[Dshield] Suspicious email

Samuel Samuel at socal.rr.com
Wed Aug 29 21:40:33 GMT 2001


I went to my favorite search "engine" and searched for "JDBGMGR" and got the
following hits, whcih are some clues.

http://support.microsoft.com/support/kb/articles/Q255/8/46.ASP
http://www.symantec.com/avcenter/venc/data/w32.efortune.31384@mm.html


----- Original Message -----
From: "Samantha Fetter" <sama at enteract.com>
To: <dshield at dshield.org>
Sent: Wednesday, August 29, 2001 8:29 AM
Subject: RE: [Dshield] Suspicious email


> Perhaps I should have been more clear in my question.
> I know that the zl9 is for zone alarm, I just meant that I didn't know
> what the actual extension is.
> What my question was meant to be, is - Does anyone know what that
> email/attachment are, has anyone seen it before and recognize it as a
> possible virus?  I'm just curious.
> I'd guess the BGMGR part of the file name is something along the lines of
> Background Manager, not sure what the JD may be.
>
> Thanks,
> Samantha
>
> On Wed, 29 Aug 2001, Lane Weast wrote:
>
> > The ZL9 file extension is used by Zone Alarm as a quarenteen extention
to
> > make virus infected executable's non executable. ZL9 may be used by
other
> > applications as well but I have not seen it anywhere else.
> >
> > What this might be is, the sircam virus sending a random file from the
host
> > pc and Zone Alarm catching it and changing the file extension..??
> >
> > > -----Original Message-----
> > > From: Samantha [mailto:sama at enteract.com]
> > > Sent: Wednesday, August 29, 2001 7:47 AM
> > > To: 'dshield at dshield.org'
> > > Subject: [Dshield] Suspicious email
> > >
> > >
> > > Good morning,
> > >
> > > I thought I'd present this to you all...
> > > The other day I received an email from a "wayne rudd" at
> > > puttcoach at earthlink.net.
> > > Subject is: LaserJet 4 Plus\\Mh
> > >
> > > The email contains a file JDBGMGR.zl9 (not sure what the extension is)
> > > and below the attachment it just says:
> > > "LaserJet 4 Plu."
> > >
> > > I searched all over the place trying to find any information
> > > when I received it the
> > > other day, but was unable to.
> > > Has anyone seen this, or know what it is?
> > >
> > > Cheers,
> > > Samantha
> > >
> > > _______________________________________________
> > > Dshield mailing list
> > > Dshield at dshield.org
> > > To change your subscription options (or unsubscribe), see:
> > > http://www1.dshield.org/mailman/listinfo/dshield
> > >
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
> >
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
>




More information about the list mailing list