Help with Suspicious E-mail Attachment

[Tacit_Exit]

Just got a strange E-mail from an address I don't recognize;

Subject: read it immediately
Text: classroom test of you?

which also has an attachment.

I immediately installed my PC-Cillin (I'd forgotten to after a recent hard drive format), updated it, and scanned. No viruses detected.

I saved the attachment to the desktop to check out the file type, and my system recognized it as a Dos application of some sort. I havent 'opened' it yet but.

Can anyone give me advise as to whether my 'cillin scan is reliable? I'm tempted to just dump it, but I have done some courses lately, so it 'may' be valid (doubtful, given the lack of description, I know).

Also, where would I report this; E-mail provider, Trend Micro?

 

[Goober]

What I do is to e-mail the person who sent it to me, and not open the E-mail until I have verified that this is an attachment that I have been expecting. I am pretty paranoid, but I have hear horror stories of people getting these nasty viruses, then not being able to get rid of them. I would verify with whomever sent it to you that this is safe, and was expected, then run a Virus scan on it. Run a scan on it from a different program but I would not open it if you do not recognize it. If it is from a school, it should say that in the e-mail . . .

 

[Hawkster]

From the subject it sounds very dodgy - I certainly wouldn't open it (but like RealGoober I tend to be paranoid about mail viruses as well - if in doubt delete works well for me). A lot of the current crop of viruses use spoofed email adresses and subject which this looks like 'classrom test of you' looks very made up.

Unless you are expecting it I would recommend applying the delete key at once.

 

[Lifeblood]

Delete without prejudice. I delete everything even remotely suspicious. If you're really evil you can contact their ISP so they get a written warning or their account gets suspended.

 

[ainwood]

When you say 'dos application', is it a .pif file? If so, then there is a virus circulating at the moment with a .pif extension (a .pif is executable). DO NOT OPEN IT. Delete it.

Don't bother reporting it - there will be millions of other reports.

 

[Grisu]

delete it. if it is authentic: beat up the sender for sending mails without description.

 

[bobgote]

delete it no doubt. if it IS legit (doubtful), then the user should know not to send it in such a suspicious manner.

 

[Nixnutz]

It probably should be deleted. The greeting and message sound like one of the big three that's going around.

You can tell by going here and checking through the descriptions. Compare the greeting, message and file extension with what McAfee has listed. Bet your gonna find it.

I would not email the sender without checking the virus list first. That will just verify a valid email address to a potential hacker. When that happens, you really get slammed.

Be extremely suspicious of any email from an unknown source. The writers of Bagle, MyDoom and Netsky are in a major "can -you-top-this" war right now and its wreaking havoc with the 'net

 

[CIVPhilzilla]

Delete everything suspicious. Losing a computer is not worth seeing a couple KB of text, or a little attachment.

 

[Goober]

The only problem with deleting them is that you might be deleting potentially useful information. I prefer to respond via. E-mail to the sender, make absolute sure that I know who sent the E-mail, THEN open the attachment. But ya, delete it if you suspect it might be a virus depending on what is written in the E-mail. And DO NOT OPEN IT, UNELSS YOU HAVE VERIFIED THE CONTENTS!!!, just to reinforce that crucial fact.

 

[Nixnutz]

Tacit_Exit:

What ya got there is the Netsky.c@MM worm....do not pass go, do not collect $200...delete it!

Here's the reference and information on the Network Associates site.