How to get rid of FedEx Trojan!

Discussion in 'malware problems & news' started by xprakash, Mar 18, 2011.

Thread Status:
Not open for further replies.
  1. xprakash

    xprakash Registered Member

    Joined:
    Mar 18, 2011
    Posts:
    2
    I got a mail on couple of days ago which seemed to be sent by FedEx agency.

    From: FedEx service <infoxq@fedex.com>
    To: xxxxxxx@yahoo.com
    Cc: xxxxxx@yahoo.com; xxxxxxx@yahoo.com; xxxxxxx@yahoo.com
    Sent: Friday, March 16, 2011 8:31 PM
    Subject: FedEx notice

    Dear customer.

    The parcel was sent your home address.
    And it will arrive within 7 business day.

    More information and the tracking number are attached in document below.

    Thank you.
    © FedEx 1995-2011


    It has a zip file attached, so I downloaded that, (yahoo scanner approved it to be clean). thereafter, I scanned it with bitdefender on my pc. I opened the zip file and dragged the exe file to my desktop, there I saw, its icon resembles with that of adobe acrobat. Finally I scanned it with bitdefender and double clicked on the file after bitdefender approved that to be clean. All of the sudden.....! the file vanished off the desktop..... no demand of UAC, no threat detection by Bitdefender...... just like that! :oops:

    Now, I think my pc has become its victim.....:( is there any way that would effectively wipe out this nuisance out of my pc?
    (I've already tried malwarebite's antimaleware, bitdefender, F-secure online security, A-squired online scanner...... but I m not sure if my pc is clean :doubt: o_O )
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would do a scan with the "bootable" AVIRA Rescue System CD.

    Also, I would run a scan with Dr.Web Cureit.
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    You could try WinMHR.

    On the main screen choose Files/edit, and at the bottom choose Scan>Full>YourDriveLetter.

    After about 45 minutes, take detections md5 and search on VirusTotal or virscan.org for the type of infector and who cleans it. Download their rescue tools or on demand scanner.

    I hope you still have the email. You can submit the file attachment to Virus Total also.
     
    Last edited: Mar 18, 2011
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,769
    Location:
    Outer space
    Never open .exe's gotten through email unless the source is completely trusted and you knew in advance the sender would send you an .exe
    Hitman Pro is also a good tool to check if you're infected and I would recommend going to a forum like bleepingcomputer.com for help with finding the malware and disinfecting your computer.
     
  6. xprakash

    xprakash Registered Member

    Joined:
    Mar 18, 2011
    Posts:
    2
    Hi everyone, Thanks for your suggestions.
    About mails..... It is my mistake again... I deleted all of the three mails that came with the same kind of attachment. As I noticed later, there was 'whatever@yahoo.com' instead of my mail address at the 'To:' section of 1st mail . (I don't understand, How a mail for different email address popped up on my inbox!) But later two mails had my mail address along with 14 others....! I guess, 14 others had also done the same mistake as I did. So, I warned all of them not to download and open the attachment this time again..... !!
    As any of the antivirus program I mentioned in the thread didn't detect the nuisance.....(though malwarebytes' Antimalware has detected couple of suspected files in Temp folder), I guess either the file is really not a trojan or it is so crafty that it makes a fool out of the antivirus and antimalware programs. :doubt:
    Anyway! it worths following your suggestions. :)
     
  7. CMoore0520

    CMoore0520 Registered Member

    Joined:
    Mar 19, 2011
    Posts:
    1
    Hey, I had the same email yesterday and I downloaded it as well...
    Norton blocked the attempt but later on my computer restarted and I came back to find my computer with a new background saying I have been spammed and all sorts of stuff, and it was blocking most of my programs from starting. I entered into Safe Mode and did a Windows Restore back to the 17th, and it seems fine now, but to be safe I am doing full system scans with Norton.
    Hope things are well for you.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,769
    Location:
    Outer space
    Apparently Norton wasn't able to protect you from this sample so doing a full system scan with it doesn't necessarily mean you're clean. I'd recommend a second opinion with Malwarebytes' Anti-Malware or a similar program.
     
Loading...
Thread Status:
Not open for further replies.