Humpty Posted July 22, 2008 Share Posted July 22, 2008 Just got an email from a "United Parcel Service" Unfortunately we were not able to deliver postal package you sent on July the 1st in timebecause the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office Your UPS The attached word document is actually an exe in disguise and will unload malware if executed. Virus Total Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted July 22, 2008 Moderators Share Posted July 22, 2008 Looks like it's the same one as here Humpty. http://forum.piriform.com/index.php?showtopic=16761 Unfortunately someone will believe it and open the document. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Humpty Posted July 22, 2008 Author Share Posted July 22, 2008 Sorry Hazel, missed your posting.Maybe you could merge the two. I tried to send the zipped malware package to Oleg, the developer of AVZ anti rootkit tool for addition to it's data base but had a run in with my isp email service provider. Below is a transcript of our little run in. My isp: The following viruses were detected in the message (MID 132528672): 'Troj/Agent-HFZ', 'Troj/Invo-Zip' Actions taken: Message archived Message dropped My reply: I know it's malware that I was sending to an anti malware developer for analsyis. Funny thing is I got the malware as an email attachment through my Iprimus account! LOL. Come to think about it, why can it come through to me no probs but I can't send it for expert analysis both going via my isp's email service???? Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted July 22, 2008 Moderators Share Posted July 22, 2008 Excellent reply to your ISP Humpty, bet they didn't know what to say!! Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators Andavari Posted July 22, 2008 Moderators Share Posted July 22, 2008 That's why people should configure their systems to display the file extensions. It's far too easy to put any icon into a program. Link to comment Share on other sites More sharing options...
YoKenny Posted July 22, 2008 Share Posted July 22, 2008 Excellent reply to your ISP Humpty, bet they didn't know what to say!! If it was Rogers they would say FORMAT the hard drive and re-install the operating system. "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
davey Posted July 23, 2008 Share Posted July 23, 2008 That's why people should configure their systems to display the file extensions. It's far too easy to put any icon into a program. Thanks Andavari. I always have because it only makes sense to me.This is a "CRITICAL" reason. I am glad you pointed it out. There are so many "esthetic" options that make me want to puke!!! How esthetic is that ? davey P.S. Thank you all. I think I might have fallen for that except I don't use UPS. Still is tricky though. Link to comment Share on other sites More sharing options...
AMG Posted July 23, 2008 Share Posted July 23, 2008 Hi, I got this email today and unfortunetly we use UPS so much I opened it. When I clicked on the zip file nothing happened and my Norton alerted me that something was trying to change a registry & I blocked it. Does this mean I am not infected or do I need to call the Geek squad? Any help is appreciated. AMG Just got an email from a "United Parcel Service" The attached word document is actually an exe in disguise and will unload malware if executed. Virus Total Link to comment Share on other sites More sharing options...
Humpty Posted July 23, 2008 Author Share Posted July 23, 2008 I think you would have to execute the file within the zip to get infected and seeing as Norton stopped the zip from opening I would say you should be safe. If you notice anything odd such as unexpected network activity then it would be advisable to post a Hijackthis log. Any suspect attachments or files can be uploaded to Virus Total for a scan with several different av engines. Link to comment Share on other sites More sharing options...
AMG Posted July 25, 2008 Share Posted July 25, 2008 I think you would have to execute the file within the zip to get infected and seeing as Norton stopped the zip from opening I would say you should be safe. If you notice anything odd such as unexpected network activity then it would be advisable to post a Hijackthis log. Any suspect attachments or files can be uploaded to Virus Total for a scan with several different av engines. I did. I ran Mcafee and it caught 4 trojans, repaired 1, removed 1 and then I deleted one. The last one was listed but it gave me no option to repair, remove so I am not sure what my status is at the moment. It froze my Internet Explorerer and Windows Media palyer but both came back after I ran the scan. Any suggestions would be appreciated. Link to comment Share on other sites More sharing options...
Humpty Posted July 26, 2008 Author Share Posted July 26, 2008 You could try a scan with Dr Web Cureit which is a free standalone AV scanner. Then run a scan with SuperAntispyware and if any probs are still around then probably post a Hijackthis log in the appropriate forum. Which av are you using atm, Norton's or Mcafee? Link to comment Share on other sites More sharing options...
Seanie Posted March 31, 2011 Share Posted March 31, 2011 Hi all, I just came across an email also, supposedly from UPS and the message read as follows...Dear customer. The parcel was sent your home address. And it will arrive within 3 business day. More information and the tracking number are attached in document below. Thank you. ? 1994-2011 United Parcel Service of America, Inc. My God it isn't even in proper English!! (Grammar wise) There is an attachment with it (A UPS.Zip Download)Naturally I haven't opened it and I'm so glad that I read these posts first. I take it that so long as I haven't opened/downloaded the zip file, I'm ok yeah? Regards to all Link to comment Share on other sites More sharing options...
Moderators Andavari Posted March 31, 2011 Moderators Share Posted March 31, 2011 I take it that so long as I haven't opened/downloaded the zip file, I'm ok yeah? Holy old topic revival Batman! If you haven't downloaded or opened the attachment you're fine, just delete the email and possibly block the sender. Link to comment Share on other sites More sharing options...
Corona Posted March 31, 2011 Share Posted March 31, 2011 I don't believe UPS would send an attachment anyway, they'd post all the info in the actual email. Matter of fact I don't believe UPS would email anyone except their biggest clients. Link to comment Share on other sites More sharing options...
slowday444 Posted March 31, 2011 Share Posted March 31, 2011 Another reason to use Sandboxie (or similar). If you are using web mail I'm sure Sb is already at work. If you use a POP3 client like Outlook, OE or Thunderbird, be sure to enable Sb to always run them sandboxed! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now