Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.SCR file mishap - Need help/advice.


  • Please log in to reply
7 replies to this topic

#1 Chiki

Chiki

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2015 - 10:17 PM

I was watching a stream yesterday and I clicked on a link in chat accidentally trying to tab back into my main monitor. It took me to a site which automatically downloaded a "picture" that was a .scr file. I disposed of the file and ran virus checks to see if I got infected - no threats detected.

 

I didn't run it, and I've read that to get infected you need to run it. Am I safe or do I need to reformat PC?


Edited by Chiki, 11 April 2015 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 11 April 2015 - 10:23 PM

Hi Chiki :)

If you didn't run the .scr file, you're safe, no need to worry. Is it possible for you to check in your history to find that website you were redirected to and send me the URL via PM? I'll download the file in a VM and see what it is. Uploading it on VirusTotal should allow it to be distributed to the Antivirus vendors.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Chiki

Chiki
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2015 - 10:25 PM

Hi Chiki :)

If you didn't run the .scr file, you're safe, no need to worry. Is it possible for you to check in your history to find that website you were redirected to and send me the URL via PM? I'll download the file in a VM and see what it is. Uploading it on VirusTotal should allow it to be distributed to the Antivirus vendors.

Sure let me get that for you.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 11 April 2015 - 10:25 PM

Thank you :)

Edit: It seems like only Kaspersky was aware of the website and the .src file. Uploaded both the URL and file on VirusTotal, and reported it on Malwarebytes.

https://forums.malwarebytes.org/index.php?/topic/167343-malicious-src-file/

Edited by Aura., 11 April 2015 - 10:49 PM.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Chiki

Chiki
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2015 - 10:52 PM

Hopefully some other people got some help today as well as I know thousands of other people would have fallen victim to it by not knowing what they were clicking on.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 11 April 2015 - 10:54 PM

I read somewhere that there was a new campaign distributing malicious .src files as "screenshots", so maybe this link is part of that campaign.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Chiki

Chiki
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 11 April 2015 - 10:57 PM

Yep, you are 100% correct. This is what people are getting tricked with - and what I happened to click on in the most unfortunate way possible LOL.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:06 AM

Posted 11 April 2015 - 11:15 PM

Also, the .src automatically downloaded when opening the website. Clicking on the "picture" there triggered a second download.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users