[Dshield] Suspicious email

Jeff Miller jrm.wa at verizon.net
Wed Aug 29 21:01:51 GMT 2001


Sorry for the multiple posts - a little helter skelter today.

Once I looked at the JDBGMGR.EXE file, the properties reported that this is
a "Microsoft Debugger Registrar for Java".

----- Original Message -----
From: "Samantha Fetter" <sama at enteract.com>
To: <dshield at dshield.org>
Sent: Wednesday, August 29, 2001 8:29 AM
Subject: RE: [Dshield] Suspicious email


Perhaps I should have been more clear in my question.
I know that the zl9 is for zone alarm, I just meant that I didn't know
what the actual extension is.
What my question was meant to be, is - Does anyone know what that
email/attachment are, has anyone seen it before and recognize it as a
possible virus?  I'm just curious.
I'd guess the BGMGR part of the file name is something along the lines of
Background Manager, not sure what the JD may be.

Thanks,
Samantha

On Wed, 29 Aug 2001, Lane Weast wrote:

> The ZL9 file extension is used by Zone Alarm as a quarenteen extention to
> make virus infected executable's non executable. ZL9 may be used by other
> applications as well but I have not seen it anywhere else.
>
> What this might be is, the sircam virus sending a random file from the
host
> pc and Zone Alarm catching it and changing the file extension..??
>
> > -----Original Message-----
> > From: Samantha [mailto:sama at enteract.com]
> > Sent: Wednesday, August 29, 2001 7:47 AM
> > To: 'dshield at dshield.org'
> > Subject: [Dshield] Suspicious email
> >
> >
> > Good morning,
> >
> > I thought I'd present this to you all...
> > The other day I received an email from a "wayne rudd" at
> > puttcoach at earthlink.net.
> > Subject is: LaserJet 4 Plus\\Mh
> >
> > The email contains a file JDBGMGR.zl9 (not sure what the extension is)
> > and below the attachment it just says:
> > "LaserJet 4 Plu."
> >
> > I searched all over the place trying to find any information
> > when I received it the
> > other day, but was unable to.
> > Has anyone seen this, or know what it is?
> >
> > Cheers,
> > Samantha
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www1.dshield.org/mailman/listinfo/dshield
> >
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
>

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list