Generic.peed.eml

I have just completed a Deep System Scan and found loads of these "Generic.Peed" infected emails. None of them could be cleaned by BD, and none were found by any other security software I have used, as some of these go back years! I am not convinced that this is actually anything to worry about. What is "Generic.Peed" anyway? Is it supposed to be a virus? Could this be a false positive? I have read other threads on here suggesting deleting the Deleted / Trash folder, but I don't really want to do that, as (strange as it may seem), I do occasionally need to look for stuff in there, but I have filters set up to delete any non wanted emails.

BD also identified a number of programs which I have had for years, as "trojans", but again, I am sceptical as to the accuracy of this. No other security software flagged these, so I have to conclude that BD is either so good that it finds stuff nothing else can (Norton, F-Secure, and previous versions of BDIS haven't found these), or that BD is slightly over zealous and detects a lot of false positives, in a very similar way to Bullguard, which, incidentally, took an astonishing 16 hours (!!) to scan my machine.

Can anyone confirm whether "Generic.Peed" is anything actually harmful, or whether this is safe to be ignored?

Many thanks,

Simon.

Find more posts tagged with

Comments

alexcrist

Hello Simon,

Please put all files that you suspect that are FPs in ZIP files, protected by the password infected and attach them to a post here. A Virus Analyst will take a look at them and will tell you for sure if they are infections or not (and, if needed, detection will be removed).

Note that there's a 2MB/file limit for attachments.

About the Generic.Peed malware... I don't know what it involves. Maybe a Virus Analyst can answer this question.

Cris.

blackdog

I'll try to put something together later, Cris.

As for Generic.Peed, a Google search reveals nothing other than it ONLY seems to be found by BD / BDIS, so I am inclined to believe it's a FP, especially given that it only seems to appear in archived deleted files. Just guessing, but I wonder if something in the archiving process is tricking BD into thinking it's something malicious?

Cd-MaN

Generic.Peed.EML is the generic detection for e-mails sent by Peed. They usually contain a link with an IP, like http://10.10.0.201/... and can have a wide variety of subjects. The reason why it BD can not "clean" these infections is because we only have read-only support for inboxes of mail programs (where these emails were probably found). Adding read-write support is complicated, dangerous (since there is no "official" documentation for many of these inbox formats and relying purely on reverse engineering contains a high danger of data corruption) and some times illegal. You can clean them manually, by disabling the real-time protection, deleting the identified mails from you mail client, emptying the trash in your mail client and re-enabling the realtime protection.

As for the other files, as Cris said, please attach them to a post and if they are FP, they will be removed ASAP.

blackdog

Hi Cd-MaN,

I did another scan, but unchecked the email archives, and the results only produced three suspect items, all of which were part of old, unused programs, so I'm afraid I just deleted them. Sorry if that was unhelpful.

As for Generic.Peed.eml, you said this is the generic detection for e-mails sent by Peed. What exactly is 'Peed'? :blink: These were all detected in archived deleted / trash folders, of which I have now deleted all but my primary mail account, which I will need to filter through before deleting.

Thanks for your help.

Cd-MaN

Peed is a family of malware primarily used to create botnets and send spam (it is also known as the "Storm worm", although technically it's not a worm). The typical scenario is:

- The user receives an e-mail with a link in it

- The user visits the given link. If s/he has an unpatched system, the malware installs through exploits. If the system is patched, the malware is offered for download

- If the malware is executed, the computer becomes part of a botnet and starts sending spam.

Also, if you haven't delete the suspected files, please attach them to a post or at least give their detection names so that we can remove any possible FPs.

Best regards

IllNeverHaveYouAgain

Peed is a family of malware primarily used to create botnets and send spam (it is also known as the "Storm worm", although technically it's not a worm). The typical scenario is:

- The user receives an e-mail with a link in it

- The user visits the given link. If s/he has an unpatched system, the malware installs through exploits. If the system is patched, the malware is offered for download

- If the malware is executed, the computer becomes part of a botnet and starts sending spam.

