This week received a suspicious heuristic attachment warning with an email. Deleted the msg without opening. However, since then, I have been receiving the same warning with the same email every time I go to my mailbox. Yesterday had 11 of them, this morning 6 of them. How do I get rid of it.
You missed the most important bit.
What is the full text of the warning ?
What is your email program ?
Sorry 'bout that. I am currently using both O/E and Comcast Webmail. As for the text, will have to wait for the next one to come into my inbox, as I don’t remember verbatim.
Just got another. Here it is…
Very suspicious extension of attachment
- cid:1.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:2.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:11.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:12.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:13.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:14.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:3.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:4.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:5.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:6.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:7.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:8.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:9.1396835653@web50802.mail.re2.yahoo.com
Very suspicious extension of attachment - cid:10.1396835653@web50802.mail.re2.yahoo.com
Firstly the Comcast Webmail isn’t covered by the Internet Mail provider as it is viewed through your browser, correct ?
That is monitored by the Web Shield, so these don’t appear to be from your Comcast Webmail.
If they are happening when using Outlook Express, then to me the use of an attachment is somewhat suspicious too. It is the multiple periods (full stops) that normally indicate a file extension (there would normally only be one in a file name).
So the web50802.mail.re2.yahoo.com effectively looks like it has multiple different file types. This is a common tactic with malicious file attachments.
What to do about them is the thing as I have never used Yahoo, presumably this is from a Yahoo email account, e.g. what is the source of the email ?
What sensitivity have you got the Internet Mail set to, Normal is the default setting ?
Have you made any Customizations to the Internet Mail settings ?
Correct, is happening through O/E. Spoke to the sender and she said that this is happening to no other recipients. Internet mail sensitivity is set to Normal and have made absolutely no changes or customizations to my internet mail. For now, it appears that I will have to just live with deleted all whenever they appear. Thanks.
Is this a Yahoo email account though, if it isn’t it makes it more suspicious ?
Now the CID, I’m assuming is Customer I D which other than the number assigned to the email, 1, 2, 3, etc remains the same, so perhaps that is your cid.
So I don’t know what is going on, is the a pop3 account, or one that is downloaded from web mail and imported by O/E ?
If so then the actual email content may be being attached to what is effectively an empty shell of an email.
There may be something else we can do, but try to answer the questions first.
Yes, the sender is using a Yahoo account. I believe it is the customer CID, not mine. Yes, it is a pop3 account. Don’t know what other information I can provide as I am not all that computer literate when it comes to CID’s etc.
I am, however, going back to the sender and am going to ask her what it was that she was trying to send me.
That is probably a good idea, finding out what is actually attached.
If it is malign, then we can look at something to try and avoid the alert.
I’ll get back here as soon as I find out what her attachment was.
Thanks again
You’re welcome, until then.
An update…
Just as those warnings started is how they stopped arriving yesterday. Not only for me but two others who received the same original email. None of us have been able to figure it out but are hoping it’s finished. Just wanted to let you know and to thank those who tried helping.
You’re welcome, thanks for the update.
Fingers crossed then that it is the end and not a pause.