Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a fake ebook - not sure if I'm infected


  • Please log in to reply
11 replies to this topic

#1 sav_uk

sav_uk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 04:48 PM

Hi,

I downloaded an ebook from a website which turned out to be fake. I downloaded it as a compressed folder, and then extracted the files, which generated a PDF file, an EPUB file, and a .txt. I tried to open the files but was unable to, and then realised that I must have downloaded a fake.

I ran full scans with avast, malwarebytes, adwcleaner, and hitman pro which didn't detect any infections, but I'm worried that something may be lurking in the background as the website I downloaded the ebook from is apparently only two weeks old.

I'm using Windows 7 Home Edition.

If anybody could help me with this I'd really appreciate it.

Thank you.

Edited by sav_uk, 17 February 2014 - 05:08 PM.


BC AdBot (Login to Remove)

 


m

#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:11 PM

Posted 17 February 2014 - 04:58 PM

If you returned clean scans from all those apps I wouldn't be too worried. Those are all good reputable programs.



#3 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 05:05 PM

Thanks for your reply, I just wanted to make extra sure that nothing is hiding in the background and there may be some programs that I'm unaware of that also provide thorough scans etc.

#4 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 06:15 PM

Does anyone think it's worth running any extra tools to make sure?

Many thanks :-)

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 17 February 2014 - 07:07 PM

Another possibility is that a file could actually be an executable containing malicious code disguised as some other file. This is designed to trick users into opening a file type which can execute malicious code without the victim knowing. This can be done using double file extensions...adding an executable extension (.exe, .pif, .com, .vbs, etc) to the end of a file such as anyfile.jpg.exe so that it appears to be a jpg file. In some cases, you may not see the double extension because file extensions are hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the file with extra spaces before the ".exe" extension such as shown here (click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.

Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 17 February 2014 - 07:08 PM


Anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 07:16 PM

Another possibility is that a file could actually be an executable containing malicious code disguised as some other file. This is designed to trick users into opening a file type which can execute malicious code without the victim knowing. This can be done using double file extensions...adding an executable extension (.exe, .pif, .com, .vbs, etc) to the end of a file such as anyfile.jpg.exe so that it appears to be a jpg file. In some cases, you may not see the double extension because file extensions are hidden by default in Windows. If you have chosen the option to unhide file extensions, you still may be fooled if the malware writer named the file with extra spaces before the ".exe" extension such as shown here (click Figure 1 to enlarge). The real extension is hidden because the column width is too narrow to reveal the complete name and the tiny dots in between are nearly invisible.Usually when a computer is infected with malware there will be indications (signs of infection) something is wrong.


Many thanks for your reply. The file types I tried to open looked to be .epub, .pdf, .txt but is is possible that one of these contained an executable? The scans came back clear, but considering the site I downloaded from is new, I'm worried that any possible infection I may have downloaded could be too new for conventional methods to detect.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 17 February 2014 - 07:31 PM

If you are using Firefox, you can use the VTzilla Add-on to check (analyze) a file for malware at VirusTotal before downloading and saving it to you computer.

You can always check suspicious sites using various URL Link Scanners:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 07:47 PM

Thank you for your advice. Do you think it's safe to say that I have nothing to worry about then? Are there any other tools you could recommend in addition to make sure?

Also, I forgot to add that I deleted the file as soon as I realised it was fake, so I'm unable to upload it to the scanning sites you recommended. I'm worried that it may have left something behind on my system.

Edited by sav_uk, 17 February 2014 - 07:53 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 17 February 2014 - 07:58 PM

If your existing security tools are not finding anything and there are no signs of infection...then I would be in agreement with Netghost56...not be too worried.

If it would help to alleviate your concerns and you can always get a second opinion for your system by performing an Online Virus Scan. ESET is one of the more effective online scanners.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 sav_uk

sav_uk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 17 February 2014 - 08:01 PM

Thank you - I really appreciate your help and advice :-)

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 17 February 2014 - 08:06 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users