Author Topic: FedEx Email (Read 8404 times)

REDACTED · « **on:** July 06, 2015, 03:22:02 PM »

Like an idiot, I opened an email and tried to open the attached .zip file that looked as though it came from FedEx. Only because that very day I sent a FedEx out to a client was the reason I opened it!

Nevertheless, here's my issue: I had the Free version of Avast which didn't catch the bug. Now I cannot open Chrome, Internet Explorer or Adobe Acrobat (PDF) files. I scanned once - but didn't stick around to watch it. When I returned, the system had rebooted. Whatever happened did not work.

Now I have purchased Avast Premium and scanning again. It's been running for 2 hours.

Does anyone know how to detect and remove this bug?

thanks!

Pondus · « **Reply #1 on:** July 06, 2015, 03:33:44 PM »

Do you still have the attacment?
Dont run it, but upload the file inside the zip here www.virustotal.com or here www.metascan-online.com
You may post link to scan result here

Send file to avast here https://support.avast.com > avast virus lab

Pondus · « **Reply #2 on:** July 06, 2015, 03:36:45 PM »

For removal help, follow instructions here https://forum.avast.com/index.php?topic=53253.0
Attach malwarebytes and farbar recovery scan tool logs

When done a malware expert will assist you

REDACTED · « **Reply #3 on:** July 06, 2015, 03:44:38 PM »

yes, I did try to open the zip file.
I'm running my Avast virus scan now. Should I stop it and follow your malware removal link?

Pondus · « **Reply #4 on:** July 06, 2015, 03:59:09 PM »

Quote

Should I stop it and follow your malware removal link?

Yes ...

dbrisendine · « **Reply #5 on:** July 06, 2015, 04:01:35 PM »

Monitoring. Will review the logs when posted.

REDACTED · « **Reply #6 on:** July 06, 2015, 04:06:03 PM »

tried twice to download and execute. I get the following error:

ShellExecuteEx failed; code 1314
A required priviledge is not held by the client.

REDACTED · « **Reply #7 on:** July 06, 2015, 04:07:43 PM »

I don't know if it matters, but the only way I can open a browser window on the infected pc is through Avast SaveZone.

dbrisendine · « **Reply #8 on:** July 06, 2015, 04:08:48 PM »

Which download? FRST, aswMBR or Malwarebytes?

Are the downloads via SafeZone?

REDACTED · « **Reply #9 on:** July 06, 2015, 04:09:54 PM »

the link I believe was Marwarebytes.
yes, all downloads are occuring in SafeZone. I don't know what else to do.

REDACTED · « **Reply #10 on:** July 06, 2015, 04:20:28 PM »

OK...I found the executable file for MalwareBytes and running it outside of SafeZone.

REDACTED · « **Reply #11 on:** July 06, 2015, 05:24:41 PM »

here is the Malware log file.
running the farbar scan now.

FYI - still can't open Chrome or IE.

REDACTED · « **Reply #12 on:** July 06, 2015, 05:26:21 PM »

here's the FRST scan file.

REDACTED · « **Reply #13 on:** July 06, 2015, 05:30:43 PM »

Anyone? Now what?

REDACTED · « **Reply #14 on:** July 06, 2015, 05:48:37 PM »

last file.

Author Topic: FedEx Email (Read 8404 times)

REDACTED

FedEx Email

Pondus

Re: FedEx Email

Pondus

Re: FedEx Email

REDACTED

Re: FedEx Email

Pondus

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email