Categorized | Anti-virus, Email, Internet

UPS Virus

A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.

virus_image If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody.  Simply opening the attachment will release the virus and infect your machine.

UPS has issued the following statement regarding the email.

Attention Virus Warning

 

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the

unauthorized actions of third parties.

Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.

Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.

Virus Removal

Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).

There are basically two steps to removal.

  • Stop/Suspend System Restore (WinXP)
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  5. Click Apply.
  6. When you see the confirmation message, click Yes.
  7. Click OK.
  • Download your latest virus definition and run a full scan.

Here is the info from McAfee and Symantec

McAfee Info
http://vil.nai.com/vil/content/v_132901.htm

Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3

Update:

9/1/2011- A new variant has surfaced with the subject of the email being “Your package has arrived”. There is no attachment, but instead a link to view the shipping invoice which contains malware.

7/24 – A new variant of this virus/trojan has been reported.  The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.

7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket.  The attachment has the name: E-ticket_xxx.zip.

Photo Credit Nils Geylen

This post was written by:

- who has written 66 posts on It Does Compute.


Contact the author

23 Responses to “UPS Virus”

  1. Filme noi says:

    Very good tutorial, i will surely do it step by step when it happends to me.(i hope never).

  2. For those of you using Norton and McAfee, stop now. They are both absolutely garbage.

    If you were using them when you got infected, then you should already know that. I have been using AVG for years now, and we recommend it to all of our clients nationwide. Do not use the free version however. It does not protect you against rootkits, spyware, or spam.

    Download AVG: http://www.avg.com/download

    Another helpfull tool for getting rid of tuff viruses is Avast. It has a great feature that allows you to do a preboot scan (before your windows boots up). It’s alot faster than the average scan, and is able to delete viruses easier as they are not yet running.

    Download AVAST: http://avast.com/eng/programs.html

    If all else fails, you can always visit us at http://www.Geeks-In-Route.com and have one of our very qualified technicians help you out.

  3. I always use Avast home edition and it hasn’t let me down, also try not to use limewire and such, those are virus centers.

  4. dog product says:

    OMG thanks for the heads up. I would never have guessed a virus from a UPS email. Sheesh you gotta be on your toes for everything.

  5. @dog product you ‘re right…a virus from UPS..thanks for the heads up

  6. Maxim says:

    I never open immediately attachments even in those emails, that comes from friends. First of all I scan them with antivirus and only then open.

  7. folder says:

    Very good tutorial.I not open attachments even, that comes from friends. First I scan them with antivirus. Thankx for article.

  8. Simon Wilby says:

    Thanks for the tip. I will email this to my buddies. Thank god I haven’t received any emails yet.

  9. Remover WGA says:

    Nice tuto …

    eMails from UPS? Whats next?

    I agree with Geeks-in-Route, why use Norton and Macafee when we could use a FREE antivirus like Avast or AVG, that are as good and eficient?

  10. Thanks for the warning. Will be cautious while receiving and reading my mail now. Already spread the warning in my friends circle.

  11. Josey says:

    I GOT THE VIRUS! HAD TO DO FACTORY SETTINGS TO ALLOW IT TO LOAD. GOT BLACK SCREEN RIGHT BEFORE USER LOGON SCREEN!!!! ITS REAL!

  12. Clare says:

    Wish I’d read this yesterday!! This stupid Virus is still at large. Very stupidly we opened it (after scanning the attachment to be on the safe side) as we were expecting a parcel. It took out Internet Explorer / Mozilla Firefox, Outlook and even Kapersky Virus Software!!

  13. bob says:

    ….another thing about this “UPS” email. is if someone downloads the zip file, extracts it, and then opens it. it launches the viruse on your machine, one of the kids did it here and it caused all kind of problems……..used Malwarebytes to get rid of it.and am running fine now……………but something I have not seen mentioned here or at other sites about this virus, is that on my system, it placed a .dll file titled “oxagedeyo.dll” in my C:\Windows file,and it consequently was trying to run as an app upon startup……it was present in the start up menu, went and did a registry search for it and deleted it there, the oxagedeyo.dll file that was found in the “Windows”folder, had to be “deleted upon reboot”….. hope this is helpful to others…good luck

  14. logicdesign says:

    I never open immediately attachments even in those emails, that comes from friends. First I scan them with antivirus.

  15. Elda Amrhein says:

    There is nothing that can be as stressful as the Trojan virus today to a computer end user. There are many tried and tested tools on how to remove a Trojan virus in the market today. With these tools how to remove a Trojan virus from your computer’ operating system is a do it yourself thing that calls for no particular expertise. Trojans are such a pain in the ass and they can be very malicious. My guide can help you out.

  16. kathleen says:

    If you’re ever in doubt about the legitimacy of an email from UPS be sure to contact them first prior to opening it – UPS Phone Number

  17. Thanks for the great post about the UPS virus. Spammers sending out fake emails has become so commonplace right now. But people need to check to see if these links even go to UPS to avoid these situations. I’m looking forward to reading a lot more of your site in the future.

  18. Jhun says:

    My sony vaio cw16FA notebook is already infected with this UPS virus. The problem is how can i remove it with your recommended antivirus softwares, my computer doesnt start-up because windows shutdown itself to prevent further damage to my computer. I have already done all sort of recovery system and reformating but to no avail the problem still exist. Pls help I dont to lose the pre-installed Window 7 OS on my computer.

  19. Hey anyone ever need a virus removed just come visit my site we would be happy to help

  20. Many thanks for this remarkable details. It actually assisted me out!

Trackbacks/Pingbacks

  1. […] UPS Virus – It Does ComputeUPS Virus Warning Posted in Uncategorized | Leave a Comment […]

  2. […] – UPS Virus saved by higeorange2008-12-19 – Why Bother with Free to Air Satellite TV? saved by Inene2008-12-17 […]

  3. UPS Emails says:

    […] who's pretty hot on using his computer sent this site to help if I open one of these inadvertently UPS Virus OK yawl remember to be safe ! Dangerous Dave Originally Posted by Beautiful View I get […]


Leave a Reply

Related Sites