Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Possible infection through a job ad - advice welcome

25 Jan 2012   #1
scamander

Windows 7 Home Premium 64 bit
 
 
Possible infection through a job ad - advice welcome

Hi all,

Firstly - I don't quite believe I've just done what I have so a dunce cap is being placed upon my head as I type.

I got back from a run last night to see a reply to a job I'd applied for on gumtree. Really I should have sussed something but a combination of fatigue, dunce-ness and desperation meant the email which asked me to download an application form via winzip was obliged.

What was unzipped wasn't even a MSWord document or icon, but a programme icon. The extraction process never seemed to happen as the pop-up with the % bar never started up (just appeared for a bit and then disappeared).

Anyway - sense soon returned and alongside it a howling panic. I googled the scam and it's a common one. I also re-started in safe mode and ran Malware Malbytes full scan and the same with Avast. Avast only picked up "Java:Agent-AIB[Expl]".

Now - two questions. Firstly do you think the virus downloaded properly? The pop-up icon never indicated a full unzip. Secondly, if so could this be it? I'm paranoid that it's on my PC and undetectable.

Advice and help welcome as ever.


My System SpecsSystem Spec
.
25 Jan 2012   #2
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

Is the download still on your PC? If so, I recommend uploading here for an online scan if the file is smaller than 20MB in size:

Jotti's malware scan

If not, then please run an online scan using ESET ONLINE SCANNER and post back the results:

ESET Online Scanner

Regards,
Golden
My System SpecsSystem Spec
25 Jan 2012   #3
Tews

64-bit Windows 8.1 Pro
 
 

Do a system restore to a point before you opened the attachment...
My System SpecsSystem Spec
.

25 Jan 2012   #4
scamander

Windows 7 Home Premium 64 bit
 
 

Golden,

thanks for that - I'm running the scan at the moment. I also have the email - it contains hyperlinks through which you download a winzip file.

Being an amateur I'm unsure how I can upload this to you? Should I download, save (but not extract) and email it? Or how esle can I upload it to you?

thanks again
My System SpecsSystem Spec
25 Jan 2012   #5
scamander

Windows 7 Home Premium 64 bit
 
 

kills that last order - ran it through Jotti and it reported varying trojan 'bankers'......unfortunately I think I opened it and uploaded it again (a dunce cap for a dunce cap?) something has been picked up on the scan you advised so I'm hoping it's this.
My System SpecsSystem Spec
25 Jan 2012   #6
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

OK. Complete the ESET scan, and then post the exact name of the threats it identifies here. Depending on what they are, you may need to do a System Restore as Tews suggested, or in the worse case a format and reinstallation of your system - it all depends on the severity of the malware.

We can help you through the restore or install if neccessary - this forum has many experts more than capable of getting you back up and running in a short time.

Regards,
Golden
My System SpecsSystem Spec
25 Jan 2012   #7
marsmimar

Microsoft Community Contributor Award Recipient

 
 

Throwing my 2 cents in (or is it 2 pence?) there's another free product from Comodo called Cleaning Essentials that's getting some pretty good reviews as a malware detecting/removing program. I run full Malwarebytes scans regularly and always get clean results. First time I ran CCE it detected 5 suspicious files not flagged by any other scanner I use. Might be worth a try. Latest version is 2.3 just in case an earlier version is downloaded.

Comodo Cleaning Essentials
My System SpecsSystem Spec
25 Jan 2012   #8
scamander

Windows 7 Home Premium 64 bit
 
 

cheers Golden - I didn't note the name, as I remember it was something along the lines of win32/installCore and win32/registrybooster. It said they were variations of.

Going to run it again, also will run the Comodo (cheers Marsimar). Assuming that nothing comes up on either (and that the safemode Avast and Malwarebytes scans were clean). I should be ok?
My System SpecsSystem Spec
25 Jan 2012   #9
scamander

Windows 7 Home Premium 64 bit
 
 

just ran the comodo cleaning essentials and nothing came up. Just got the second ESET scan to do later.

thanks again.
My System SpecsSystem Spec
25 Jan 2012   #10
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi,

According to Wilders, InstallCore appears to be relatively innocous. RegistryBooster seems to be a PUA (potentially unwanted application)....think spam. I would still run the ESET scan to completion, and to be extra vigilent, I will ask our trained MVP malware fighters Corinne or Jacee to look at this thread.

Regards,
Golden

EDIT : I have asked Jacee or Corinne to look at this for you when they can.
My System SpecsSystem Spec
Reply

 Possible infection through a job ad - advice welcome




Thread Tools




Similar help and support threads
Thread Forum
Possible malware infection
Hey, I have been having problems with BSODs, and have been redirected to here from the BSOD subforum. http://www.sevenforums.com/bsod-help-support/281276-recent-bsods-happening-random.html I have no idea what I should post or say here furthermore, but I do need help as it is a very big...
System Security
First time infection for me - need advice
Tonight Avira detected "TR/Obfuscate.XZ.7546" in the file 'C:\Windows\Installer\AMDEx2.msi'. I have no idea how it got there. Apparently Avira wasn't able to remove it as it kept popping up again. I install Malwarebytes Free edition, scanned and it found the same file infected and proceeded to...
System Security
Viral Infection
Hey guys.. I think my computer might be infected with a horrific virus caused by downloading a fake Flash update. I believe it's called the "Koob Virus"? It was done via Facebook.. :cry: I have Geek Squad support, but I was wondering if there might be a way for me to fix this myself. If not,...
BSOD Help and Support
Getting rid of the Sun infection
Anyone know the percentage of malware that uses java or flash to exploit the system? I decided to boycott it completely and my computers have had no crashes since, even running xp without an antivirus.
System Security
Possible infection?
For some reason when I go to ebay my cursor goes crazy. When I search begin to type anything in the search area it starts typing backwards. After I do this My cursor moves so fast, I can not select anything from drop down boxes etc because it continues to scroll. I think I have an infection. ...
System Security
How often does you AV save you from an infection?
Just to satisfy my curiosity. :geek: How often does your antivirus programs stop an infection from happening? I'm not talking about things like play.exe renamed to mp3 files. My mom gets those all the time and they do nothing. A real infection. Also, what where you doing that caused it? Thanks
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:45.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App