Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

Viral Addon Installed without permission?

  • 1 trả lời
  • 1 gặp vấn đề này
  • 1 lượt xem
  • Trả lời mới nhất được viết bởi Toad-Hall

arvidt
arvidt
more options

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors.

The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft.

Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee

You should NOT be able to have an addion without permission. Updates great but initial NO.

Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it).

Cheers. Arvid.

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors. The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft. Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee You should NOT be able to have an addion without permission. Updates great but initial NO. Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it). Cheers. Arvid.

Tất cả các câu trả lời (1)

Toad-Hall
Toad-Hall
  • Top 25 Contributor
more options

Many thanks for posting info on this virus.

As with any attachment, you should not open and run attachments that do not come from a trusted source.

In this instance, the person must have saved, opened, unzipped and run the exe file in that attachment without checking it out. Even if the email address seemed familiar, did the alledged sender really send it or did the real sender abuse another persons email address?

Usually, you would get a pop up asking permission to run a program, but that depends on computer settings, running as administrator etc.

UAC info which may be of assistance regarding permission for programs to run: http://www.7tutorials.com/uac-why-you-should-never-turn-it-off