Author Topic: FedEx Email (Read 8405 times)

dbrisendine · « **Reply #15 on:** July 06, 2015, 07:27:26 PM »

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Update for Zip Opener

Zip Opener Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

Download the attached Fixlist.txt file and save it to ~~your desktop~~ the same location as FRST64.exe is located.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Along with the log file, tell me how your system is running now.

REDACTED · « **Reply #16 on:** July 06, 2015, 08:04:48 PM »

I am not able to run the FRST64.exe. I receive an error message: "A required privilege is not held by the client."

I am running from SafeZone and "Run as Administrator", but still no luck. I tried moving the file outside of SafeZone, but I cannot see it when I do so.

dbrisendine · « **Reply #17 on:** July 06, 2015, 08:09:29 PM »

How did you run the scan?

Edit: What I mean is that the scans were run by an Administrator (meaning the user was acting as administrator) just fine so you should be able to do the same thing (for example, just double click to run FRST64.exe).

REDACTED · « **Reply #18 on:** July 06, 2015, 08:10:42 PM »

Originally?
I saved the .exe files to my desktop and ran them from there.

dbrisendine · « **Reply #19 on:** July 06, 2015, 08:24:44 PM »

Most likely what is happening is that you have a shortcut on your desktop that points to the true file (which the log shows as located here = Running from C:\avast! sandbox\S-1-5-21-213686681-1849411641-3850617695-1000\sfzone\C\Users\Jeff\Downloads).

If you have to, download the Fixlist.txt file and a copy of FRST64.exe to a USB drive (you can do this on a different computer if you have to). Plug the drive into your infected system and either move the files onto the desktop or just run them from the USB drive. The desktop will be faster but either one will work.

REDACTED · « **Reply #20 on:** July 06, 2015, 08:27:53 PM »

I did get it to start running off my desktop, but it appears to have hung up. The green slider bar hasn't moved in 10 minutes.

REDACTED · « **Reply #21 on:** July 06, 2015, 08:30:40 PM »

still hung up, but I do have a fixlog.txt file (see attached).

dbrisendine · « **Reply #22 on:** July 06, 2015, 08:31:36 PM »

What step is it at? It should say some message in the status line (upper left hand corner of FRST). This may take a bit to clear the temp files from the system.

REDACTED · « **Reply #23 on:** July 06, 2015, 08:32:27 PM »

deleting temporary files....

dbrisendine · « **Reply #24 on:** July 06, 2015, 08:35:13 PM »

Sorry; posting at the same time. The fixlog shows that the utility is running the EmtyTemp routine; this can take a bit if there is a large amount of files to remove. The rest of the Fixlist seems to have functioned well also, so give the system some time to finish this last step.
Repost the log file when it is finished please.

REDACTED · « **Reply #25 on:** July 06, 2015, 08:35:52 PM »

REDACTED · « **Reply #26 on:** July 06, 2015, 08:48:06 PM »

it's been over 30 minutes now....the green progress bar hasn't moved at all.

dbrisendine · « **Reply #27 on:** July 06, 2015, 08:49:35 PM »

Give it another 15 and then reboot the system.

REDACTED · « **Reply #28 on:** July 06, 2015, 09:10:37 PM »

OK....I had to reboot, but I think everything is working. I'm now able to use Chrome and Adobe Reader.

file attached.

Now can you tell me what bug(s) I had? Are they fixed? What harm was done? Should I be concerned about anything?

thanks,
Jeff

Pondus · « **Reply #29 on:** July 06, 2015, 09:30:25 PM »

Quote

Now can you tell me what bug(s) I had?

These Fake mails usually contain a upatre infected attachment. Upatre is a downloader and will try to download additional malware

Upatre info:
www.symantec.com/security_response/writeup.jsp?docid=2013-112017-1113-99&tabid=2

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Upatre.A#tab=2

Author Topic: FedEx Email (Read 8405 times)

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

REDACTED

Re: FedEx Email

dbrisendine

Re: FedEx Email

REDACTED

Re: FedEx Email

Pondus

Re: FedEx Email