CFGWIZ32, what is it?
Thread Starter
Joined: Sep 1999
Posts: 5,552
Likes: 25
From: ME
CFGWIZ32, what is it?
Over the last week I have received two attachments from Ireland containing:
cfgwiz32.exe and cfgwiz32.zl9
Neither of these showed up on the Symantec AntiVirus site, but as they werent from people who I normally exchange files with, I have deleted them.
Does anyone know what they actually are, and what they are supposed to do?
Thanks.
Mutt
cfgwiz32.exe and cfgwiz32.zl9
Neither of these showed up on the Symantec AntiVirus site, but as they werent from people who I normally exchange files with, I have deleted them.
Does anyone know what they actually are, and what they are supposed to do?
Thanks.
Mutt
Joined: Mar 2001
Posts: 2,335
Likes: 0
From: Wet Coast
You did good.
CFGWIZ32 is an alias of the MAGISTR virus. http://www.sophos.com/virusinfo/analyses/w32mag.html
Contact the sender(s) and give them the good news that they are infected.
CFGWIZ32 is an alias of the MAGISTR virus. http://www.sophos.com/virusinfo/analyses/w32mag.html
Contact the sender(s) and give them the good news that they are infected.
Thread Starter
Joined: Sep 1999
Posts: 5,552
Likes: 25
From: ME
Thanks PaperTiger,
I always thought that Norton Anti Virus 2001 was supposed to identify virus type activity in all downloads, not just listed viruses. I guess that this have just shown me that it doesn't.
I guess that i will just have to stick with the policy of deleting ALL attachments from unknown or unexpected senders.
Mutt
I always thought that Norton Anti Virus 2001 was supposed to identify virus type activity in all downloads, not just listed viruses. I guess that this have just shown me that it doesn't.
I guess that i will just have to stick with the policy of deleting ALL attachments from unknown or unexpected senders.
Mutt
Joined: Mar 2001
Posts: 190
Likes: 1
OK
Anyone know what a .zl9 (or .zl6) extension is?
I have recently had the situation where someone has sent me attachments bearing these extensions. Legitimate attachments, legitimate files, at my request. They were actually sent as .exe files, but somehow became .zl9 and .zl6 files by the time they reached me. Renaming them .exe files restored their functions, but why the change?
Anyone?
Snooze
Anyone know what a .zl9 (or .zl6) extension is?
I have recently had the situation where someone has sent me attachments bearing these extensions. Legitimate attachments, legitimate files, at my request. They were actually sent as .exe files, but somehow became .zl9 and .zl6 files by the time they reached me. Renaming them .exe files restored their functions, but why the change?
Anyone?
Snooze
Joined: Mar 2001
Posts: 190
Likes: 1
OK
To answer my own query.
(Remembering to check before leaping into print in future)
It is Zone Alarm's Mailsafe feature doing its job.
Quote from Zone Alarm Help
"
MailSafe identifies potentially harmful scripts in e-mail attachments, then disables the script's ability to execute by changing the file type. MailSafe does not replace the functionality of a virus scanner. Rather, it quarantines the potentially harmful attachments and provides you the opportunity to keep the identified script program from running. MailSafe works with Internet mail clients that use POP3 and IMAP, the most common Internet e-mail protocols.
Quarantined Files
ZoneAlarm Pro's MailSafe feature renames their extension to .zl* (the * representing a number or a letter -- either 0-9 or a-z). Options at this point are to either highlight the attachment within the e-mail itself and rename the extension to what it should be (if it is known to you as a valid file) or double-click on the attachment. Double-clicking the quarantined file launches a wizard which provides options for opening, deleting, renaming or checking further on the validity of the e-mail and the attachment.
"
Not a bad little feature.
Snooze
To answer my own query.
(Remembering to check before leaping into print in future)
It is Zone Alarm's Mailsafe feature doing its job.
Quote from Zone Alarm Help
"
MailSafe identifies potentially harmful scripts in e-mail attachments, then disables the script's ability to execute by changing the file type. MailSafe does not replace the functionality of a virus scanner. Rather, it quarantines the potentially harmful attachments and provides you the opportunity to keep the identified script program from running. MailSafe works with Internet mail clients that use POP3 and IMAP, the most common Internet e-mail protocols.
Quarantined Files
ZoneAlarm Pro's MailSafe feature renames their extension to .zl* (the * representing a number or a letter -- either 0-9 or a-z). Options at this point are to either highlight the attachment within the e-mail itself and rename the extension to what it should be (if it is known to you as a valid file) or double-click on the attachment. Double-clicking the quarantined file launches a wizard which provides options for opening, deleting, renaming or checking further on the validity of the e-mail and the attachment.
"
Not a bad little feature.
Snooze
