Can Not Delete Or Disinfect Generic.peed.eml.b55c15cb

pj48

[removed] found Generic.Peed.Eml.B55C15CB in mail_folder1\Inbox1=>(message 19956). It is the only thing found on my computer that I have not been able to remove.

I use Eudora and the individual messages in eudora look like this in the folder:

!%26!AAAAAAAAAAAYAAAAAAAAANg6RdF1IxZFvO5saKz%2BMcXCgAAAEAAAAI7VfcL8co1HjedXz4%2Bc4n4BAAAAAA%3D%3D%40red7media.com

There is no corresponding 19956 number to delete the infected email. Does anyone know what is usually containted in a Generic.Peed.Eml.B55C15CB email so I can search the body of the messages and remove it that way?

rootkit

Check your mail attachments

Or maybe it's a FP from that AV !

shedden@mcmaster.ca

I just installed BD this week (I'm a BD newbie) and it detected 2 of these Generic.Peed.Eml viruses, one in each of two of my Eudora mailboxes (.mbx). They could not be removed from the .mbx files without deleting the whole files (each .mbx contains a history of email messages) and so BD said they could not be removed because they were part of an archive. However, it did give me the message number, and using that I was able to figure out which email message was the problem. I opened up the .mbx files in a text editor and manually removed that email message. It seems to have worked!

Your message number is 19956, that's a lot of messages to go through. Mine were smaller mailboxes (one was message number 65, the other was message number 139, or something like that). I found them by opening the mailbox folder in Eudora, turn off any sorting, select the very first message, then scroll down and keep adding to the selection (by holding down the shift key) until I had exactly 65 messages selected (the number selected shows up in the little box under the list of message headers). The 65th one was the one with the virus. I was able to look at the subject line and date, and then search for that when I opened the .mbx in my text editor. I was careful to delete the whole message (and nothing else) in my text editor.

In both mailboxes, the affected email message was a copy of a "greeting card" I had sent to someone from Regards.com (I guess I won't do that again!).

BTW, I used McAfee and Eset before and neither of these detected these Generic.Peed.Eml viruses, not sure why they didn't, or if these messages are not really viruses???

[removed] found Generic.Peed.Eml.B55C15CB in mail_folder1\Inbox1=>(message 19956). It is the only thing found on my computer that I have not been able to remove.

I use Eudora and the individual messages in eudora look like this in the folder:

!%26!AAAAAAAAAAAYAAAAAAAAANg6RdF1IxZFvO5saKz%2BMcXCgAAAEAAAAI7VfcL8co1HjedXz4%2Bc4n4BAAAAAA%3D%3D%40red7media.com

There is no corresponding 19956 number to delete the infected email. Does anyone know what is usually containted in a Generic.Peed.Eml.B55C15CB email so I can search the body of the messages and remove it that way?

pj48

Thanks for the tip. I used several online scanners to try to remove the generic peed file. I had 3 files in the 20,000 email message archive that could not be removed by BD. A tech on this messageboard told me to search for a specific term for the wareazov file, and it turned out to be a minor league hockey team press release. Easily deleted.

The two generic peed files BD were unable to remove, I was unable to find looking for attachments or trying to determine them by number. One was 16---- the other was 19000, so there were too many messages to sort through.

Bit Defender would find them, delete them, and then fail updating the Eudora archive. Eudora is an open source program now, so I emailed a person there and suggested that they at least look into allowing antivirus programs to indentify and remove individual messages because of the threat of worms and botnets. There is an option now on Eudora under Options > Privacy that says "allow anti-virus programs to quarantine individual messages". They were probably already going to add that.

Eudora was recently updated to version 8.0.0b4:

https://wiki.mozilla.org/Eudora_Releases

In the last couple of scans, Bit Defender was able to find and remove the last 2 generic peed emails. I have to agree with one of the other posters, the majority of the original generic peeds all had attachments. When it first found the generic peeds, there were a lot of them.

pj48

Not sure what happened, but my computer appears to have been reinfected.

message 15607 > Infected with: Generic.Peed.Eml.7823A991

Disinfection failed

Deleted

Update failed

I have a feeling this is because in Vista you need to sometimes give Eudora adminstrative privileges to remove or quarantine files. So Eudora is allowing BD to quarantine invididual messages now, but maybe Vista is not.

Let me know if there are any indentifying features of an Generic.Peed.Eml.7823A991 email so I can try to remove it manually. I am getting a lot of bounced and fake emails from various xin.net registered and hosted websites, so I think this virus is active.