Yet another email is floating around out there trying to get you to download a file that’s really a virus. It’s sent from “The Facebook Team” and says something like “for security reasons your password had to be reset” and it tells you to download the .zip or .exe file that is attached (Facebook_Password_4cf91.zip or Facebook_Password_4cf91.exe).
If you look at the email closely enough, it probably isn’t even addressed to you. My Aunt got this email and the name they used referring to her, in the body of the email, was just a bunch of random letters. That, the random letters at the end of the file name and the fact that there is even an attachment at all should throw up red flags. But there will always be people who fall for this kind of thing or just don’t pay attention and download it anyway, which is why there are geeks like me around to fix things when this happens. Unless you reset your password yourself and triggered a confirmation email, you will not get these kind of emails, period.
My Aunt flipped out because she thought she may have saved the file on her computer so this prompted me to do a bit of research on what this virus is. I found the virus total report that shows which scanners are able to locate and eliminate the virus. Only 14 out of the 41 scanners are able to detect it – my Aunt happens to have Symantec, which if you notice is not one of those 14. I’m currently running F-Secure’s online scan and will run Microsoft’s Security Essentials since both of those are listed as being able to detect it.
Here’s the page on F-Secure’s website about the virus. There isn’t a whole lot of information on it. But it does list a registry key that is installed.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\”RunGrpConv” = “1”
If you’re comfortable working with computers you can check the registry yourself for that key. If not then I suggest running the F-Secure online scan on complete mode, if you have time to let it sit for awhile, and also running Microsoft Security Essentials. They are both user-friendly and free. Just be sure to remove security essentials once you’re done if you do have another anti-virus currently installed. Having more than one can really slow the computer down.
The good news is, from what I’ve read it looks like it’s just another virus that causes messages to pop up telling you that you need to pay to download a fake anti-virus in order to fix your computer. So it doesn’t appear to be something that is terribly difficult to get rid of.