[Dshield] Suspicious email

Jeff Miller jrm.wa at verizon.net
Wed Aug 29 20:59:36 GMT 2001


On second look, I looked at my computer that has JetAdmin installed and
there is a JDBGMGR.EXE file in the windows\system directory.

----- Original Message -----
From: "Samantha Fetter" <sama at enteract.com>
To: <dshield at dshield.org>
Sent: Wednesday, August 29, 2001 8:29 AM
Subject: RE: [Dshield] Suspicious email


Perhaps I should have been more clear in my question.
I know that the zl9 is for zone alarm, I just meant that I didn't know
what the actual extension is.
What my question was meant to be, is - Does anyone know what that
email/attachment are, has anyone seen it before and recognize it as a
possible virus?  I'm just curious.
I'd guess the BGMGR part of the file name is something along the lines of
Background Manager, not sure what the JD may be.

Thanks,
Samantha

On Wed, 29 Aug 2001, Lane Weast wrote:

> The ZL9 file extension is used by Zone Alarm as a quarenteen extention to
> make virus infected executable's non executable. ZL9 may be used by other
> applications as well but I have not seen it anywhere else.
>
> What this might be is, the sircam virus sending a random file from the
host
> pc and Zone Alarm catching it and changing the file extension..??
>
> > -----Original Message-----
> > From: Samantha [mailto:sama at enteract.com]
> > Sent: Wednesday, August 29, 2001 7:47 AM
> > To: 'dshield at dshield.org'
> > Subject: [Dshield] Suspicious email
> >
> >
> > Good morning,
> >
> > I thought I'd present this to you all...
> > The other day I received an email from a "wayne rudd" at
> > puttcoach at earthlink.net.
> > Subject is: LaserJet 4 Plus\\Mh
> >
> > The email contains a file JDBGMGR.zl9 (not sure what the extension is)
> > and below the attachment it just says:
> > "LaserJet 4 Plu."
> >
> > I searched all over the place trying to find any information
> > when I received it the
> > other day, but was unable to.
> > Has anyone seen this, or know what it is?
> >
> > Cheers,
> > Samantha
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www1.dshield.org/mailman/listinfo/dshield
> >
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
>

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list