Printable View
There is an email moving around claiming to be from UPS which is not. It claims a package delivery failure and requires the recipient to browse up the attached waybill that is the actual viral payload.
Does someone here have any exact explanation of this email's current structure? I got one people who stated the subject was "UPS Tracking Number ....." - If anybody has any more explanantion regarding the email then I would appreciate it.
I had to interact with the UPS about the delivery of a package. The customer service agent was confirmed to allow me to be aware on the alert for any UPS emails received which has the attachements. Apparently, there is an UPS email circulating which displays to contain a shipping exception but requires you to browse up an attachment to find out what the exception is. The attachment, when browse up and contains a virus..
Make a right click onto the my computer and choose the properties, click on the system restore tab and turn this off,otherwise you are saving your virus!
1: Delete the email from the sent items field ,inbox and outbox section and then remove the other components within the Outlook.
2:Remove every file (not directory) from the location "C:/Documents and settings/yourusername/localsettings/temp... directory (I would recommend to working with spybots file shredder with a 5 pass overwrite)
3:Restart and rerun some of the cleanup scans with your antispy/malware and then with your antivirus and you should be fine to move.
I had a client who got the same with the same attachment today, within 10 minutes it started downloading and installation of more than one sections of spyware, one of them being a fake windows security center warning.
The spyware infects the startup components attached with that , AppInit_dlls (registry), userinit= (registry), and associated the winlogon value (known as 'crypt.dll' in my instance). I can remove out the winlogon file with the tool 'moveonboot', google the same or search for the same on downloading sites, seems to work pretty fine .
The virus is the malware trojan braviax.exe that over the removal reappears as buritos.exe. And this can be cleaned from the registry files Cm2 consulting contains a fine suggestion CM2 Consulting however I am not sure when removing the registry entries, Norton would not catch up the trojan just removed this as PERFCOO , I then got the AVG that would not go for the installation onto the system so used SDFix and combofix from the antispyware site.