Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 3546 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FedEx email virus? not detected

leilani

today I received an email with a zipped file that pretends to be from FedEx.  I had prior knowledge of the "scam" and I'm pretty sure the attached zip is a virus; probably a "Windows OS" virus, but a virus.

Sophos for Mac did not detect any threats, I got no pop ups, nothing.  So I opened Sophos and had it scan the directory that the email is in.  It still did not find it.

Is there a procedure for sending in samples of "suspected" viruses??  (I realize that I need to delete the file and email, but was wondering if I could send it in so Sophos can add it to a database or something.)

thanks. 

:1000691


This thread was automatically locked due to age.
Parents
  • 0

    Sophos detected the FedEx_mailing_label.exe in 

    com.sophos.intercheck: 2011-03-04 05:50:01 +0800 Threat: 'Troj/Agent-PHW' detected in /private/tmp/82f-4d6f66ca-e2b13-Lz4DwH/1022D023.zip/FedEx_mailing_label/FedEx_mailing_label.exe
    com.sophos.intercheck:                              Access to the file denied
    I realize this is a windows virus in an email attachment, so I deleted all emails associated with it, using sudo.
    However I had already detected the same file in this directory and removed it using sudo, but it has come back??
    I occasionally run Parallels so I don't want this file hanging around.  
    I notice neither Nortons AV, or Kasperky AV detect this threat at all.
    I have never clicked on the zip file so I cannot see how it could have self installed, but how & why does it keep reappearing?
    :1002243
Reply
  • 0

    Sophos detected the FedEx_mailing_label.exe in 

    com.sophos.intercheck: 2011-03-04 05:50:01 +0800 Threat: 'Troj/Agent-PHW' detected in /private/tmp/82f-4d6f66ca-e2b13-Lz4DwH/1022D023.zip/FedEx_mailing_label/FedEx_mailing_label.exe
    com.sophos.intercheck:                              Access to the file denied
    I realize this is a windows virus in an email attachment, so I deleted all emails associated with it, using sudo.
    However I had already detected the same file in this directory and removed it using sudo, but it has come back??
    I occasionally run Parallels so I don't want this file hanging around.  
    I notice neither Nortons AV, or Kasperky AV detect this threat at all.
    I have never clicked on the zip file so I cannot see how it could have self installed, but how & why does it keep reappearing?
    :1002243
Children
No Data