Question on virus attached to "UPS Delivery Failure" scam email

Last night while blazing through some unread emails (on my PC w/Vista) I carelessly opened the attachment in the above captioned scam email, which I now know to be pretty pervasive.

 

I believe the attachment had a .zip extension.  A window popped up that looked like an advertisement for anit-virus or spyware.  I quickly realized my mistake and closed the window and completely deleted the email.

 

I immediately ran a full scan of my computer on Internet Security and it detected and removed 1 virus.  The virus was called 'packed.generic.265'.  The removal details showed that there was a zip file (I think the one I opened).  Within that was a file 'ups_invoice_nr10653.exe'.  I don't think I ever opened an .exe file.

 

Internet Security stated that the threat was completely resolved.   

 

I went on Norton chat and was eventually told that they would be happy to check, clean and optimize my PC for the low, low price of $140.00.  Since this virus appears to be associated with ID fraud I am concerned but I don't want to spend those bucks when what I have already purchased (in my humble but possibly ignorant opinion) should in theory take care of it.

 

I have used the computer some since this happened and there are no issues (I haven't shut it down since, though).   Can I be sure that I have completely removed this virus and all it's tentacles or is it possible that NIS could be missing something?  

Hi Jojamapa,

 

Welcome to Norton Community!

 

I believe that Norton took care of the risk, and you are Safe to go. You can double-check this by running a scan from Norton program in Safe Mode. First run LiveUpdate repeatedly from your Norton program until you receive all the updates. Then restart your computer, and boot into Safe Mode. Double-click on Norton icon to start the scan. Let us know the results.

 

Yogesh

Thanks Yogesh. I will try that tonight and post the results!

Hi jojamapa

 

I would also recommend a scan with the free version of Malwarebytes. What year of NIS are you running and which version number? You could also clear all your temp files and cookies and history. It's still possible that NIS missed something. Don't forget to also empty your recycle bin. Once you are clean, you should reset your restore point also.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.

Thanks floplot

 

It is NIS 2009 -- the version number I don't know and I am at work right now.

 

I will do as you suggest.

 

Can you elaborate on "reset your restore point" - I am not clear on what this means.  Thanks

 

 

Hi

 

Your computer makes restore points automatically of a lot of things so that when something goes wrong, you can roll back to an earlier date. It will also include malware in the restore points and antivirus programs can't clean up restore points. So when you have malware on your computer and then clean it up, it's a good idea to remove the old restore points and then create a new restore point. That way if you have to restore your computer to an earlier date, you won't be restoring the malware also.

 

Here is a lnk that shows you how to disable in Vista

http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

 

Here's a link that shows you how to make a new restore point.

 

http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

Here is the log from Malwarebytes.  Will do the restore next.

Malwarebytes' Anti-Malware 1.44
Database version: 3583
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/17/2010 3:15:49 PM
mbam-log-2010-01-17 (15-15-49).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 420194
Time elapsed: 3 hour(s), 0 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Owner\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

Hi jojamapa

 

After you are completely cleaned up, computer wise, I would install sp 2 for Vista. Part of keeping your computer malware free is keeping your programs up to date and that includes Windows also. After you get sp 2, please also get all the windows updates that came out after sp 2. Thanks