We help IT Professionals succeed at work.

Could a virus be causing email app to split files up?

ehanner asked
Medium Priority
Last Modified: 2013-12-04
This is very wierd.
A client on a win2K machine using the latest office 2003 version of Publisher creates a newsletter which she emails. When she sends it to me, I get 3 messages with a large page of machine language goblygook. Other people she sends to also get the same three files in the message body. All except one guy at the office who gets the file just fine. He is one of 3 recipients in the office and the only one who can read it. All but the creator of the message are XP computer computers and all are running the same version of Office-Pro 2003.

I have uninstalled and reinstalled and for a short time it worked OK. However after a few days the problum resurfaced and remains.

All of the computers have Norton AV corp ver 8 and have no hits at the moment on the virus activity log. However, the win2k box that created this file did have some trojan activity a while back that was very hard to remove. I have run scans in safe mode and done online scans with Trend Micro that found virus activity that Norton missed.

I'm feeling like this might be a virus related issue but I can't identify it. If anyone has dealt with this issue in the past I would appreciate hearing about it. I posted this on the win2K OS board but after 3 days no hits.

Hope I wasn't too long here

Watch Question

No, this doesn't sound like a virus problem. I assume the email applications don't use the same format. When I create a nice looking mail with Incredimail the result for the recipients will be totally different - relating to the mail applications they use to display the message.

I would check whether all recipients use the same mail application and Internet Explorer version as the sender and would review the settings of these applications. They should be the same on all machines. And please check the patch status on all machines. Some patches/service packs will change the behaviour for mail handling because of security reasons.

Hope this helps.


I wish it were that simple.  I set up everything and everyone is up to date with patches and all stations are running the same version of Office and Outlook. What really gets me is that 2 identical new XP computers sitting a few feet from each other on the same network switch, get differing results when they are sent .PUB files from another LAN user. Only one person including someone out of the system can open the file.

That means the .PUB file (Microsoft Publisher) can be opened on one computer but not on the other one? I would try whether opening the file is user dependent. Let the user that is able to open the file on his/her computer go to the other computer, log on with his/her domain account. Will this work?

Which message appears for those users that are not able to open the file?

I still don't expect a virus to cause this, because you have scanned your computer for viruses. But just make this sure: Did you configure your antivirus software to scan ALL files including compressed ones?
Disabling Attachment Security in Microsoft Outlook
Sometimes security can be taken to far. In an effort to protect users from themselves, Microsoft has prevented anyone from using a default installation of Office XP and Office 2003 from opening certain types of attachments in Outlook. These include all .EXE, .DLL, .VBS, and .COM files plus many more. In a technical environment, or one where virus protection is in use, this is downright annoying.

To disable the banned attachments feature in Microsoft Outlook:

Office XP: Use a registry editing tool to navigate to the following key:

Office 2003: Use a registry editing tool to navigate to the following key:

Insert a value with the following details:
Data Type: SZ
Value Name: Level1Remove
Value: Semi-colon delimited list of file extensions you wish to allow, e.g.:

Restart Outlook for the changes to take effect.


Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open


It's not that only one can open the file, only one gets just one message with the usable .PUB file. Everybody else gets 3 messages, each has an attachment, none of which are .PUB files. Also, the message body is filled with a large page of machine language type characters.

The trouble has to be with the sending computer.  I'm thinking the issue must be with outlook somehow. It seems to be selecting one account to send normally and creating something else for the rest of the reciepients. For what it's worth, the guy who can read the file and the guy who can't are both using a company account so they have the same address after the @ sign.

Also above someone mentioned user accounts, this is a workgroup. Plus when I get the set of messages they scan clean and are also unreadable.

Not a virus but potentially the scanner, I'm with trywaredk on targetting that area next, but do make sure you identify whether this is a single problem or not, as I was initially thinking it was gateway.

Make sure all are sent same physical eMail, all listed as "to". Next send each one individually, and next send to everyone except the one who receives so well.

Make sure the sender attaches the file, that it is not embedded. Make sure there is one (min) complete sentence. Make sure it is not sent to mailing list.

Now it could also be server side, if you are all using same sending and receiving servers. Check the way it manages attachments, what protocols users are running, access methods, (look at LogonID@server), MIME handling and antivirus pattern matching. Some server side AV will split file, maybe scanning and your name is similar to some from viruses, so you should also try sending with the A/V out of service, many need updates.

Best Guess: by now you've maybe resolved and checked out the desktops well (laptops? docking station problem?) so I vote for server being the best candidate for problem, maybe different protocol or a/v behavior. Upgrade.
It's a wild guess, and I don't think it has anything with your issue to do, but try to check the xp sender computer

You Cannot Access Shared Files and Folders or Browse Computers in the Workgroup


The AV scanner is a possibility worth checking. The sender is a win2K box trywaredk but I'll check the link.

I'll check this out in the next day or so and get back. Thanks.

Could also by spyware - please check...


Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:

SpyFerret detects & removes spyware

Bazooka Adware and Spyware Scanner v1.13.01

Automatic check of your browser for parasites, adware and spyware


Ok, some developments here. First I received an email today from the creator of these .PUB files only this time it's an Excel file as an attachment. I got 12 emails, each with an attachment of some kind, not excel and each one had the message body filled with machine type. I had the sender copy the excel file to a cd and go to another computer and send it to me . I received the message with the attachment intact and after I scanned the file was able to open it. Last wek the issue was limited to .PUB files and now both types are affected in this manner.

Also, now all users in the office are unable to receive these attachments where as before one computer was able to open normally.

Remember I uninstalled and reinstalled Outlook early in this excercise along with all other components of Office 2003.

I guess I'll go tomorrow and look for a trojan or spybot but I have already had her scan with NAV and again in Safe mode.
Unlock this solution and get a sample of our free trial.
(No credit card required)
Maybe it's the REG_BISCUIT.A

To find out ...

Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:

If you get's an ActiveX error, when loading the HouseCall web page:


I scanned in safe mode, online with Trend Micro and didn't get a single hit. However, the virus history log showed that both yesterday and again today, that NAV found 6 infected files. W32.Gibe.B@mm on a Patch408.exe 3 times andBackdoor.irc.cl.. and and IRC Trojan and Trojan Horse. I don't quite know why they show up in the history but not in the daily scans. They must be getting picked off before the scheduled scan. Also, the history log shows that the first action to be "clean" and second action to be "leave alone". This not the way the scan is setup. The second action is "quarantine". I checked the settings and found them to be correct but for some reason the log shows otherwise. The end result is that the files are not to be found anywhere. They don't exist in the reported location in the log and scanning the drives didn't turn up anything. The virus log says they should be there as they were left alone.

I like your suggestion of Trend Micro on line. I haven't tried the system cleaner but I will.

After all of this scanning and searching, I wish I could say that I knew exactly what repaired the problum. I did run Outlook Repair and I cleaned out a ton of IE temp internet files, which was one of the virus locations. Also I cleaned out 55 bugs with Ad Aware. It all works fine now but I feel a little like the bombadear on the Enola Gay.

Thanks for your ear and support Trywaredk, you earned these points.

The problem is, that antivirus programs does'nt find/remove Spyware, and antispywareprograms does'nt find virus.

:o) Glad I could help you - thank you for the points


That's a great point. If some clever developer came up with an AV app that scrubbed and blocked spyware and had a sniffer that would verify no unauthorized connections were working, it would be a killer app.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.