Generic Peed Eml Virus
I am having a great deal of difficulty in removing this virus from my computer. I have run several deep system scans with BD and all come up with the same results - unable to disinfect or move. The report from the scan indicates the virus is located in 2 emails in my OUTLOOK EXPRESS file. However, I do not use OUTLOOK EXPRESS and have NEVER set it up. I checked OUTLOOK EXPRESS and there were two messages in it both from Microsoft. I deleted the messages and compressed the folders but still no change. The virus remains.
Following is a copy of my latest deep system scan report which seems to indicate the virus is located in my D drive backup files:
ProductBitDefender Internet Security v10
// Product10.2
//
// Created on: 16/09/2007 13:32:45
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
\
Folders : 7494
Files : 261215
Memory processes scanned : 44
Archives : 3066
Runtime packers : 17470
Identified viruses : 2
Infected files : 2
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 26
Scan time : 00:34:17
Scan speed (files/sec) : 126
Spyware Statistics
Registry keys scanned : 2108
Registry keys infected : 0
Cookies scanned : 230
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 877073
- Show quoted text -
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
- Show quoted text -
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
- Show quoted text -
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1189924365.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 13) Infected: Generic.Peed.Eml.0350EC0A
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 13) Disinfection failed
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 13) Move failed
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 14) Infected: Generic.Peed.Eml.F3AC8A60
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx= >(message 14) Disinfection failed
\BACkUP\Documents and Settings\Mike\Local Settings\Application Data\Identities\{4D0E9351-C977-440C-BFDA-33048294CCD0}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 14) Move failed
Any help would be greatly appreciated.
Comments
-
Hello fdimike
Empty your deleted items folder.
Best regards
Niels0 -
Hello fdimike
Empty your deleted items folder.
Best regards
Niels
Hi Niels
If you are referring to OUTLOOK EXPRESS I've already done so and it did not make a difference.
REgards
Mike0 -
Hello fdimike
Delete Deleted Items.dbx on your back up partition. You have first to go to my computer,tools,folder options,display/view,check show hidden files and folders. Now you will find the folder Application Data\ and navigate further.
Best regards
Niels0 -
Hello fdimike
Delete Deleted Items.dbx on your back up partition. You have first to go to my computer,tools,folder options,display/view,check show hidden files and folders. Now you will find the folder Application Data\ and navigate further.
Best regards
Niels
Hi Niels
Thank you very much for your help which was right on the mark. I have now a virus free computer. I would only suggest the following addition to your instructions: You must Disable Bit Defender Real Time Protection in order to remove the infected files. The deleted files are sent to the Recycle Bin for further deletion. You must keep Bit Defender's Real Time Protection in a disabled mode until you empty the recycle bin or the BD antivirus software will prevent you from disposing of the infected files.
Thanks again for your help
Regards
Mike0 -
Hello fdimike
You are right about that. Normally I don't forget to say that you have to disable realtime protection. But I forgot it here. Glad that I could help you.
Best regards
Niels0 -
Hello fdimike
You are right about that. Normally I don't forget to say that you have to disable realtime protection. But I forgot it here. Glad that I could help you.
Best regards
Niels
Dear
how to disable realtime portection
thank0 -
Hello taman
If you have version 10 or earlier,right click on the red BitDefender icon near you system clock go to antivirus and press on real-time protection. For the newest version rightclick on the icon choose settings,go to antivirus,shield,and uncheck real-time protection.
Best regards
Niels0 -
Hmm, I have exactly the same problem except that I use Thunderbird and I do use the program for my email. The 2 emails are not identified in way that helps me locate them and deleting all my emails is not an option. Here's the relevant bit
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Infected: Generic.Peed.Eml.24569595
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Disinfection failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Move failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Infected: Generic.Peed.Eml.24569595
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Disinfection failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Move failed
I did try opening inbox in notepad and did a search for message 5794, no such thing. Any idea what I should do?
