Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on a phishing link, then noticed antivirus disabled


  • This topic is locked This topic is locked
5 replies to this topic

#1 crong

crong

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:19 AM

Posted 12 July 2015 - 04:14 PM

Last night I stupidly clicked on two dropbox phishing emails, one is a sharing notification and the other says my password has expired. I do recall possibly signing up for dropbox a looong time ago so I thought it was legitimate. Here's the screenshot of both emails: http://puu.sh/iWMuO/3632544aec.png and http://puu.sh/iWMBC/53d6e42a1b.png

 

The button links to goo.gl[slash]MDTUNb (discovered in hindsight) and the actual page directed to was not dropbox.com but I can't remember the address. After seeing that it was not dropbox.com I closed the page, but shortly after that I noticed my Avast was disabled! It was saying the Avast service was stopped and had a button to "fix it" and "start", which I clicked a few times before Avast service was resumed. All this was right after turning on my computer so I'm not sure if Avast just didn't start properly or somehow the phishing link was able to disable Avast?

 

I did a boot time scan with Avast right away and that found nothing. Then updated and scanned with Malwarebytes which also found nothing. This morning I reported the shortened url to Google safe browsing. And by this point, the person who supposedly shared the folder with me told me he doesn't even use dropbox. I'm not sure if I'm okay to continue using my computer or has it been compromised? I'm using Windows 7 and Firefox 39.0.

 

Thanks so much for any help!


Edited by crong, 12 July 2015 - 04:23 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:19 AM

Posted 12 July 2015 - 04:56 PM

Often just clicking on a link in an email or such as this in DropBox would take you to a malicious website that would either ask you to download something or attempt to

download something without your consent. Usually involving taking advantage of a program such as Flash, Java or OS that is not updated with the latest security updates.

 

If you still have the DropBox password and user account name somewhere then I would think it a good idea to see what happens after attempting to log into it.

At that point you can decide to cancel/ delete the account if you still have access to it or not. If you don't ever intend to use it, why keep it active? How do I delete my account? (Dropbox Help Center)

 

Other than that, I would suggest scanning the computer with another program. Avast is very good but like all security programs they are never 100% accurate....more like

65% to 85% and new malware can exist for days or much longer before being identified.

 

Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by buddy215, 12 July 2015 - 05:00 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 crong

crong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:19 AM

Posted 12 July 2015 - 10:12 PM

Unfortunately I don't have the login information anymore, and I'm still not completely sure if I ever did signup for a dropbox account!

 

The ESET scan found no threats http://puu.sh/iX9gs/f097de3152.png however it did mention that it found another antivirus (Avast) on my computer that may reduce its own performance?

 

Do you have any other recommendations to make sure my computer is not compromised? I'm refraining from logging in to anything at this point!

 

Thank you :)


Edited by crong, 12 July 2015 - 10:14 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,312 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:19 AM

Posted 13 July 2015 - 05:01 AM

You can get an expert opinion and help for removing malware by following the directions below. Once you have posted the new topic

DO NOT bump it....wait for a response which could be several days.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 crong

crong
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:19 AM

Posted 14 July 2015 - 12:17 AM

Thank you so much, I've posted my new topic http://www.bleepingcomputer.com/forums/t/582803/clicked-on-a-phishing-link-then-noticed-antivirus-disabled/



#6 Platypus

Platypus

  • Global Moderator
  • 15,178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:19 AM

Posted 14 July 2015 - 01:36 AM

This topic closed to avoid any confusion. Continued on above link.


Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users