moeetee 0 Posted September 12, 2018 Share Posted September 12, 2018 I received an email from a competing company that I have no quarrel with nor had I interacted with. But, it was an email to an alleged spreadsheet or some sort (not opened) just the email then placed it in the Deleted Folder in my Outlook. (Also email was viewed on my iPhone as well) I am referring to this incident but I am not too sure if recent my Chrome was updated or maybe my Windows, don't remember. But, I just noticed some green check marks on some of desktop icons and just as I am writing this topic I looked at my desktop icons and now there is a small icon layered on the desktop icon as a 2 person-ed stick image. See attached in this post. Now I as I am typing the icons now have (not sure if its the original windows iconed style) but have arrows on them, see attached. A few days ago I repurchased ESET NOD32 since I had a cracked version and now have a official registration key. I've always had MWB running with my purchase. I just ran a Kaspersky TDSSKiller and nothing was found. ESET NOD32 Smart Security Premium, was scanned nothing found. MalwareBytes just ran a scan now, nothing was found. Log attached. AdwCleaner was downloaded and it I did a scan and it found 3 separate threats. See attached Log. ( I also hit Clean & Repair function ) PUP.Conduit.Heuristic 1 threats PUP.Optional.Legacy 3 threats PUP.OPtional.WebCompanion 4 threats Also, before the above mentioned scans I had user named INTERACTIVE listed in the attached picture. After restarting my computer with AdwCleaner, I don't see it anymore... See attached please. Also, this happened Aug 28 not sure if its connected to this. Questions: Could I have been affected through that email even if I didnt open the file? If not, why did my Windows Desktop Icons change? Why wasnt Malware Bytes unable to detect anything but Adware did? AdwCleaner[S00].txt AdwCleaner1 After restarting computer.txt Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted September 12, 2018 Administrators Share Posted September 12, 2018 You didn't mention whether it was a document or executable that was attached to the email and which you opened / ran. The best would be if you could send it to samples[at]eset.com for analysis if it is not detected. As for the BSOD, I'd strongly recommend uninstalling MBAM since its real-time protection may clash with ESET and cause issues. Should the problem persist, have a dump from the crash sent to customer care for analysis and to determine the cause of the crash. It appears to be network related. Link to comment Share on other sites More sharing options...
moeetee 0 Posted September 12, 2018 Author Share Posted September 12, 2018 9 minutes ago, Marcos said: You didn't mention whether it was a document or executable that was attached to the email and which you opened / ran. The best would be if you could send it to samples[at]eset.com for analysis if it is not detected. As for the BSOD, I'd strongly recommend uninstalling MBAM since its real-time protection may clash with ESET and cause issues. Should the problem persist, have a dump from the crash sent to customer care for analysis and to determine the cause of the crash. It appears to be network related. Sorry. I think its in the spam folder. I just hit rescan via ESET and ESET moved it from spam to inbox and here is the email. See attached. And send what to samples@eset? scan log? it found nothing. And MBAM? Malwarebytes? I havent had any issues at all. Link to comment Share on other sites More sharing options...
itman 1,659 Posted September 12, 2018 Share Posted September 12, 2018 This attack sounds eerily similar that that described in this SANS article: https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/ . It is an attempt by the attacker to get you to enter your credential data. Another more detailed article on the attack is here: https://blog.appriver.com/2018/05/bec-attacks-evolve-to-phishing-via-xps-files-appriver I don't see any relationship to the phishing attack to your blue screen issues. This specific attack just wants you to enter your logon on credentials so it can use them maliciously. Your blue screen is due to an issue with your NDIS.sys driver. This is usually used by your network adapter for a Wi-Fi connection. @Marcos statement about using other security software is right "on target." Some are notorious for "trashing" this driver; usually on uninstall/reinstall of their software. 7 hours ago, moeetee said: A few days ago I repurchased ESET NOD32 since I had a cracked version The cracked version of Eset most likely is the culprit. Cracked software is notorious for containing malicious other stuff. You should never use cracked software. Double that when it comes to cracked security software. Link to comment Share on other sites More sharing options...
AdvancedSetup 0 Posted September 13, 2018 Share Posted September 13, 2018 For reference only https://forums.malwarebytes.com/topic/236534-have-i-been-affected/ As for BSOD between ESET and Malwarebytes I'm not aware of any such reports on our Forums or Helpdesk ever. We have millions of users and quite a few running both products and reporting it works well for them. Link to comment Share on other sites More sharing options...
Recommended Posts