My friend just ran a .exe and I think it could be a keylogger?

Take to IT dept. immediately own up and dont let them connect it to network (this way they wont hate you)

if no IT dept., reinstall windows yourself?

IT dept. threatens to drop you in the ****? Pay/suck anything they ask.

He said he is the IT dept :p So I'm guessing the only staff member working for IT support?
 
He really thought that email was real?

We're a very small company but even we have a pretty straightforward policy: don't open attachments. This goes without saying for senders you're not familiar with.

Hope he's learnt his lesson.
 
You're the IT department, but are asking for advice on how to remove what is very clearly a virus? That's not encouraging.

Reinstall windows and restore from a backup taken before he ran the exe. Anything else - trusting antivirus programs to remove it, just hoping it didn't do anything - is a bad risk to take. The machine is compromised and will be compromised forever. It's pretty hard to embed virus's in the hardware itself, so reformat & reinstall will probably suffice.
 
I am the IT dept! :P

//thread !!!!!!!!!

LMAO Sack the IT dept and commend the finder for revealing noob leaks in security.

Seriously dude.... How could you even let this happen ? There are so many open source network scanners / usb locks it's unreal. Hang your head in shame young man
 
Last edited:
Can I have your job?


Wow. Talk about being stupid. Haha, reinstall is probably the only option unless he likes keyloggers. You should probably also explain to him the basics of using the internet and email, for his own protection.

If he's been applying for IT jobs, I'd suggest he look at another career path or perhaps some training in the field.

Ouch :p
 
I'm curious to see what it is. If OP is IT then sacked.

I've sent you the file :)

LETS CLEAR THIS UP!

Me and my friend run a business together, just us two. I do all the IT stuff, but this is mainly web design and maintenance. We're in the same office and we sometimes use Skype to communicate because we work with others who are with a separate company.

His friend has been applying for jobs and must have assumed this was from a company she applied for, anyway she couldn't open the 'application form' and sent it to my friend who I work with.

As the icon was a Microsoft Word icon and it didn't say .exe he opened it. I and others on this forum would have been a bit more vigilant, but he didn't spot this/nor think that it .zip files are used to contain .exe's.

Anyway, he ran the file and nothing happened. He then said to me "Hi mate can you open this job application, my friend can't open it", he proceeded to send it on Skype and it shown up as "applicationform.exe", I cancelled it and said how did he get hold of this and what is the email address that sent it. As it was a yahoo address It confirmed my suspicion that it was malware.

I knew what to do, but I thought I'd come here first for some ideas/advice as a reinstall isn't always the quickest of tasks. Thanks to the advice in the thread the malware didn't look too bad on the online scan and malwarebytes picked up 7 malicious items - there was 7 malicious items in the .exe file. I've done 3 more scans with different programs and I've put on a third party firewall.

Yes I am the "IT dept", simply because I'm the one that does IT stuff, but I don't have eyes in the back of my head and I can't double check every file that's going to be opened. He made a mistake - the end!

P.S for a bit of irony, his friend was using a Mac..
 
It doesn't matter that a reinstall isn't the quickest of tasks.

That PC was infected. It might still be infected. MWB picked up 7 items. Are there any more? You don't know. MWB is very good, but it does not include time travel into the future to detect new malware. It will always be slightly behind with its definitions because of that, as will any malware detection software.

How much time would it take if your business is hosed by malware? If it, for example, spews information about clients that should have remained confidential? Does your business handle other people's financial details? Would they think well of your business if their financial details were used to steal money from them because someone at your business has done something so foolish that it's a cliched joke?

My mother is in her 70s, has never been online and knows nothing about the internet, but even she might well have been suspicious about that email. It was ludicrous. "You desire a lot of the qualities and experience that we are looking for" Seriously? Anyone could read that and not be suspicious that it was not a legitimate email from a recruitment agency? I know that standards of literacy are low even in businesses, but someone who's spent a few months learning English as a foreign language would be embarrassed to have written that. Was this friend of a friend was applying for a job with a foreign job agency that didn't do any business in English-speaking countries?
 
Regarding the re-install, it was something I wanted to do, but as it's an ultrabook is has no DVD drive, and I don't have a Windows ISO for USB installation. Sourcing one now.
 
A customer of mine had the same issue recently whereby one family member was applying for jobs and someone found this out and sent them a “Word document” labelled “Application Form.exe” and since by default Windows hides the extension of known file types and the icon of the exe resembled a Word document they clicked it which then proceeded to install some malware that popped up doing scans at every boot and would not exit.

I removed it by booting into safe mode, disabling the services that related to the offending app, clearing the registry entries of it then running Mbam/Super and an AV scan to be sure.
Hiding file extensions by default is the worst move in all history IMO by an OS maker.
 
This actually does sound like cryptolocker.

Cryptolocker isnt usually the first infection, usually the first is a simple little trojan that is used to download and install the latest cryptolocker build (and anything else it wants to). This is exaclty how the infection I saw was installed, email attachment, .exe with a pdf icon. windows hides file extentions by default.

I would be very careful of the data on that laptop, or any data that might be on a network location that that laptop may have access to. It could be half way through encrypting the data already.

Cryptolocker sits quietly in the background until its encrypted all of the data, only then does it pop up telling you what it has done.

reinstall windows, its the only way (short of nuking it from orbit)
 
Back
Top Bottom