A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.
If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody. Simply opening the attachment will release the virus and infect your machine.
UPS has issued the following statement regarding the email.
Attention Virus Warning
We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the
unauthorized actions of third parties.
Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.
Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.
Virus Removal
Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).
There are basically two steps to removal.
- Stop/Suspend System Restore (WinXP)
- Click Start.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
- If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
- Click Apply.
- When you see the confirmation message, click Yes.
- Click OK.
- Download your latest virus definition and run a full scan.
Here is the info from McAfee and Symantec
McAfee Info
http://vil.nai.com/vil/content/v_132901.htm
Symantec Info
http://www.symantec.com/security_response/writeup.jsp?docid=2008-071517-2718-99&tabid=3
Update:
7/24 – A new variant of this virus/trojan has been reported. The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.
7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket. The attachment has the name: E-ticket_xxx.zip.
Photo Credit Nils Geylen
Popularity: 74% [?]
Tags: malware, security, spam, tips, virus, Windows
Very good tutorial, i will surely do it step by step when it happends to me.(i hope never).
For those of you using Norton and McAfee, stop now. They are both absolutely garbage.
If you were using them when you got infected, then you should already know that. I have been using AVG for years now, and we recommend it to all of our clients nationwide. Do not use the free version however. It does not protect you against rootkits, spyware, or spam.
Download AVG: http://www.avg.com/download
Another helpfull tool for getting rid of tuff viruses is Avast. It has a great feature that allows you to do a preboot scan (before your windows boots up). It’s alot faster than the average scan, and is able to delete viruses easier as they are not yet running.
Download AVAST: http://avast.com/eng/programs.html
If all else fails, you can always visit us at http://www.Geeks-In-Route.com and have one of our very qualified technicians help you out.
I always use Avast home edition and it hasn’t let me down, also try not to use limewire and such, those are virus centers.
OMG thanks for the heads up. I would never have guessed a virus from a UPS email. Sheesh you gotta be on your toes for everything.
@dog product you ‘re right…a virus from UPS..thanks for the heads up
I never open immediately attachments even in those emails, that comes from friends. First of all I scan them with antivirus and only then open.
Very good tutorial.I not open attachments even, that comes from friends. First I scan them with antivirus. Thankx for article.
Thanks for the tip. I will email this to my buddies. Thank god I haven’t received any emails yet.
Nice tuto …
eMails from UPS? Whats next?
I agree with Geeks-in-Route, why use Norton and Macafee when we could use a FREE antivirus like Avast or AVG, that are as good and eficient?
Thanks for the warning. Will be cautious while receiving and reading my mail now. Already spread the warning in my friends circle.
I GOT THE VIRUS! HAD TO DO FACTORY SETTINGS TO ALLOW IT TO LOAD. GOT BLACK SCREEN RIGHT BEFORE USER LOGON SCREEN!!!! ITS REAL!
Wish I’d read this yesterday!! This stupid Virus is still at large. Very stupidly we opened it (after scanning the attachment to be on the safe side) as we were expecting a parcel. It took out Internet Explorer / Mozilla Firefox, Outlook and even Kapersky Virus Software!!
….another thing about this “UPS” email. is if someone downloads the zip file, extracts it, and then opens it. it launches the viruse on your machine, one of the kids did it here and it caused all kind of problems……..used Malwarebytes to get rid of it.and am running fine now……………but something I have not seen mentioned here or at other sites about this virus, is that on my system, it placed a .dll file titled “oxagedeyo.dll” in my C:\Windows file,and it consequently was trying to run as an app upon startup……it was present in the start up menu, went and did a registry search for it and deleted it there, the oxagedeyo.dll file that was found in the “Windows”folder, had to be “deleted upon reboot”….. hope this is helpful to others…good luck
I never open immediately attachments even in those emails, that comes from friends. First I scan them with antivirus.