He said he is the IT dept
So I'm guessing the only staff member working for IT support?My friend just ran a .exe and I think it could be a keylogger?
- Thread starter morguk
- Start date
He said he is the IT dept
So I'm guessing the only staff member working for IT support?
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
Can you email the file to me please ? I will see what it is.
Soldato
- Joined
- 27 Dec 2005
- Posts
- 17,316
- Location
- Bristol
He really thought that email was real?
We're a very small company but even we have a pretty straightforward policy: don't open attachments. This goes without saying for senders you're not familiar with.
Hope he's learnt his lesson.
We're a very small company but even we have a pretty straightforward policy: don't open attachments. This goes without saying for senders you're not familiar with.
Hope he's learnt his lesson.
You're the IT department, but are asking for advice on how to remove what is very clearly a virus? That's not encouraging.
Reinstall windows and restore from a backup taken before he ran the exe. Anything else - trusting antivirus programs to remove it, just hoping it didn't do anything - is a bad risk to take. The machine is compromised and will be compromised forever. It's pretty hard to embed virus's in the hardware itself, so reformat & reinstall will probably suffice.
Reinstall windows and restore from a backup taken before he ran the exe. Anything else - trusting antivirus programs to remove it, just hoping it didn't do anything - is a bad risk to take. The machine is compromised and will be compromised forever. It's pretty hard to embed virus's in the hardware itself, so reformat & reinstall will probably suffice.
you mad ?
Obviously. I don't understand how people can be so computer illiterate, especially working for an IT company?!
Hurr, someone random sent me a .exe and it doesn't seem to be working, wat do?
Soldato
- Joined
- 27 Oct 2006
- Posts
- 7,600
- Location
- London
I am the IT dept!
//thread !!!!!!!!!
LMAO Sack the IT dept and commend the finder for revealing noob leaks in security.
Seriously dude.... How could you even let this happen ? There are so many open source network scanners / usb locks it's unreal. Hang your head in shame young man
Last edited:
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
Got your forwarding list ready?
I'm curious to see what it is. If OP is IT then sacked.
I've sent you the file
LETS CLEAR THIS UP!
Me and my friend run a business together, just us two. I do all the IT stuff, but this is mainly web design and maintenance. We're in the same office and we sometimes use Skype to communicate because we work with others who are with a separate company.
His friend has been applying for jobs and must have assumed this was from a company she applied for, anyway she couldn't open the 'application form' and sent it to my friend who I work with.
As the icon was a Microsoft Word icon and it didn't say .exe he opened it. I and others on this forum would have been a bit more vigilant, but he didn't spot this/nor think that it .zip files are used to contain .exe's.
Anyway, he ran the file and nothing happened. He then said to me "Hi mate can you open this job application, my friend can't open it", he proceeded to send it on Skype and it shown up as "applicationform.exe", I cancelled it and said how did he get hold of this and what is the email address that sent it. As it was a yahoo address It confirmed my suspicion that it was malware.
I knew what to do, but I thought I'd come here first for some ideas/advice as a reinstall isn't always the quickest of tasks. Thanks to the advice in the thread the malware didn't look too bad on the online scan and malwarebytes picked up 7 malicious items - there was 7 malicious items in the .exe file. I've done 3 more scans with different programs and I've put on a third party firewall.
Yes I am the "IT dept", simply because I'm the one that does IT stuff, but I don't have eyes in the back of my head and I can't double check every file that's going to be opened. He made a mistake - the end!
P.S for a bit of irony, his friend was using a Mac..
It doesn't matter that a reinstall isn't the quickest of tasks.
That PC was infected. It might still be infected. MWB picked up 7 items. Are there any more? You don't know. MWB is very good, but it does not include time travel into the future to detect new malware. It will always be slightly behind with its definitions because of that, as will any malware detection software.
How much time would it take if your business is hosed by malware? If it, for example, spews information about clients that should have remained confidential? Does your business handle other people's financial details? Would they think well of your business if their financial details were used to steal money from them because someone at your business has done something so foolish that it's a cliched joke?
My mother is in her 70s, has never been online and knows nothing about the internet, but even she might well have been suspicious about that email. It was ludicrous. "You desire a lot of the qualities and experience that we are looking for" Seriously? Anyone could read that and not be suspicious that it was not a legitimate email from a recruitment agency? I know that standards of literacy are low even in businesses, but someone who's spent a few months learning English as a foreign language would be embarrassed to have written that. Was this friend of a friend was applying for a job with a foreign job agency that didn't do any business in English-speaking countries?
That PC was infected. It might still be infected. MWB picked up 7 items. Are there any more? You don't know. MWB is very good, but it does not include time travel into the future to detect new malware. It will always be slightly behind with its definitions because of that, as will any malware detection software.
How much time would it take if your business is hosed by malware? If it, for example, spews information about clients that should have remained confidential? Does your business handle other people's financial details? Would they think well of your business if their financial details were used to steal money from them because someone at your business has done something so foolish that it's a cliched joke?
My mother is in her 70s, has never been online and knows nothing about the internet, but even she might well have been suspicious about that email. It was ludicrous. "You desire a lot of the qualities and experience that we are looking for" Seriously? Anyone could read that and not be suspicious that it was not a legitimate email from a recruitment agency? I know that standards of literacy are low even in businesses, but someone who's spent a few months learning English as a foreign language would be embarrassed to have written that. Was this friend of a friend was applying for a job with a foreign job agency that didn't do any business in English-speaking countries?
Soldato
- Joined
- 10 May 2004
- Posts
- 13,056
- Location
- Sunny Stafford
I am the IT dept!
notsureifserious.jpg
A customer of mine had the same issue recently whereby one family member was applying for jobs and someone found this out and sent them a “Word document” labelled “Application Form.exe” and since by default Windows hides the extension of known file types and the icon of the exe resembled a Word document they clicked it which then proceeded to install some malware that popped up doing scans at every boot and would not exit.
I removed it by booting into safe mode, disabling the services that related to the offending app, clearing the registry entries of it then running Mbam/Super and an AV scan to be sure.
Hiding file extensions by default is the worst move in all history IMO by an OS maker.
I removed it by booting into safe mode, disabling the services that related to the offending app, clearing the registry entries of it then running Mbam/Super and an AV scan to be sure.
Hiding file extensions by default is the worst move in all history IMO by an OS maker.
This actually does sound like cryptolocker.
Cryptolocker isnt usually the first infection, usually the first is a simple little trojan that is used to download and install the latest cryptolocker build (and anything else it wants to). This is exaclty how the infection I saw was installed, email attachment, .exe with a pdf icon. windows hides file extentions by default.
I would be very careful of the data on that laptop, or any data that might be on a network location that that laptop may have access to. It could be half way through encrypting the data already.
Cryptolocker sits quietly in the background until its encrypted all of the data, only then does it pop up telling you what it has done.
reinstall windows, its the only way (short of nuking it from orbit)
Cryptolocker isnt usually the first infection, usually the first is a simple little trojan that is used to download and install the latest cryptolocker build (and anything else it wants to). This is exaclty how the infection I saw was installed, email attachment, .exe with a pdf icon. windows hides file extentions by default.
I would be very careful of the data on that laptop, or any data that might be on a network location that that laptop may have access to. It could be half way through encrypting the data already.
Cryptolocker sits quietly in the background until its encrypted all of the data, only then does it pop up telling you what it has done.
reinstall windows, its the only way (short of nuking it from orbit)
Soldato
- Joined
- 1 Jun 2012
- Posts
- 2,817
- Location
- UK
Nuke from orbit just to be sure