Cisco Sec Agent Message - Content.MBO

[PubPlayer]

Good Day - when receiving emails from a family member, I'm getting the following message from Cisco Security Agent. Is this an actual threat? I've been Googling, etc and can't find much.

9/8/2008 3:47:37 PM: The process 'C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE' (as user ESI\TOMK) attempted to access 'C:\Documents and Settings\tomk\Local Settings\Temporary Internet Files\Content.MSO\E1F8713.com'. The attempted access was a write (operation = OPEN/CREATE). The operation was denied.

After \Content.MBO\ the "xxxxxx.com" is different every time - apparently randomly generated. So "E1F8713.com" will be replaced the next time I open that same email w/ a different ".com" file.

I want to alert my sister and help her if she's infected. I'm suspecting it's a trojan of somesort. Any input?

Thanks Very Much
- Tom

 

[PubPlayer]

And actually - There's a second part to the message from Security Agent ....

9/8/2008 4:03:28 PM: The process 'C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE' (as user ESI\TOMK) attempted to accept a connection as a server on UDP port 6004 from 172.21.1.100. The operation was denied.

 

[rf6647]

Here is a bump.

Here is a lecture.

Insufficient details in your explanation  to give a helpful response.

At some level, your machine is infected or missing a security patch for Outlook. [assumes Cisco Security Agent is YOUR internet security program]

Why are you complaining about Cisco Security Agent? Are you suspecting a fake alert?

User= esi/tomk does not match "documents and settings\tomk\"

172.21.1.100 is in a block of IP addresses registered to blackhole.iana.org

It appears your protection does not scan emails.

Does the message contain some sort of 'greeting card' or other such active attachment?

Without more details, then yes, recommend that you & sister follow Malware Removal Procedure.

MBO seems to refer to internet content classified as "back office" - whatever that means.