Possible Virus

**michaeln** · 03-26-2002 05:47 AM

On one of my systems I have 41 occurrences of this file _3_'__.eml ((underscore 3 underscore apostrophie underscore underscore.eml (the 3 is the symboy to the power of 3 and not the number 3))

My Virus Checker (AVG) does not recognise them as a virus. I cannot read or delete these files in Win98SE. I don't know where they came from. They show a size of 83K. If I check their properties the date Created, date Accessed and date Modified are shown as Unknown.

Any ideas?

**muchmark** · 03-26-2002 07:13 AM

You can do a virus scan online here.

**michaeln** · 03-26-2002 07:57 AM

Originally posted by muchmark
You can do a virus scan online here.

Thanx! Just did that now. No virus detected. I still can't explain or account for the files.

**Fatal_Exception** · 03-26-2002 10:20 AM

the EML extension is normally associated with email

drop to DOS, move to the directory containing the mystery files, search for them with DIR *.eml and then delete them when you find how DOS is parsing the filenames... you may have to change the attributes before you can delete them

**michaeln** · 03-26-2002 11:52 AM

Originally posted by Fatal_Exception
the EML extension is normally associated with email

drop to DOS, move to the directory containing the mystery files, search for them with DIR *.eml and then delete them when you find how DOS is parsing the filenames... you may have to change the attributes before you can delete them

A funny thing happened. I checked the system with AVG Virus Scan - Negative Results. I then scanned the system online with PC_Cillin - again negative.

Having read youm message Fatal I decided to pull one of the files across my network to this PC to work on it further. This PC would not allow it in as it said the file was infected with I-WORM/NIMDA virus. The odd thing is that this PC also runs AVG antivirus and has the same updates as the infected PC.

With regards to your suggestion for a DOS attack, fortunately I have the old DOS application XTree Gold. I dug it up and installed it (which surprised me as I installed it in Win98SE without a hitch). This allowed me access to the full system and I was able to delete all copies of this file, although it's so long since I used XTGold that I had a lot of revising to do before I managed to solve the problem.

Just goes to show that DOS can do some things that Windows can't.

**Fatal_Exception** · 03-26-2002 12:43 PM

i thought it might have been nimda, but after your conviction that it wasn't a virus, i was loathe to suggest it...

you should probably download the antitrojan.exe to make sure you don't have a little devil on your drive generating the worm...

what folder were the eml files in? could they have been quarantined?

**michaeln** · 03-26-2002 01:01 PM

I d/l'd the antitrojan and am running checks now. The .eml files were in 41 different directories all over the place.

As for quarantine - i'd prefer rid the system completely of them.

Thanx for the help!

**Fatal_Exception** · 03-26-2002 01:28 PM

Originally posted by michaeln
As for quarantine - i'd prefer rid the system completely of them.

i agree! i was just curious

**Shinta** · 03-26-2002 02:11 PM

heres a pretty good free scanner

http://www.veloz.com/features/?src=f...%26eanth_redir

Thread: Possible Virus

Thread Tools

Search Thread

Display

Possible Virus

vs

Bookmarks

Bookmarks

Posting Permissions