Malware via ISO file

Using Win 7 Home Premium, Dell XPS8700

I received an email with an ISO file attached. I double-clicked the ISO which opened the Windows Disc Image Burner window. I suspected that it might be malware, so I hit Cancel instead of Burn.

Now I'm wondering if just double-clicking the file activated the malware or it would only activate if the Burn button was clicked.

I always scan my PC with MBAM, SAS, and Webroot every morning when I turn on my PC which means I've scanned it four times since foolishly double-clicking that ISO file. None of the three applications have indicated a problem.

Anything else I should do to verify some evil will not rise from the depths of my PC and bite my butt when I least expect it?

Thanks
EdP

I don't know why you received an e-mail in this regard but, it must be an installation ISO which needs to be burned to disc to be usable for installation of whatever if was for. In my opinion, burning it to disc would have no effect on your system and cancelling the burn also shouldn't affect your system. If the malware software you're using has the latest updates, then you should be safe. Just saying........

Scan the ISO here: VirusTotal

General consensus is four hits and it's crap.

What ever this "ISO" file was could be malware. AN ISO is usually in the several hundred megabytes in size. So the fact you got an ISO attachment via email tells me it was no more than maybe ~25 MB in size since email providers won't allow massive hundred + MBs of data as email attachments.

Any data can be turned into an ISO image file as well. I can take all my images or documents, etc and encapsulate them all in an ISO file.

You should NEVER double click on email attachments.

There's a whole slew of things that can be done for email security (I'll even touch base a little on phones further down). By far the best is to create email filters for KNOWN TRUSTWORTHY addresses. Anything not known that shows up in the inbox its self needs to be scrutinized.

More than one email address should be used. One for very important stuff like banks, PayPal, Coinbase, eBay, Amazon, crap like that. Another email address or more for crap web sign ups and what not. (I'm looking at you - Facebook)...

Scan all downloads at VirusTotal. Again, the general consensus is four hits and you toss, but it largely depends on what you have. If it's a game hack, it may be coded in a way that mimics badware/malware/a virus. So it could be malicious and a game hack at the same time, you just never know. Same applies to pirated crap, their wrappers and what not. The program HashTools can be used to get an SHA256 bit hash of a download, copy that hash number value and simply search for that hash number value at VirusTotal. If that download was already uploaded to VirusTotal, its hash will match thus giving you a virus report on the file you have there. It's just an easier way to get a VirusTotal result over uploading the file. You could do this with your ISO file there. If its hash isn't at VirusTotal already you'll need to upload the ISO to VirusTotal.

Beyond all this, the email client should be configured to view emails as text only. Not in HTML form. And remote content (images) should never be downloaded in an email unless you can trust the email and you manually allow it per email. Or for the sake of absolute privacy, never allow it. These two options should be in the email client settings. The emails will look like crap though. If the email can't be read, and you trust the sender (easier said then done, believe me) then you can temp parse the email in HTML format. Just make sure to reset the option back to text only before loading another email. I read all emails as text. I can usually decipher links and what not if need be and know how to read email headers. To other people this might be a huge PITA.

Consider sandboxing the entire email application in Sandboxie. But this requires know how and can be cumbersome.



E-mail is a real PITA, and by its inherit nature is NEVER secure.. Even if you think it's from a legit source, it may not be. The headers can be forged to mimic a legit sender. E-mails can also be made to look like official bank emails and what not. I've seen this trick a few times and I just play with the would-be hacker/spearfisher. Then report their web server IP and domain to the hoster and domain provider. I'll also report the email to spamcop (a Cisco company), and I used to forward the email to the Federal Trade Commission. Not needed anymore since they run their own honeypots or something. Believe me when I tell you I get very little email spam. That goes for SMS text crap as well. You HAVE to control who you give your number out to, and keep a landline (or VoIP DiD) attached to Nomorobo for other purposes. ( I also use PhoneTray). This is analogous to the two+ email address approach I talked about above.

I guess it all comes down to being smarter than the idiots that do all this crap and knowing how it all works.

PS. Never load a spam text message. Doing so will send a possible read receipt to the spammer so he/she knows that you read the damn thing and can continue to send more. Just delete upon reading the subject line. Some cellphone companies offer a forwarding ability for spam text messages. Refer to your cellphone company.

PPS. NEVER text some number on TV. As an example you might see some Ad, or political campaign say, "Text WIN123 to 555343" or what ever the hell. You do that and you're data is mined, and you're on a sht list for life of the phone number as well as anyone else that may acquire your previous phone number should you ditch it for another.

Anyway, I know you asked simple question, but there are no simple answers. LOL

Whew!

When you opened the emails ISO attachment, you started a set-up exe WITHIN your OS, this is verified by the fact it opened the disc burning programe. Any number of macros could also have been activated that are malicious.

I would shootover to BleepingComputers, Malware removal section and post there, instructions/requirements here
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Help

A malware can be spread through iSO file in that way? I don't think that is actually possible.