Comments on: UPS Tracking number trojan – new variant

By: Jerry

Jerry — Tue, 10 Jan 2012 06:36:45 +0000

Okay, so I have this virus and can’t get rid of it so I’m just going to recycle my hard drive tower and get a new one. Can this virus make its way into one’s flat screen or printer? Do I need to get rid of those as well?

Big Spender

By: naishagirl

naishagirl — Tue, 09 Mar 2010 17:25:22 +0000

No that doesn’t work either, I’ve tried it step by step. I’ve tried so many things so far and nothing is working.

By: sammy

sammy — Fri, 15 Jan 2010 01:43:07 +0000

I just got this email with an attachment found it bit suspicious so googled and find this website..Thanks for the info…. This is how my message looked

UPS Tracking Number 2657412.
UPS Manager Liza Fitch support@ups.com
Sent: Thu 1/14/2010 8:21 PM
To: myemail
UPS_INVOICE_NR76234.zip

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

By: match1

match1 — Sat, 17 Jan 2009 21:55:30 +0000

Nice news. Good side.

By: Dave Rave

Dave Rave — Fri, 03 Oct 2008 21:44:31 +0000

I received this one email, on to two computers.
both had AVG installed.
the first only showed the attachment, let me open it, the attached zip)
then I opened the inside doc file, wanting to watch AVG catch it and show me how good it is.

then, after it opened it, and infected my computer, “after” it infected my computer, it then said there was threat activity, showing me places that were suspect.

the second computer, downloaded the email, and netscape showed that AVG had already removed the attachment to the vault. no problems at all.

except the first computer is my notebook
the attached files are mainly .sys files
one of which I saw was hid something
i moved files to vault, rather than heal them
and now i have no keyboad, no touch pad, no usb for a mouse
and the ethernet jack is disabled as i would have turned it off, using my wireless

can’t get to anything at all on it
and I AM SUCH A DILL. hates self

By: Doofus

Doofus — Wed, 20 Aug 2008 04:29:20 +0000

I use OS/2 am I still vulnerable to this?

By: John Turner

John Turner — Wed, 06 Aug 2008 20:31:53 +0000

This is a viscous virus,

A friend has been infected by this and has caused major issues,

So far, from what has been understood, he accidently opened the file and did experiecend a system reboot shorlty after.

paniced, but once the system resumed he realised software was not running, windows os booted no problem, but all applcations failed to boot.

After some annoyance he tried rebooting this time, NTLDR was missing and required me to restore the boot sector with boot usb – lots of info on the internet is available for this!

after doing this booted the system ran norton, ran spybot and it all apperared to be okay.

gave him back his PC and now it reboots and loops, asking him to install some other antivirus software causing major issues, i need fix this soon as possible please help!

By: Joe McLean

Joe McLean — Tue, 29 Jul 2008 03:28:59 +0000

A client was infected a week ago, so I imagine this was the varietion that was the payload. I have followed the suggestions about how to remove the virus, but in his case, the virus also kept him from logging into Windows XP. We removed his hard drive and ran it as a slave on two other computers. On Tuesday when AVG was not rated as detecting the virus, it detected two Trojans, but did not fix the log in problem.

We scanned the HD as a slave on Wednesday with Trojan Remover which supposedly had worked for another computer, and on Friday with AVG which was supposed to detect the virus at that point. We still were not able to login to Windows. I finally moved the data to another computer, but my client would still like to fix the problem without reformatting. Some posts on other websites suggest a damaged userinit.exe file would cause this problem. Has anyone else seen this problem.

By: Adam Vero

Adam Vero — Fri, 25 Jul 2008 14:13:55 +0000

Lots more information here about the latest variation which claims to be from customs (or US customs in some cases):
http://veroblog.wordpress.com/2008/07/24/ups_invoice-email-trojan-variant-claims-to-be-from-customs-service/
Further links in that post to previous versions of this malware with MD5 hashes for comparison.

By: DH

DH — Thu, 24 Jul 2008 18:16:19 +0000

Stupider users.
I’ve been blocking/quarantining all executable & compressed files in emails for several years — 8 years since any malware has hit my network. I recommend all admins do the same. Some users may complain initially, but it saves the company money & productivity in the long run.