Also, if you haven't delete the suspected files, please attach them to a post or at least give their detection names so that we can remove any possible FPs.

Best regards

Hey I once clicked on one of these to see what it did. Could I be infected?

I just now did a BitDefender Deep Scan, a AVG anti-Rookit deep scan, a Windows Malicious Software Removal Tool full scan, a Adaware 2007 full scan and a Windows Defender full scan. Does that mean I'm not infected with a worm from that link I clicked a few weeks ago? Please help!

Oh and in the BitDefender Deep Scan does it include a rootkit scan so I don't need to use AVG Anti-Rootkit anymore? (I recently switched from AVG to BitDefender but I kept the anti-rootkit freebie).

Also does the Windows Live Messenger "OnceCare" anti-virus conflict with BitDefender (or any AV for that matter)? I didn't think it was installed; I thought you needed to subscribe to it on www.live.com but I found the executable on my machine. Will they conflict?

Oh and sorry about hijacking the thread. I originally came here from a google search because BitDefender during a Deep Scan detected a Generic.Peed.Eml in my Mozilla Thunderbird thrash folder. Thanks for helping me understand that they're not dangerous as long as they stay in the trash or junk folders and I don't click on them.

Chesda

Oh and in the BitDefender Deep Scan does it include a rootkit scan so I don't need to use AVG Anti-Rootkit anymore? (I recently switched from AVG to BitDefender but I kept the anti-rootkit freebie).

Also does the Windows Live Messenger "OnceCare" anti-virus conflict with BitDefender (or any AV for that matter)? I didn't think it was installed; I thought you needed to subscribe to it on www.live.com but I found the executable on my machine. Will they conflict?

Yes, Deep System Scan scans everything - if you put the Scan Level on High.

Windows Live Messenger OnceCare is a online scanner enabled on Windows Live Messenger. It scans when people transfer files to you, and no it does not conflict with BitDefender, on rare occasions it could cause an error to BitDefender Update whilst the BitDefender Updater is running.

IllNeverHaveYouAgain

Yes, Deep System Scan scans everything - if you put the Scan Level on High.

Windows Live Messenger OnceCare is a online scanner enabled on Windows Live Messenger. It scans when people transfer files to you, and no it does not conflict with BitDefender, on rare occasions it could cause an error to BitDefender Update whilst the BitDefender Updater is running.

Ok thank you.

IllNeverHaveYouAgain

Ok thank you.

Well since it scans for Rootkits too does that mean it'll conflict with AVG Anti-Rootkit Free?

IllNeverHaveYouAgain

Well since it scans for Rootkits too does that mean it'll conflict with AVG Anti-Rootkit Free?

Bump goes the weasel

IllNeverHaveYouAgain

Bump goes the weasel

WILL BITDEFENDER's DEEP SCAN CONFLICT WITH AVG Anti-ROOTKIT IF I RUN THEM AT THE SAME TIME SINCE THEY BOTH LOOK FOR ROOT-KITSSSsssssssss. Oh and merry christmasssss and a happy new yearrrrr........................................................................

................

blackdog

I don't think shouting will help. Why don't you try starting another thread? This one is about Generic.peed.eml, which is nothing to do with AVG.

IllNeverHaveYouAgain

I don't think shouting will help. Why don't you try starting another thread? This one is about Generic.peed.eml, which is nothing to do with AVG.

Couldn't you just answer the question.

blackdog

I would if I knew the answer! That's why I suggested starting a new thread.

alexcrist

@GayusMarius: You should have realized by now that nobody knows the answer (otherwise, someone would have posted).

You could try asking on LiveAssistance.

Cris.

IllNeverHaveYouAgain

@GayusMarius: You should have realized by now that nobody knows the answer (otherwise, someone would have posted).

You could try asking on LiveAssistance.

Cris.

Maybe I will. Thanks.