Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Emotet Returns with Thanksgiving Theme and Better Phishing Tricks

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

So I unzipped and ran a dangerous execution file...

Started by Meew , Apr 09 2017 02:32 AM

  • Please log in to reply
No replies to this topic

#1 Meew

Meew

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 09 April 2017 - 02:32 AM

I am a tad tech savvy, I'm just worried that this problem isn't fully fixed as it is a very serious issue and poor play on my part.

Not knowing that this scam was going on, and to my shock of my order being real, I received an email.
It was from Fedex stating that I had my order number listed below, however there was a zipfile attached to the email. Let me be clear, in no way was I told to click and download the zip, this is my fault.
This random zipfile attached to the email also sprang some curiosity about what might be inside, I mean, it's just an unpacked zip file.

After playing chicken for five minutes I opened it with WinRar, and extracted the file into a folder which I then named Fedex. I noticed it was js file (javascript) and stupidly decided to run it.

Within 5 seconds my AVG internet security AV 'live detected' an infection as a 'generic virus' and removed and/or deleted the threat from the machine, (as listed in the link below). Upon further speculation it was indeed more than that. It seemed to be a piece of executable script that could hail ransom-ware at will. However, this was just speculation as I saw a file in my netcache with a png format at the end. This could very well be the ransom-ware popup ad that tells you you have 72 hours to pay the hijackers! In panic I re-ran an AVG scan, I ran a Malwarebytes scan, Ccleaner, and even ran an ADWcleaner scan in desperation. It seemed that the AVG live protection had saved me almost instantaneously after running the dangerous program myself. I then rebooted in safemode and did the same in respect to AVG and Malwayrebytes. I am, as of now, very paranoid. This is a very dangerous thing I've run into, I'm afraid to login to my Facebook, let alone any social media in fear of some of this horrible stuff still on my machine. 
If anyone knows how to make sure it's gone, gone like the wind, without wiping my drive it would be appreciated. 

I will link the executable file and all of its minions below, in picture format of course.

http://i.imgur.com/e2LDNfg.png

Some of these processes are fake, like ipconfig.exe and conhost.exe.
However, I have never heard of Uniepypo exe before.


BC AdBot (Login to Remove)

 

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·