Is this a virus??

Wedge · Oct 23, 2002

I have a suspicous peice of mail. It reads:

" Subject: We processed your US Department of Education Renewal FAFSA

Dear BRAD,

Your Renewal Application for Federal Student Aid has been processed and the data made available to the school(s) you listed.

Your U.S. Department of Education Student Aid Report(SAR) is also now available online. In order to obtain your SAR, you must f "

First off, my real name isn't Brad. Second, I never applied for anything like this. Third, it is cut off just as I have it typed above. There is an attachment. It is Resume.doc.exe

Does this look/sound familiar to anybody as it might be a virus??
I'm thinking I ought to delete this thing quick-like.

Peco · Oct 23, 2002

I don't think so. but don't open attachment.Just delete

alien · Oct 23, 2002

it's just mail sent to the wrong Email address, you chicken!

noda · Oct 23, 2002

Well it is better to be chicken than sorry. If you are not sure of anything just delete it.

alien said:
it's just mail sent to the wrong Email address, you chicken!

netman · Oct 23, 2002

i think it may be a virus. the attachment has an exe extension. there is a bugbear fixer posted here on the forum, search for it and run it. it could also be one of the klez variants. they both send these types of email.

it is possible that it is a mistake but 'resume.doc.exe'? that is really suspicious.

Wedge · Oct 23, 2002

wauchula said:
but 'resume.doc.exe'? that is really suspicious.

My thoughts exactly. That's the truly suspicous part about it.

btw, what is bearbug program?

VIPER_1069 · Oct 23, 2002

i would MOST DEFINATELY say this is 110% a virus nothing NORMAL COMES with DOUBLE extensions ..... "Resume.doc.exe" this has 2 normal files would be "Resume.doc" or "Resume.exe" not and NEVER BOTH it will be something either virii or trojan do not run or execute delete it or save to desktop and scan from there !!! 110% SURE like i said that it will be something that will attempt to mess up your system !!! DON'T PANIC delete or scan with anti virus to confirm and then delete !!!

Seraphim · Oct 23, 2002

and about bugbear you can read here http://forum.cdrsoft.cc/showthread.php?s=&threadid=19455

LTR12101B · Oct 23, 2002

There is a reason for double extensions - since for known filetypes (eg. EXE), you may have things set not to show them, the EXE dissapears and you THINK you see an innocuous "File.doc".

Some av's will consider (by simple heuristic), ANY double extension to be a probable virus - and they're most likely RIGHT!

It also probably attempts to use a hopefully fixed IE/OE vulnerability to run it anyway. - always use "Restricted Zone" for email!