Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Postal Service "Package Waiting" Scam.... Trojan Dropper Virus.

05 Jun 2013   #1
legacy7955

win 7 home premium 64 bit
 
 
Postal Service "Package Waiting" Scam.... Trojan Dropper Virus.

My Dad told me that he click on an e mail that was supposedly from the USPS and indicated that he had a package waiting for him that was delayed due to an address confirmation issue. The e mail indicated that he download a address label bring it to the USPS for confirmation. Well luckily my Dad realized at the last minute that the e mail was a scam.....he did NOT click to download the label. My question is could his PC still get infected even though he did NOT click on the download, he simply deleted it.

He informed me that he did a full scan twice with a currently updated MSE scan and said it found nothing...

What are your opinions on this?

I would think you must open the download in order to be infected.

Also when I go over to his house what things should I look for in task manager or other areas to check for evidence of the virus?


My System SpecsSystem Spec
.
06 Jun 2013   #2
legacy7955

win 7 home premium 64 bit
 
 

Although I couldn't get to my Dad's home yet, he indicated that MSE detected and removed
Trojan Dropper Win32 Kuluoz.A.

He informed me that after his suspicions he did a full scan with MSE and also I told him to scan with the MRT tool for May 2013, after those two scans no evidence was found of the trojan...

He now says that he did click on the download button and it did download the zipped file, however he says that after it downloaded he did NOT open the zipped file and deleted it.

He is using Google Chrome as well.

He also stated that he didn't see any evidence of the fake address label that would have appeared if he had in fact opened the zip.

Can MSE detect this trojan if the zip is UNopened?

Thanks for any help you can give me. I'm trying to help him from a distance because I can't get to his home at the moment...
My System SpecsSystem Spec
06 Jun 2013   #3
cottonball

Windows 7 Home Premium
 
 

legacy7955,

Please have him use the following program to identify processes or Registry keys that may have been created by Trojan Dropper Win32 Kuluoz.A:


Download RogueKiller (Official website)
Select the x86 (32-bit) version or the x64 (64-bit) version for your 64-bit system.
Click the applicable button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.


Follow with Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown, or permit them to allow the changes:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the MBAM file, and select: Run as Administrator
When the installation begins, follow the prompts.

At the last prompt of the Setup routine, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

However, uncheck: Enable free trial of Malwarebytes Anti-Malware PRO
Click: Finish

MBAM automatically starts and you are asked to update the program.
If an update is found, the program automatically updates itself.
Press the OK button to close the box and continue.

On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.

Make sure everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

Once the reports are provided we can determine if any additional actions are necessary.
My System SpecsSystem Spec
.

10 Jun 2013   #4
legacy7955

win 7 home premium 64 bit
 
 

@cottonball:


I'm sorry I didn't get back to you sooner.

My Dad said he was too worried about the possibility of the malware not being completely eliminated unless I did a complete wipe of the HDD and fresh install of Windows 7 SP1. He doesn't have anything on there of any importance and he felt it was a certainly that with the wipe and new install that he was completely secured with MSE installed and Malwarebytes scanner as well.

He asked me to ask you as an expert are you 100% certain that this wipe and new install has eliminated the possibility of any malware remnant remaining?
My System SpecsSystem Spec
10 Jun 2013   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

If he did a 'wipe' and 'clean' install then the virus should be gone! When he checks his e-mail, if the message is still in it (Yahoo, or GMail) .... delete it and empty the trash.

He should also change his passwords as an extra precaution.
My System SpecsSystem Spec
10 Jun 2013   #6
legacy7955

win 7 home premium 64 bit
 
 

Jacee:

Thanks for your rapid reply.

I was the one that did a destructive wipe of the HDD and re-installed Windows 7 SP1.

Installed MSE v4 and the free version of MBAM scanner only.

I definitely told him to NEVER open spam mail, and if he thinks UPS or USPS has something for him that is incorrectly addressed he should CALL them and inquire.

Luckily he has nothing important on the PC so it was a pretty easy decision to wipe and re install the OS.
My System SpecsSystem Spec
Reply

 Postal Service "Package Waiting" Scam.... Trojan Dropper Virus.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"Waiting for Background Program to Close" shows no actual programs?!
Hey everyone, Recently, I have noticed that every time I properly shut down my laptop, I keep getting the pop up saying "Waiting for Background Program to Close." The box doesn't even list the program that needs to close. (Can this be a virus) Furthermore, if I wait a few seconds, it will...
General Discussion
My netbook an't connect to the internet. Stuck in "Waiting for..."
Hi guys, I can't connect to my internet using a LAN connection in my home. It seems that there's something wrong with the connection though i don 't really know what it is. can you help me? Asus is my netbook and Windows 7 is my OS. Device Manager says that I have no problems with my...
Network & Sharing
Random "Bad Pool Header" and "System Service Exception" BSODs
I have been getting these "Bad Pool Header" and "System Service Exception" BSODs for about a day now (the "Bad Pool Header" one tends to pop up more often then the other btw). I ran a registry cleaner which didn't work and ran memtest this morning and it showed that my memory was fine. The BSODs...
BSOD Help and Support
Build 7000 "files waiting to be burned to disc" problem...
Every time I log into windows (build 7000) I always see this in the corner of my task bar http://img13.imageshack.us/img13/5773/problem1i.png No matter what i do I cannot get it to stop appearing. I have tried clicking on it and when it goes to bring up a window the window doesn't load and...
General Discussion
"Waiting for Background Programs to Close" Symante
A friend has this problem with main PC running Win 7 Ultimate: When Symantec Endpoint Protection is installed he logs off & gets the above "Waiting for Background Programs to Close" message. It then says, "to close the program that is preventing windows from logging off" click cancel or...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:53.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App