UPS Email Infected – High Risk Threat

This post was written by admin on July 29, 2008
Posted Under: Free PC Security,Malware Removal,Technology,Trojan

Update August 18th:  Scroll down for easier alternative fix.

There is an email apparently from UPS going around with an attachment: invoice_8712.zip#670639117 which contains the Win32:Zbot Trojan.

Email reads:

'Unfortunately we were not able to deliver postal package you sent on July (date varies) in time because the recipient’s address is not correct.Please print out the invoice copy attached and collect the package at our office
Your UPS'

The invoice 'copy' is in a .zip file. Please do NOT open this attachment as you will be infected with the Zbot Trojan. If you receive one of these emails simply delete it.

This version comes with various .zip numbers and also variations of the Zbot Trojan. This is a High Risk Threat and can severely compromise your system security.

Such risks may open illicit network connections, self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information.

Ensure that your antivirus is updated regularly, and it will catch it if you have realtime monitoring.

If you think you are infected, update your definition files, boot into Safe Mode and carry out a Full Scan.

Also click here to download SDFix and save the file to your desktop, then click here for detailed instructions on how to use. This will remove braviax.exe and burito.exe

There are also many other emails in circulation at the moment with .zip file attachments. Some are as Word Documents, Excel, etc. Treat with extreme caution and do NOT download or open the files as you will be infected.

Any email that you receive with a link or attachment that has come from a sender that you do not know, simply DELETE.

If you have inadvertently downloaded this file and need to remove it, update your antivirus and antispyware definitions and perform FULL scans with both and also use the SDFix mentioned above. At present, there are only about 5 AV programs that are picking this up.

You then need to open the Registry:

Type regedit into Run command, when reg editor open click on Edit, then click Find and enter this as it is, including brackets:

{3e7a1818-971b-793b-e1f6-3bbf372a733f}

Also tick Match whole string only then click Find Next.

Also use the search function in Windows to find and remove the following files:

ntos.exeups_invoice_978172.exeups_invoice_978172.zipups_invoice_978172.exe

AlternativeFix which is simpler:

An easier and quicker way to remove UPS virus, burito.exe, braviax.exe and more.

1. Download TrojanRemover from here Install, update then follow the scanning instructions.

2. Download Malwarebytes free from here Install, update then follow the scanning instructions.

3. Download F-Prot Antivirus from here Install and update and restart when requested.

In same cases you may not be able to download/update on the infected computer. Use a working PC, download onto a USB stick then move them onto the infected PC and just follow the instructions.

AddThis Social Bookmark Button

Surf Safer, Surf with WOT - Click Here or the links below

Internet ExplorerWeb of Trust for Internet Explorer

FirefoxWeb of Trust for Firefox

Google ChromeWeb of Trust for Google Chrome

OperaWeb of Trust for Opera

, , , , , , , , , ,

Vote this page

topvotes.appspot.com

Add a Comment

required, use real name
required, will not be published
optional, your blog address

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 14 + 15 ?
Please leave these two fields as-is:
CommentLuv badge
Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 11,629 bad guys.

Next Post:
Previous Post:
Get Adobe Flash playerPlugin by wpburn.com wordpress themes