Comments

my new photo malware — 24 Comments

  1. Today we have received in our office mail saying “my new photo” it contains exe file that is the same one which is in discussion under this forum.. do you have any idea about how to filter it out before we receive this email to in our inbox.

    “Email id which we got phot.zip attachment from: “stylisticsbfss@cellbear.in”) name :EMILEY

    • depends on how you want to do it or what access you have to the email server
      If you use Outlook as an email client, then set up a rule that looks for my new photo in subject or body and set it to delete or move to a secure folder ( in case of a genuine email coming with those words )
      or get in touch with whoever runs your mail server and get them to block them at the server end

  2. I unpacked it on a secondary computer, to see what’s in the file (iphone_photo.zip) but the zip file seems to be corrupted. I was hoping it would unpack something I could study. There is nothing indicating it’s running.

    After rebooting there was no ransomware showing up and both Norton 360 premier edition and Malwarebytes (free) don’t seem to find anything.

    Am I just incredibly lucky (or in my case unlucky for not getting to study it) or am I looking in the wrong place?

    • I am getting feedback from some antivirus companies that today’s version of this perennial malware is corrupt although it is being detected as malicious. There do seem to be about 3 or 4 slightly different versions spreading today. At least 2 of them are quite old versions from 10 days or so ago that are being recirculated, even though quite well detected by the majority of antiviruses

  3. email my company receive mail virus “my new photo” and extract file zip,i click file iphone_photo.exe.Now virus spam mail server my company.how to remove virus my new photo?.thank you very much..:)

    • I’m using Norton 360 and in case something gets trough (it rarely happens nowadays) there is this program called Norton Power Eraser.

      I got to warn you, NPA is a very agressive piece of software. It might delete more than just the virus, so use it as a last resort only.

      This is the link. I hope it helps: security.symantec.com/nbrt/npe.aspx?lcid=1033

  4. I can’t believe the number of people who have commented here after running this malicious attachment. NEWSFLASH: never never ever open or run an attachment that you weren’t expecting, or from someone you don’t know, especially if it ends in .exe. I can’t believe people are so gullible.

  5. Unfortunately windows by default does not have shown known file extensions enabled and file extensions like .exe, ,jpg etc are hidden. All a typical user sees is the file with a name of “my picture” and an icon that looks like a jpg or other image file
    In their usual dreamy state when opening an email, all they see is what pretends to be a picture and click on it
    That is why so many get infected. They think they are opening a picture and have never seen any file extensions on their computer https://myonlinesecurity.co.uk/show-known-file-types/

  6. I have two win xp PCs infected. Here is what I have found so far.
    Symptoms:
    – Virus causes RPC service to fail which results to pc shutdown (it always happens when you try to print).
    – The control panel utilities do not open.
    – The computer properties window does not open.
    – The system restore settings do not open

    Virus creates 3 files csrss.exe, svchost.exe and rundll32.exe in the user/Application data folder. It creates 3 registry entries for these files to run at pc start up. Even you delete the files and the entries virus recreates them.

    I managed to clean the one pc using various tools but i cannot clean the second with the same tools.
    The virus seems to have some files in the system restore points

  7. I have opened the email and attachment as it appeared to come from my real estate agent. I opened it on my phone, Samsung galaxy s4, will it infect an android system and if so how do I get rid of it????

Leave a Reply

Your email address will not be published. Required fields are marked *