locked
UPS virus RRS feed

  • Question

  • Will OneCare remove the new virus delivered by UPS email that was sent today?

     

    Wednesday, July 23, 2008 4:03 PM

Answers

  • Where did you hear about this virus? Please provide a link. I suspect that you received a hoax email.

    http://www.snopes.com/computer/virus/ups.asp

     

    If so, depending on what virus was in the payload, the answer could be yes or no, but it should.

    -steve

     

    Wednesday, July 23, 2008 4:28 PM
    Moderator

All replies

  • Where did you hear about this virus? Please provide a link. I suspect that you received a hoax email.

    http://www.snopes.com/computer/virus/ups.asp

     

    If so, depending on what virus was in the payload, the answer could be yes or no, but it should.

    -steve

     

    Wednesday, July 23, 2008 4:28 PM
    Moderator
  • Long story regarding my shipments with UPS, but I opened an email that I believed to be from UPS. It was not from UPS.

    I cannot tell if my computer is infected so I am running the Live OneCare product..  I do not believe this is a hoax.

     

    Wednesday, July 23, 2008 4:43 PM
  • It's a hoax in the sense that it did not come from UPS, but rather from Russia.  Doing some internet research reveals that Microsoft can detect this as Trojan:Win32/Agent.EE, which is the same Trojan as Panda's detection of Trj/Agent.JEN, or Trend Micro's detection of TROJ_DLOADR.GG.

    Wednesday, July 23, 2008 5:00 PM
  • Thanks, Dave. And AYB1, opening the email would not get your PC infected. Opening the supposed invoice that was attached to the email might get the PC infected, depending on the protections in place when you opened the payload- the attachment.

    -steve

     

    Wednesday, July 23, 2008 5:03 PM
    Moderator
  • Thanks Dave:

     

    I will run Microsoft Live OneCare Virus scan.  Hope this removes the virus because I did try to open the attachment.

     

    Al

     

    Wednesday, July 23, 2008 5:23 PM
  • You bet, but make sure your definitions are current because this was only added back on July 14, and if your really nervous, scan with the online scanners from Panda and Trend... you can't get much safer than that.

    http://housecall65.trendmicro.com/

    http://www.pandasecurity.com/activescan/index/

    Wednesday, July 23, 2008 5:30 PM
  • Microsoft live one care found no virus after running several hours.
    Twenty minutes later a window popped up and asked me if I wanted to clean the found potential virus.
    Trojan Downloader:win32/agent.abc
    Virtool:win nt/Xantvi.a
     
    Took all day to find the problem.  Hopefully it is all working correctly.
     
    Thanks again,
     
    Al

     

    Wednesday, July 23, 2008 10:30 PM
  • The new variant is hard to detect.

    There are just 5 AV detecting it and so far this is the only way to remove the UPS virus. Follow the given link and do as instructed to fix UPS virus.
    http://support.bicester-computers.com/showthread.php?t=18

     

    Thursday, July 24, 2008 10:38 AM
  • I just want to clarify, it is not the "UPS virus." The reference to UPS is simply because the malware is delivered via an email purported to be from UPS with an attachment. As noted in the information above, UPS never sends attachments in email for delivery notices via email.

    Furthermore, before anyone chases an infection from this or any other malware, please remember that this forum is for OneCare discussions, not general virus removal help.

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

    -steve

    Thursday, July 24, 2008 12:34 PM
    Moderator
  • Live OneCare does not remove this virus.  It goes through the removal process.  But, the virus shows up on the next reboot.  The internet shows several other options for removal of this virus.  I really don't want to spend any more money on AV software since OneCare should be able to do it.  How long will it be before a solution is available?  Should I buy another program to fix this problem?

    Thursday, July 24, 2008 5:14 PM
  • There is no UPS Virus. There are several variants of the Trojan payload that you were tricked into opening in the scam email sent to you.

    I've merged your post into the thread where this has already been discussed.

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    Thursday, July 24, 2008 5:27 PM
    Moderator
  •  

    Hello all, I have had half a dozen machines hit by this virus on small office networks.  Does anyone know will this virus spread throughout the network from the PC that has been initially infected?  The only way I can see to get rid of the virus is to wipe and reload the machine although I have had success with a system restore on one PC but the other PC's cannot run a restore successfully as some PC's cant for other reasons.

     

    Any ideas would be appreciated...  I am more curious as to whether the virus will spread.  Thanks.

     

     

    Friday, July 25, 2008 8:51 AM
  • The virus in contracted by the user opening the attachment in the email. Since the payload in the scam email is now a number of variants of the Trojan, I can't tell you if it can spread within the network in any other way.

    However, please note the following:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

    -steve
    Friday, July 25, 2008 12:32 PM
    Moderator
  • Al,

     

    How did you find it?  I am having no luck so far.

     

    Thanks!

     

    Bob Moore

     

    Monday, July 28, 2008 6:03 PM
  • I don't mean to be rude Stephen...but you are incorrect.  Many security providers are calling this the "ups virus" even though you are right, it's really a trojan.

     

    Try calling mcafee and asking them about the "UPS virus", it's real and it's been out since at least July 15th.

    Friday, August 15, 2008 3:50 PM
  • You are not rude at all. :-) I *was* incorrect in my initial reply.

    -steve

     

    Friday, August 15, 2008 3:58 PM
    Moderator