My friend just ran a .exe and I think it could be a keylogger?

morguk · 3 Jan 2014 at 15:41

My friend asked me to try and see if an application form he was emailed worked so I said sure, he sent me the file and it was a .exe. Straight away I asked him what email address the .exe came from. He shown it me and it was a yahoo email address.

He's ran the .exe already and I assume this would be a new bit of malware/keylogger so it won't be in malware databases. The system appears fine but obviously it would do!

What can I do? Run malwarebytes etc? Would you agree this sounds like a keylogger or something?

Randomface74 · 3 Jan 2014 at 15:42

Reinstall Windows

Destination · 3 Jan 2014 at 15:44

Start with MWB.
I'd reinstall if you do any banking or anything critical on that machine.

ci_newman · 3 Jan 2014 at 15:44

billysielu said:
Reinstall Windows

morguk · 3 Jan 2014 at 15:45

billysielu said:
Reinstall Windows

That's what I was thinking. He ran the file on the business laptop too

BTW Here's the email...

Dear Applicant,

I am glad to inform you that I have read through your CV and you have made my shortlist. You desire a lot of the qualities and experience that we are looking for and hope you will be able to bring this to our company. The next stage is for you to attend a face-to-face discussion at a registration event. Please read all of this e-mail carefully as it gives you vital instructions to support at the event.

My name is Louise Phillips and I am your recruitment consultant at ACE Recruitment.

I have attached the application form which can be found here APPLICATION FORM

Please unzip or extract the application form folder to be able to open it,then fill out the application form and e-mail it back to me.

The job we offer is a full time and part time positions with a flexible schedule. On average, the working hours will be 40hours (Monday to Friday) and some weekends.

If you are having problem with the link above, you can download the application form from the download link below

Download Link> APPLICATION FORM DOWNLOAD PLEASE CLICK HERE<<

We look forward to meeting you at your registration event.

Regards,

Loiuse Phillips
Louise Phillips (ACE Recruitment) [email protected]

Ysmalari · 3 Jan 2014 at 15:47

Oh dear, I'd be running some serious virus checking after running that, somehow I doubt the exe file contains an application form

You've gotta love the line "You desire a lot of the qualities and experience that we are looking for"!!

In all seriousness, was he connected to a business network when he ran it?

Tunney · 3 Jan 2014 at 15:48

Don't enter any of your passwords correctly. That'll throw them off the scent.

dacads · 3 Jan 2014 at 15:48

Email sounds legit but the EXE part certainly isn't, what happened after your friend opened the file?

You can do a safe windows reinstall which will keep all files or run malwarebytes and superantispyware.

Pho · 3 Jan 2014 at 15:48

Sounds very dodgy; especially if it's a Cryptolocker variant. Reinstall time

.

Upload the file to https://www.virustotal.com/ - what does it say?

fastwunz · 3 Jan 2014 at 15:49

The hilarious grammatical errors in the email alone would have had me smashing the delete key

helmet · 3 Jan 2014 at 15:49

Email is so well written too, would have fooled me.

is_a_full_time_and_part_time_positions_at_our_HR.dept@yahoo.co.uk

dacads · 3 Jan 2014 at 15:50

They could have at least used a proper email address

wingman · 3 Jan 2014 at 15:51

I know a Louise Phillips. :eek:

LOAM · 3 Jan 2014 at 15:51

Pray its not cryptolocker. I would tell him to disconnect it from the network asap before it ruins everything on every shared file he has access to. if its a work pc thats going to cause some real problems, hope their backups are robust.

morguk · 3 Jan 2014 at 15:52

Ysmalari said:
Oh dear, I'd be running some serious virus checking after running that, somehow I doubt the exe file contains an application form

You've gotta love the line "You desire a lot of the qualities and experience that we are looking for"!!

In all seriousness, was he connected to a business network when he ran it?

He's connected to the WiFi, so am I..

dacads said:
Email sounds legit but the EXE part certainly isn't, what happened after your friend opened the file?

You can do a safe windows reinstall which will keep all files or run malwarebytes and superantispyware.

Nothing happened when he ran the file.

Pho said:
Sounds very dodgy; especially if it's a Cryptolocker variant. Reinstall time .

Upload the file to https://www.virustotal.com/ - what does it say?

Please don't be cryptolocker! Here's what virus total said.

Gen:Variant.Zusy.65307
a variant of MSIL/Injector.CKM

EGuitarStar · 3 Jan 2014 at 15:53

Burn computer and run. The virus can spread to you via the fumes let off by the fire.
.
.
.
.
Format and reinstall windows, the only way to be safe.

DaleTheWhale · 3 Jan 2014 at 15:53

Was he looking for a job?

Adam · 3 Jan 2014 at 15:54

How can people be so stupid?

Ysmalari · 3 Jan 2014 at 15:55

Variant.Zusy.65307 is a trojan apparently according to Sophos' website, so it looks like it might not be worst case scenario of Cryptolocker

Raumarik · 3 Jan 2014 at 16:00

Unplug, power off and explain himself at work. Own up to being a numpty and let them sort it.

He's only likely to get in trouble if he doesn't own up.