Thanks
Nabil0 -
Hi Nabil et al
I have a similar problem, with my Eudora In.mbx All attachments scan fine and are clear. Eudora's mailboxes are html text based, but I could not correlate
the " =>(message 5794) " to actual text lines since some of the emails are digests. It's irritating the program can't pin-point with more detail what's causing the
virus alert, and the tech support response was like a broken idiocy recording: Their response " you have a virus in your *.mbx files" Please scan them with Bitdefender and email the logs. Which is what I did in the first place, if they had looked at the email. Trashing the entire mailboxes is not an option. I copied it to a mybox.txt file and scanned that and it came up with the same virus alert. Yeah like that text file is really going to do something. Tells me it just a keyword they are triggering on so I can't believe it couldn't disinfect or even move! the file. It's ridiculous.Hmm, I have exactly the same problem except that I use Thunderbird and I do use the program for my email. The 2 emails are not identified in way that helps me locate them and deleting all my emails is not an option. Here's the relevant bit
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Infected: Generic.Peed.Eml.24569595
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Disinfection failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5794) Move failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Infected: Generic.Peed.Eml.24569595
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Disinfection failed
\Thunderbird\Profiles\ffronnrh.default\ImapMail\mail.zuumedia.com\INBOX=>(message 5795) Move failed
I did try opening inbox in notepad and did a search for message 5794, no such thing. Any idea what I should do?
Thanks
Nabil0 -
Hi Niels
Thank you very much for your help which was right on the mark. I have now a virus free computer. I would only suggest the following addition to your instructions: You must Disable Bit Defender Real Time Protection in order to remove the infected files. The deleted files are sent to the Recycle Bin for further deletion. You must keep Bit Defender's Real Time Protection in a disabled mode until you empty the recycle bin or the BD antivirus software will prevent you from disposing of the infected files.
Thanks again for your help
Regards
Mike
How did you delete your DBX files? When I try to open it with Word or Wordpad, it takes forever. After it's finally opens I can't do anything with it, because every time i try something it takes forever to respond.
I was thinking of renaming the file, then creating a new (empty file) with the old name, then deleting the renamed file. Would thid work, or am I losing some important data when I deleted the renamed file?
Lastly isn't this the same delete file that Outlook uses? Why can't I just empty the Outlook delete files?
Thank you,
Joel0 -
I have these too ...use thunderbird....help......tell me how to delete thes files... a novice, no techie stuff please Thanks
0 -
I have deleted all emails and deleted box...please help ...what should I do?
0 -
I have deleted all emails and deleted box...please help ...what should I do?
The following instructions were provided to me by Niels:
Delete Deleted Items.dbx on your back up partition. You have first to go to my computer,tools,folder options,display/view,check show hidden files and folders. Now you will find the folder Application Data\ and navigate further.
Make sure you disable Bit Defender while doing this operation and keep it disabled until you empty the recycle bin.
Regards
Mike0 -
Hello 88keys
That instructions that I gave to fdmike was because he couldn't delete the mails by the deleted items.
Normally the infected mails are gone also. But you had to follow the instructions that I gave to bushdoctor in this topic Except that you have to download this program.
Best regards
Niels0 -
I read that post and I dont follow.....I have no idea where to start....this doesnt make sense to me.....Is there an easy fix like dump thunderbird and reinstall...will it get rid of it??? thanks
0 -
by the way Im a brugge fan....how are the moules this year?
0 -
Hello 88keys
What you had to do was sorting the mails on mails which has an attachment or have weird subject. To see which mails are infected you could used the tool where I gave a link here and let BitDefender scan so then you know which mails you have to delete.Perform another scan and see if certain mails are being detected.
Best regards
Niels0 -
Niels thank you....you see I never had any wierd emails...but I deleted all of them a few days ago anyway...there were only 4 or 5...the virus resides in my docs and settings under my name and under thunderbird setting and the inbox but I deleted the folder and deleted folders file and recycle bin yesterday....everything still works except some emails I send with attachments give error message
that he server timed out or refused but it's wierd but the message still sends anyway......I had a tech here this morning from my server and he said it's my responsibility to get rid of virus ...no help on that...geez
0 -
Hello 88keys
I recommend that you perform a deep scan with BitDefender. Post the result of the scan in your next reply.
Best regards
Niels0
