My friend just ran a .exe and I think it could be a keylogger?

Associate
Joined
5 Dec 2007
Posts
1,294
My friend asked me to try and see if an application form he was emailed worked so I said sure, he sent me the file and it was a .exe. Straight away I asked him what email address the .exe came from. He shown it me and it was a yahoo email address.

He's ran the .exe already and I assume this would be a new bit of malware/keylogger so it won't be in malware databases. The system appears fine but obviously it would do!

What can I do? Run malwarebytes etc? Would you agree this sounds like a keylogger or something?
 
Reinstall Windows

That's what I was thinking. He ran the file on the business laptop too :(

BTW Here's the email...

Dear Applicant,

I am glad to inform you that I have read through your CV and you have made my shortlist. You desire a lot of the qualities and experience that we are looking for and hope you will be able to bring this to our company. The next stage is for you to attend a face-to-face discussion at a registration event. Please read all of this e-mail carefully as it gives you vital instructions to support at the event.

My name is Louise Phillips and I am your recruitment consultant at ACE Recruitment.

I have attached the application form which can be found here APPLICATION FORM

Please unzip or extract the application form folder to be able to open it,then fill out the application form and e-mail it back to me.

The job we offer is a full time and part time positions with a flexible schedule. On average, the working hours will be 40hours (Monday to Friday) and some weekends.

If you are having problem with the link above, you can download the application form from the download link below

Download Link:D> APPLICATION FORM DOWNLOAD PLEASE CLICK HERE<<

We look forward to meeting you at your registration event.

Regards,

Loiuse Phillips
Louise Phillips (ACE Recruitment) [email protected]
 
Oh dear, I'd be running some serious virus checking after running that, somehow I doubt the exe file contains an application form :p

You've gotta love the line "You desire a lot of the qualities and experience that we are looking for"!!

In all seriousness, was he connected to a business network when he ran it?
 
Last edited:
Email sounds legit but the EXE part certainly isn't, what happened after your friend opened the file?

You can do a safe windows reinstall which will keep all files or run malwarebytes and superantispyware.
 
Pray its not cryptolocker. I would tell him to disconnect it from the network asap before it ruins everything on every shared file he has access to. if its a work pc thats going to cause some real problems, hope their backups are robust.
 
Oh dear, I'd be running some serious virus checking after running that, somehow I doubt the exe file contains an application form :p

You've gotta love the line "You desire a lot of the qualities and experience that we are looking for"!!

In all seriousness, was he connected to a business network when he ran it?

He's connected to the WiFi, so am I..

Email sounds legit but the EXE part certainly isn't, what happened after your friend opened the file?

You can do a safe windows reinstall which will keep all files or run malwarebytes and superantispyware.

Nothing happened when he ran the file.

Sounds very dodgy; especially if it's a Cryptolocker variant. Reinstall time :p.

Upload the file to https://www.virustotal.com/ - what does it say?

Please don't be cryptolocker! Here's what virus total said.

Gen:Variant.Zusy.65307
a variant of MSIL/Injector.CKM
 
Burn computer and run. The virus can spread to you via the fumes let off by the fire.
.
.
.
.
Format and reinstall windows, the only way to be safe.
 
Last edited:
Variant.Zusy.65307 is a trojan apparently according to Sophos' website, so it looks like it might not be worst case scenario of Cryptolocker
 
Unplug, power off and explain himself at work. Own up to being a numpty and let them sort it.

He's only likely to get in trouble if he doesn't own up.
 
Back
Top Bottom