Trojan Threat?

Joined
May 25, 2014
Messages
95
Reaction score
12
I inadvertently opened an e-mail from a known company called Simply Carpets - the e-mail address seemed to be correct.

The email was headed "Invoice from simply carpets of Keynsham Ltd" with an attached MS word file. Since I have had dealings with them before I opened it and the attached file. The file was gibberish.

The company knew nothing about it, and there were no outstanding invoices on my account. Nothing was picked up on my security software (Norton 360) but I am concerned that I have been the victim of a trojan attack that Norton knows nothing about.

Please advise.
 
Last edited:
Hi Molyfar, I've had a lot of these same e-mails recently. I have just scanned one of the word docs that came though from a "Les Mills" e-mail (without opening it) and Kaspersky didn't detect anything either.

I think you're right to be cautious. After doing a bit more reading on the word doc I had attached, I did some searching and found this:

http://sanesecurity.blogspot.co.uk/2015/01/les-mills-invoice-goodsservices.html

Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

It looks like some virus databases are starting to detect the threat now, so what I would do is download the attachment to a temporary folder (don't open it again though!) and then upload it to this service:

https://www.virustotal.com/en/

That will run a scan against a lot more databases and should provide you with some detail on where to go next. For now, I'd avoid using online banking and other secure services until you have a little more info.
 
rule #1 with email attachments ... do not open ANY ... no matter who they 'seem' to be from.

NO exceptions!


AV programs are NOT your first line of defence, you are, don't be complacent. :)
 
Hi Molyfar, I've had a lot of these same e-mails recently. I have just scanned one of the word docs that came though from a "Les Mills" e-mail (without opening it) and Kaspersky didn't detect anything either.

I think you're right to be cautious. After doing a bit more reading on the word doc I had attached, I did some searching and found this:

http://sanesecurity.blogspot.co.uk/2015/01/les-mills-invoice-goodsservices.html



It looks like some virus databases are starting to detect the threat now, so what I would do is download the attachment to a temporary folder (don't open it again though!) and then upload it to this service:

https://www.virustotal.com/en/

That will run a scan against a lot more databases and should provide you with some detail on where to go next. For now, I'd avoid using online banking and other secure services until you have a little more info.

The moment I did that, Norton detected it and removed it - W97M.Downloader - yet it did not stop me from opening it???
 
Do you know which of those versions you opened the document with? If Word was opened in protected mode, which it would do by default then you're probably be fine - as long as you didn't manually enable editing mode.

Norton updated their malware DB for this entry only yesterday (http://www.symantec.com/security_response/writeup.jsp?docid=2014-110100-2117-99&tabid=3), so I'd update your AV definitions again and re-run a full scan, just in case your full scan from earlier today was using an older set.
 
Simply it is the case of infecting host machine with malware via email.

Firstly update your Norton antivirus, see if it works or not. If it doesn’t work, go for the utility suggested by investigators i.e. Malwarebytes

https://www.malwarebytes.org/

See if it eliminate or detect the Trojan. If it also doesn’t work, then there is always an option of restoring machine to a previous restoration point
 
Back
Top