Matei Posted August 12, 2015 Report Share Posted August 12, 2015 Hello, Asa cum e si postat aici https://rstforums.com/forum/104606-posibil-virus.rst#post650900, o prietena de-a mea a primit exact acelasi mail. Chestia e ca nu stiu daca o sa mearga cu malwarebytes sa dau remove. Scan pe malwr - https://malwr.com/analysis/MjNhNmYwN2IzOTU1NDE1ZmEwOGU4NmUyZGQ5ZTZjMDA/E putin cam urgent. se ocupa de o gramada de chestii + plati online si n-ar fi ok. Daca are cineva o recomandare de ceva removal tool, ar fi ok. Maine o sa am acces la pc-ul ei. Quote Link to comment Share on other sites More sharing options...
Matei Posted August 12, 2015 Author Report Share Posted August 12, 2015 P.s.: Tipa are un magazin online si de asta a dat click. nu i s-a parut deloc dubios un atasament cu factura. Quote Link to comment Share on other sites More sharing options...
scorpio2k2 Posted August 12, 2015 Report Share Posted August 12, 2015 acest tip de malware actioneaza daca sunt activate Macro-urile pe Office Quote Link to comment Share on other sites More sharing options...
Matei Posted August 12, 2015 Author Report Share Posted August 12, 2015 Pai da, dar practic cum reusesc sa dezactivez / dau remove, etc.... Eu n-am word. Nu prea am avut de a face cu virusi deloc (nici macar antivirus n-am). Deci nu stiu ce sa-i zic. Quote Link to comment Share on other sites More sharing options...
rukov Posted August 12, 2015 Report Share Posted August 12, 2015 Scaneaza cu asta Download HiJackThis from SourceForge.net si posteaza log-ul. Quote Link to comment Share on other sites More sharing options...
seboo00111 Posted August 12, 2015 Report Share Posted August 12, 2015 Eu zic sa salvezi toate documentele pe cloud/alta partitie(riscant)/hdd extern si sa-l formatezi.Daca risca sa-si piarda banii aia virtuali pentru "chestii mai importante" e decizia ei.Sa imprumute un calculator pentru o zi-2 ( cat dureaza procesul) daca are asa mare urgenta. Quote Link to comment Share on other sites More sharing options...
M4T3! Posted August 13, 2015 Report Share Posted August 13, 2015 De acum incolo cand nu sunteti siguri, dati vizualizare din email, fara sa l descarcati. Quote Link to comment Share on other sites More sharing options...
rukov Posted August 13, 2015 Report Share Posted August 13, 2015 Pentru cei care lucreaza zilnic cu documente descarcate aveti nevoie de Malwarebytes Anti-Exploit https://www.malwarebytes.org/antiexploit/ Quote Link to comment Share on other sites More sharing options...
Nytro Posted August 13, 2015 Report Share Posted August 13, 2015 1. Deschideti fisierul cu Notepad++2. Cautati un base643. Decodati-l si vedeti daca incepe cu "ActiveMime"4. Daca da, eliminati primii 50 de bytes5. Salvati si ar trebui sa aveti un fisier OLE6. Folositi OLEdump (al lui Didier Stevens) cu plugin-urile sale si obtineti URL-ul de unde descarca sau payload-ul (exe) Quote Link to comment Share on other sites More sharing options...
__self__ Posted August 13, 2015 Report Share Posted August 13, 2015 Este detectat de AV:https://www.virustotal.com/en/file/3ec3a88ee90def1f3f1138e50be75ef6b019bfd87897039c758fba10a003e89a/analysis/Sa puna un Bitdefender sau Kaspersky trial, si sa dea o scanare la sistem. Quote Link to comment Share on other sites More sharing options...
kreven Posted August 13, 2015 Report Share Posted August 13, 2015 Any idea ce filtru as putea sa pun pe server-ul de mail pentru mail-uri de genul?Nu prea pot sa pun pe cuvant cheie iar pe ip sau email nu functioneaza pentru ca se schimba.Multumesc Quote Link to comment Share on other sites More sharing options...
Matei Posted August 18, 2015 Author Report Share Posted August 18, 2015 Hello, Am uitat sa revin. E all good. Am rezolvat cu un antivirus nou + malwarebytes. Thx guys! Quote Link to comment Share on other sites More sharing options...