Hi All,
I need to tell you about an email I received in two different accounts from two “different” senders. The first came from customercare@bestbuy.com and the second came from customercare@amazon.com. The subject line is:
Confirmation for Order Z3566043
The body of the email starts off:
Dear Customer,
Thank you for shopping at our shop !
This e-mail is to inform you that your order has been shipped out.
The following information is for your reference (see details in the attachment):
- Order No.: Z3566043
- Order Date: 08/13/2006
SUBTOTAL : $1,769.99
SALESTAX : $0.00
SHIPPING : $16.81
TOTAL : $1,786.80
- Ship Via: FDX Overnight Delivery
[Ship Date :] 08/14/2006 [Tracking No:] 708745655472
Please note that if your order includes more than one package, the
packages may not be delivered at the same time due to the shipping carrier’s
schedule and the delivery method, and this is out of our control.
In addition, backordered items will be shipped separately.
You may check the status of your package’s progress at our website.
Simply click on “Customer Service”, then log into the “Member Center”.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Attached to this email is a file called:
Z3566043.zip
Both emails had identical subject lines and email body.
I looked at this file through WinZip and saw that it was called Z3566043.exe. I knew better but was panicked that someone had stolen one of my credit cards and bought almost $2000 worth of stuff from Best Buy. As expected, clicking on the .exe opened and then quickly closed a window. Now, Outlook Express will not open (I get a blank Program Error Dialog Box when opening Outlook Express) and certain websites will not load (like this forum…I’m using another computer to write this).
A through Avast scan detected the following items:
Win32:Agent-AJN [Trj] installed in C:\WINNT\System32
and
Win32:Haxdoor-EM [Trj] installed in C:\Documents and Settings\All Users\Documents\Dr Watson
I’m running Windows 2000 Professional and, generally, have a clean system. Moving those two items to chest did not resolve my difficulties. I still have the .zip file if that would help you find the fix. Obviously, there are more components to this virus.
I should have known better than to try and open it. I understand somebody has to get these things before you can develop a fix. Malicious or fatal, I’ll have to deal with the consequences. Any help is needed and welcomed.