Categorized | Anti-virus, Email, Internet

UPS Virus

A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.

virus_image If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody.  Simply opening the attachment will release the virus and infect your machine.

UPS has issued the following statement regarding the email.

Attention Virus Warning

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the

unauthorized actions of third parties.

Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.

Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.

Virus Removal

Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).

There are basically two steps to removal.

  • Stop/Suspend System Restore (WinXP)
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  5. Click Apply.
  6. When you see the confirmation message, click Yes.
  7. Click OK.
  • Download your latest virus definition and run a full scan.

Here is the info from McAfee and Symantec

McAfee Info
http://vil.nai.com/vil/content/v_132901.htm

Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3

Update:

7/24 – A new variant of this virus/trojan has been reported.  The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.

7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket.  The attachment has the name: E-ticket_xxx.zip.

Photo Credit Nils Geylen

Popularity: 74% [?]

Tags: , , , , ,

Related Articles

This post was written by:

Michael Hayslip - who has written 60 posts on It Does Compute.


Contact the author

16 Responses to “UPS Virus”

  1. Filme noi says:

    Very good tutorial, i will surely do it step by step when it happends to me.(i hope never).

  2. For those of you using Norton and McAfee, stop now. They are both absolutely garbage.

    If you were using them when you got infected, then you should already know that. I have been using AVG for years now, and we recommend it to all of our clients nationwide. Do not use the free version however. It does not protect you against rootkits, spyware, or spam.

    Download AVG: http://www.avg.com/download

    Another helpfull tool for getting rid of tuff viruses is Avast. It has a great feature that allows you to do a preboot scan (before your windows boots up). It’s alot faster than the average scan, and is able to delete viruses easier as they are not yet running.

    Download AVAST: http://avast.com/eng/programs.html

    If all else fails, you can always visit us at http://www.Geeks-In-Route.com and have one of our very qualified technicians help you out.

  3. I always use Avast home edition and it hasn’t let me down, also try not to use limewire and such, those are virus centers.

  4. dog product says:

    OMG thanks for the heads up. I would never have guessed a virus from a UPS email. Sheesh you gotta be on your toes for everything.

  5. @dog product you ‘re right…a virus from UPS..thanks for the heads up

  6. Maxim says:

    I never open immediately attachments even in those emails, that comes from friends. First of all I scan them with antivirus and only then open.

  7. folder says:

    Very good tutorial.I not open attachments even, that comes from friends. First I scan them with antivirus. Thankx for article.

  8. Simon Wilby says:

    Thanks for the tip. I will email this to my buddies. Thank god I haven’t received any emails yet.

  9. Remover WGA says:

    Nice tuto …

    eMails from UPS? Whats next?

    I agree with Geeks-in-Route, why use Norton and Macafee when we could use a FREE antivirus like Avast or AVG, that are as good and eficient?

  10. Thanks for the warning. Will be cautious while receiving and reading my mail now. Already spread the warning in my friends circle.

  11. Josey says:

    I GOT THE VIRUS! HAD TO DO FACTORY SETTINGS TO ALLOW IT TO LOAD. GOT BLACK SCREEN RIGHT BEFORE USER LOGON SCREEN!!!! ITS REAL!

  12. Clare says:

    Wish I’d read this yesterday!! This stupid Virus is still at large. Very stupidly we opened it (after scanning the attachment to be on the safe side) as we were expecting a parcel. It took out Internet Explorer / Mozilla Firefox, Outlook and even Kapersky Virus Software!!

  13. bob says:

    ….another thing about this “UPS” email. is if someone downloads the zip file, extracts it, and then opens it. it launches the viruse on your machine, one of the kids did it here and it caused all kind of problems……..used Malwarebytes to get rid of it.and am running fine now……………but something I have not seen mentioned here or at other sites about this virus, is that on my system, it placed a .dll file titled “oxagedeyo.dll” in my C:\Windows file,and it consequently was trying to run as an app upon startup……it was present in the start up menu, went and did a registry search for it and deleted it there, the oxagedeyo.dll file that was found in the “Windows”folder, had to be “deleted upon reboot”….. hope this is helpful to others…good luck

  14. logicdesign says:

    I never open immediately attachments even in those emails, that comes from friends. First I scan them with antivirus.

Trackbacks/Pingbacks

  1. [...] UPS Virus – It Does ComputeUPS Virus Warning Posted in Uncategorized | Leave a Comment [...]

  2. [...] – UPS Virus saved by higeorange2008-12-19 – Why Bother with Free to Air Satellite TV? saved by Inene2008-12-17 [...]


Leave a Reply

Related Sites