A possible virus RRS feed

  • Question

  • I received an email from a person that had the exact same name as one of my contacts. They have sent me a .docx file. I made a mistake of downloading it on my phone and then the the file kept on downloading over and over again, even though i see just one file downloaded. I thought may be it was sending some of my info over to someone, so i disconnected internet which stopped the downloading. I deleted the file and then re-enabled internet and things seem to be ok now.

    I downloaded the file in a VM and edited the file to find 3 VBscripts embedded. I don't know VB so i can't make sense of it. I am worried as to what this did to my phone or if it actually sent information to some place. Would someone help me make sense of this code

    Really appreciate

    • Edited by Dave PatrickMVP Thursday, March 9, 2017 6:30 PM remove suspicious code block
    Thursday, March 9, 2017 5:21 PM


  • The code (now removed) is heavily obfuscated to conceal what it is doing. It is not worth trying to figure out, except to say there are many functions, subroutines, and for loops. Many steps to just take up time. But it also opens something, writes to a file, sets an environment variable, and runs something. Clearly no good.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, March 9, 2017 7:18 PM
  • They'll help you over here.




    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, March 9, 2017 6:31 PM

All replies