Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Accidently clicked .scr files... Not sure if I'm infected or not


  • This topic is locked This topic is locked
6 replies to this topic

#1 kanade

kanade

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 26 January 2014 - 07:37 AM

As the title suggests, I've accidently clicked two .scr files which I thought it was an image file. However, after clicking those files I'm not noticing any obivous signs of being infected.

In detail:

1) Double clicked two .scr files

2) Literally nothing happens

3) After noticing that the files were not images, researched and found out about the dangers of .scr files I immediately undertook simple clean-ups (please note these were done during normal boot up, I haven't tried on safe-mode) :

           > Microsoft Security Essential: ran quick scan and found nothing. I also scanned those two .scr files individually and it didn't report any malicious items

           > Malwarebytes Anti-Malware: also ran quick scan and it only found advert and one minor item (PUP.Optional.CrossRider.A)

           > Spybot - Search & Destroy: found only minor items (Microsoft Windows Active Desktop and alert.dll by Conduit)

 

I'm sure these are just baby steps I've took as it will probably not find the actual malicious items. That said I would like to make sure that my computer is safe from such viruses after clicking those .scr files.

 

Thank you, help would be appreciated it.


Edited by kanade, 26 January 2014 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:03:24 AM

Posted 26 January 2014 - 09:14 AM

test the offending files on www.virustotal.com

 

if they come up clean they are not a vector.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:24 PM

Posted 26 January 2014 - 09:38 AM

Yes, anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 26 January 2014 - 01:44 PM

Thank you for the replies.

 

Things are not looking great at the moment... I've just found out that some people's accounts (email and steam primarily) has been compromised because of this .scr files. One of the victims were my friend and apparently, he did the exactly the same thing: double clicked the .scr files and nothing happened. However, next day when he checked his computer, teamviewer was opened as well as his browser was opened with his email and steam accounts. More so, his items have been removed from his steam inventory which has been sold to another account.

I'm pretty scared at the moment as I don't when will the perpetrator get hands on my computer/accounts as well. For your information, we received the .scr files (two in zip file) via steam chat. The perpetrator linked the download (uploaded on dropbox.com) and we downloaded the file as we mistakenly thought it was a screenshot.

 

As a result, when I heard about the files in detail I immediately:

- Changed passwords for my main email, steam, paypal and bank account (these are the most important ones I could think of)

- My main browser is Firefox:

        > Deleted saved passwords for all sites

        > Deleted login details for all sites

 

That said, I've just scanned those .scr files by using those three sites and except for one, the rest came out clean.

VirusTotal showed one antivirus detecting the file as malicious as you can see from the screenshot http://imgur.com/zlwhhZR (I would prefer uploading it directly to here though its not letting me)

 

Really, I'm not sure what to do at this point. I'm pretty sure the small steps I took above will do nothing for the perpetrator to get access to my computer/important accounts.

I would really appreciate it if I could get full support for this case as I would like to get rid of this unknown malware as soon as possible before it's too late.

 

On the side note, I've found this thread http://www.bleepingcomputer.com/forums/t/511167/scr-virus/ which seems to apply for me as well so I followed all of the steps mentioned in that thread. I have the log files ready so please let me know if you want me to post the details in the next reply.

Also for ESET Online Scanner, I was around 75% finished scanning until the browser crashed and it stopped the scanning. Luckily, it already scanned C drive as I seriously doubt I have infected files stored in my other drivers which I use it mainly for storage (more so, I will almost always find malicious files on C drive). It was able to to find 18 infected items with 16 of them "cleaned". Unfortunately, it didn't give me a opportunity check the boxes and click finish. I've made a screenshot of if you want to see it in detail (http://imgur.com/NyVgKFE).


Edited by kanade, 26 January 2014 - 02:04 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:24 PM

Posted 26 January 2014 - 03:37 PM


Since you say this computer is used for banking and financial matters, rather than provide instructions to just run scans, I recommend a more thorough investigation which requires a deeper look at your system. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 kanade

kanade
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 26 January 2014 - 11:34 PM

I have successfully created a new topic: http://www.bleepingcomputer.com/forums/t/522257/possible-infection-from-scr-files-not-sure-if-im-infected-or-not/

 

Thank you for the help.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:24 PM

Posted 27 January 2014 - 09:21 AM

You're welcome.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users