Trojan Threat?

Molyfar

Molyfar

Joined
May 25, 2014
Messages
95
Reaction score
12
I inadvertently opened an e-mail from a known company called Simply Carpets - the e-mail address seemed to be correct.

The email was headed "Invoice from simply carpets of Keynsham Ltd" with an attached MS word file. Since I have had dealings with them before I opened it and the attached file. The file was gibberish.

The company knew nothing about it, and there were no outstanding invoices on my account. Nothing was picked up on my security software (Norton 360) but I am concerned that I have been the victim of a trojan attack that Norton knows nothing about.

Please advise.
 
Last edited:
Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
Hi Molyfar, I've had a lot of these same e-mails recently. I have just scanned one of the word docs that came though from a "Les Mills" e-mail (without opening it) and Kaspersky didn't detect anything either.

I think you're right to be cautious. After doing a bit more reading on the word doc I had attached, I did some searching and found this:

http://sanesecurity.blogspot.co.uk/2015/01/les-mills-invoice-goodsservices.html

Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))
Click to expand...

It looks like some virus databases are starting to detect the threat now, so what I would do is download the attachment to a temporary folder (don't open it again though!) and then upload it to this service:

https://www.virustotal.com/en/

That will run a scan against a lot more databases and should provide you with some detail on where to go next. For now, I'd avoid using online banking and other secure services until you have a little more info.
 
muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,739
Reaction score
1,204
rule #1 with email attachments ... do not open ANY ... no matter who they 'seem' to be from.

NO exceptions!


AV programs are NOT your first line of defence, you are, don't be complacent. :)
 
Molyfar

Molyfar

Joined
May 25, 2014
Messages
95
Reaction score
12
Ian said:
Hi Molyfar, I've had a lot of these same e-mails recently. I have just scanned one of the word docs that came though from a "Les Mills" e-mail (without opening it) and Kaspersky didn't detect anything either.

I think you're right to be cautious. After doing a bit more reading on the word doc I had attached, I did some searching and found this:

http://sanesecurity.blogspot.co.uk/2015/01/les-mills-invoice-goodsservices.html



It looks like some virus databases are starting to detect the threat now, so what I would do is download the attachment to a temporary folder (don't open it again though!) and then upload it to this service:

https://www.virustotal.com/en/

That will run a scan against a lot more databases and should provide you with some detail on where to go next. For now, I'd avoid using online banking and other secure services until you have a little more info.
Click to expand...

The moment I did that, Norton detected it and removed it - W97M.Downloader - yet it did not stop me from opening it???
 
Ian

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,873
Reaction score
1,499
Do you know which of those versions you opened the document with? If Word was opened in protected mode, which it would do by default then you're probably be fine - as long as you didn't manually enable editing mode.

Norton updated their malware DB for this entry only yesterday (http://www.symantec.com/security_response/writeup.jsp?docid=2014-110100-2117-99&tabid=3), so I'd update your AV definitions again and re-run a full scan, just in case your full scan from earlier today was using an older set.
 
Dimri

Dimri

Joined
Feb 26, 2015
Messages
4
Reaction score
0
Simply it is the case of infecting host machine with malware via email.

Firstly update your Norton antivirus, see if it works or not. If it doesn’t work, go for the utility suggested by investigators i.e. Malwarebytes

https://www.malwarebytes.org/

See if it eliminate or detect the Trojan. If it also doesn’t work, then there is always an option of restoring machine to a previous restoration point
 
A

Anon_F

Joined
Jan 14, 2006
Messages
12,268
Reaction score
283
I keep a pair of Purdey's next to me & use that on nasties and it works well!
 
Encryptomatic

Encryptomatic

Joined
Mar 6, 2015
Messages
5
Reaction score
1
Upload the Excel file to virustotal.com and have them scan. Get the opinion of 70 Antivirus companies in about a minute.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Getting rid of a Trojan Virus 3
Outlook 2000: got an e-mail that plays embedded sound clip 8
Trojan Horse Peacomm ... morphing into a bugger 4
Poisoned PowerPoint attacks users 3
Trojan? Or a false alarm? 12
Fake version of Google hides Trojan horse 2
outlook send error 5
Norton (NAV 2002) does not detect hotfix.exe as a threat even afterupdate 1

Top