SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru
    Join Date
    Oct 1999
    Location
    New York, NY
    Posts
    826
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    email attachment

    Hi --

    I just received an email sent to my biz web email web address from a sender I've never seen before (it says from "Int'l Affairs") with an attachment.

    I have no intention of opening the attachment, which contain 2 files: Basic Agmt.doc.bat and ATT00003.txt. They immediately looked suspicious and I just wanted to know what they could be. What is a .bat file? Is there any danger on my end from having just read the email?

    Thanks.

    Josh

  2. #2
    SitePoint Wizard silver trophy
    beley's Avatar
    Join Date
    May 2001
    Location
    LaGrange, Georgia
    Posts
    6,117
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    The last time I got a word file with a ".bat" extention added it was a VIRUS (we have Norton Corporate Edition) - It automatically quarantined the email (before I got it) and send me an email from the server with all the info. I would suggest that you delete the email.

  3. #3
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would think that you are not in danger unless you run the .bat file. This is a batch file. If you save the attatchment to disk and then open notepad and open the file you can see what it is. Do not double click on the file.

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  4. #4
    SitePoint Guru
    Join Date
    Oct 1999
    Location
    New York, NY
    Posts
    826
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the input. Like I said, everything about the email is suspicious and I have no intention of opening them! Just FYI, here is what the body of the email says, word for word:

    << Hi! How are you?

    I send you this file in order to have your advice

    See you later. Thanks >>

    It reeks of suspicioun! Do you think I should hit reply and write something back to this evil sender??

    Josh

  5. #5
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, then they would have your email address!

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  6. #6
    SitePoint Zealot
    Join Date
    Mar 2001
    Location
    Southeast US
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That is most likely the Sircam Worm. WHAT EVER YOU DO DO NOT CLICK ON IT. Delete it then delete it from your computer. Look at another message in this forum beginning AHHH! Virus. Read this to find out about itl Also put it in the other thread. If there is any chance that you have the worm, and you are on a network, you should quaranteen your computer.

    http://www.symantec.com/avcenter/ven...m.worm@mm.html

  7. #7
    SitePoint Guru
    Join Date
    Oct 1999
    Location
    New York, NY
    Posts
    826
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Holy Moly!

    Allie,

    That symatec link informed me that it was (as I suspected!) that worm virus! Read this section of the symantec site:

    << This worm arrives as an email message with the following content:

    Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email.
    Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

    First line: Hi! How are you?
    Last line: See you later. Thanks >>

    And as you can see from my earlier post, that's exactly what I received!

    How do I know if I am in current danger? Here were my exact actions to this point regarding it. In Outlook 2000, I received the email, read it, and ignored the attachments. I then deleted the email and closed Outlook so it can permanently delete my deleted emails. Am I now safe? How can I tell? If not, what exactly is "quaranteening my computer?!"

    Thanks for all your input!

    Josh

  8. #8
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Holy Moly!

    Originally posted by JCary
    Allie,If not, what exactly is "quaranteening my computer?!"
    Quaranteening is when you cut your computer off from all others, either on a network or on the Internet (the biggest network), to stop the spread of the virus.

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  9. #9
    SitePoint Zealot
    Join Date
    Mar 2001
    Location
    Southeast US
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You will need to carefully delete the message from Outlook, then (very important) also delete it from your deleted messages file. You should be safe in doing this. But what ever you do, be careful not to click on the attachment. Delete the message from your Outlook inbox, then delete the same message from your deleted messages file to permanently delete the message. You should be safe as long as you do not click on the attachment. Also beware of receiving this again. If you received it from someone you know who unknowingly sent it to someone else they/you know, it could be sent to you again. I have found this to be the case more than once. If you receive it again, just follow the above instructions. Just to be safe, I would update my antivirus definitions and do a scan afterward.

    Funny, I had just received a notification alert from Symantec about them elevating the alert about this virus right before seeing these two posts at SitePoint, so I immediately knew it was likely this virus. That's one piece of mail I sign up for and don't mind getting!

    Re quaranteening. In Norton you can quaranteen the virus and send it to them. In this case, was referring to cutting your computer off from a network if you are on one because this virus can replicate itself to all computers on a network. Nasty little worm, isn't it?
    Last edited by allie; Jul 22, 2001 at 09:24.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •