folks are open doors for all kinds of attacks. Many of these attacks are not just some script kiddie but a concerted effort by external forces.
Just check out the homeland security/government perspective on hacking and viruses.

A widespread virus or worm is an effective tool against a capitalist society based on computer money. Imagine if your PC is about to be used as a stepping stone to hack into the FBI, Pentagon or Chase Manhatten.
Viruses are only the half of it.

Be careful out there people, to others, its a war.

You would scare the crap out of yourself looking at all the hits on the port watcher! I log all occurences and IP address and look for patterns just in case.

That's why I like BlackICE Defender so much. It looks at each and every one of those hits and rates it using a very accurate threat-assesment engine. Then, if you see something that makes you worried, a single click on the "advICE" button shows you details about the threat and links to all of the necessary information such as the Microsoft patch to fix the vulnerability (if any).