Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

话题已存档。 如果需要帮助请提出新问题。

Viral Addon Installed without permission?

  • 1 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 Toad-Hall

arvidt
arvidt
more options

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors.

The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft.

Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee

You should NOT be able to have an addion without permission. Updates great but initial NO.

Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it).

Cheers. Arvid.

Platform: Windows 7 Up to date Email: Thunderbird 31.6 Virus Tool: McAfee up to date Payload: It may have been dormant for two weeks: A client receieved a virus in the form of soo attached Report.zip which contained a virus. The virus disabled an upto date McAfee Anti Spam addon and install an addon called ???Client_1. This then read the collected addresses and built emails to propagate adding the emails in sent items. The add-on likely had built in error detection in that it attempted to send 96 emails as bcc which errored on send and it changed to 95 (also failed with invalid email), It then tried 22 and succeeded. It was detected atthis point after the user noticed the errors. The payload was not detected by McAfee or AVG but as an exe in a zip clearly contains email dll's from microsoft. Remedial Steps: Take Thunderbird off line. Examine addons. Remove weird Add-On and disable McAfee anti spam (as it did nothing) Export Address book. Delete Addresses. Restart Thunderbird Turn on-line. Check network bytes. Fix emails Apologise on resend (without virus) Tell you guys and AVG/McAfee You should NOT be able to have an addion without permission. Updates great but initial NO. Good luck and keep up the great work. I have the file if you want to add it to a vm to see the addon (sorry I did not keep it). Cheers. Arvid.

所有回复 (1)

Toad-Hall
Toad-Hall
  • Top 25 Contributor
more options

Many thanks for posting info on this virus.

As with any attachment, you should not open and run attachments that do not come from a trusted source.

In this instance, the person must have saved, opened, unzipped and run the exe file in that attachment without checking it out. Even if the email address seemed familiar, did the alledged sender really send it or did the real sender abuse another persons email address?

Usually, you would get a pop up asking permission to run a program, but that depends on computer settings, running as administrator etc.

UAC info which may be of assistance regarding permission for programs to run: http://www.7tutorials.com/uac-why-you-should-never-turn-it-off