Jump to content

Recommended Posts

I received an email from a competing company that I have no quarrel with nor had I interacted with. But, it was an email to an alleged spreadsheet or some sort (not opened) just the email then placed it in the Deleted Folder in my Outlook. (Also email was viewed on my iPhone as well)

I am referring to this incident but I am not too sure if recent my Chrome was updated or maybe my Windows, don't remember. But, I just noticed some green check marks on some of desktop icons and just as I am writing this topic I looked at my desktop icons and now there is a small icon layered on the desktop icon as a 2 person-ed stick image. See attached in this post.

Now I as I am typing the icons now have (not sure if its the original windows iconed style) but have arrows on them, see attached.

 

A few days ago I repurchased ESET NOD32 since I had a cracked version and now have a official registration key. I've always had MWB running with my purchase.

  1. I just ran a Kaspersky TDSSKiller and nothing was found.
  2. ESET NOD32 Smart Security Premium, was scanned nothing found. 
  3. MalwareBytes just ran a scan now, nothing was found. Log attached.
  4. AdwCleaner was downloaded and it I did a scan and it found 3 separate threats. See attached Log. ( I also hit Clean & Repair function )
    1. PUP.Conduit.Heuristic 1 threats 
    2. PUP.Optional.Legacy 3 threats 
    3. PUP.OPtional.WebCompanion 4 threats 

Also, before the above mentioned scans I had user named INTERACTIVE listed in the attached picture. After restarting my computer with AdwCleaner, I don't see it anymore... See attached please.

 Also, this happened Aug 28 not sure if its connected to this.

Questions:

  1. Could I have been affected through that email even if I didnt open the file?
  2. If not, why did my Windows Desktop Icons change?
  3. Why wasnt Malware Bytes unable to detect anything but Adware did?

AdwCleaner[S00].txt

AdwCleaner1 After restarting computer.txt

Computer Crash Error 2.jpg

Arrowed Icon.PNG

User Details.PNG

Computer Crash Error.jpg

Share this post


Link to post
Share on other sites

You didn't mention whether it was a document or executable that was attached to the email and which you opened / ran. The best would be if you could send it to samples[at]eset.com for analysis if it is not detected.

As for the BSOD, I'd strongly recommend uninstalling MBAM since its real-time protection may clash with ESET and cause issues. Should the problem persist, have a dump from the crash sent to customer care for analysis and to determine the cause of the crash. It appears to be network related.

Share this post


Link to post
Share on other sites
9 minutes ago, Marcos said:

You didn't mention whether it was a document or executable that was attached to the email and which you opened / ran. The best would be if you could send it to samples[at]eset.com for analysis if it is not detected.

As for the BSOD, I'd strongly recommend uninstalling MBAM since its real-time protection may clash with ESET and cause issues. Should the problem persist, have a dump from the crash sent to customer care for analysis and to determine the cause of the crash. It appears to be network related.

Sorry. I think its in the spam folder. I just hit rescan via ESET and ESET moved it from spam to inbox and here is the email. See attached.

 

And send what to samples@eset? scan log? it found nothing.

And MBAM? Malwarebytes? I havent had any issues at all.

Spammm.PNG

Share this post


Link to post
Share on other sites

This attack sounds eerily similar that that described in this SANS article: https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/ . It is an attempt by the attacker to get you to enter your credential data.

Another more detailed article on the attack is here: https://blog.appriver.com/2018/05/bec-attacks-evolve-to-phishing-via-xps-files-appriver

I don't see any relationship to the phishing attack to your blue screen issues. This specific attack just wants you to enter your logon on credentials so it can use them maliciously. Your blue screen is due to an issue with your NDIS.sys driver. This is usually used by your network adapter for a Wi-Fi connection. @Marcos statement about using other security software is right "on target." Some are notorious for "trashing" this driver; usually on uninstall/reinstall of their software.

7 hours ago, moeetee said:

A few days ago I repurchased ESET NOD32 since I had a cracked version

The cracked version of Eset most likely is the culprit. Cracked software is notorious for containing malicious other stuff. You should never use cracked software. Double that when it comes to cracked security software. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×