Suspicious rar file opened [SOLVED]

Questions about the project and the distribution - obviously no support questions here please
Nicola R Pulcino
Level 1
Level 1
Posts: 4
Joined: Sat May 27, 2017 4:02 am

Suspicious rar file opened [SOLVED]

Postby Nicola R Pulcino » Sun Oct 29, 2017 1:39 pm

Hello everyone,
i hope you can help me.

Having received an email from DHL which informed about an alleged package of mine, i downloaded the file attached to it (a rar archive) and after extracting the file i opened trough mozilla firefox the .WFS (or something like that, i can't remeber) file it contained.

I realized it was a false email, probably for phishing, and i would never have opened it but i am really expecting a package, so i fell for it (like a fool).

I am wondering if i have taken some damage on my pc, but when i opened the .wfs file only a window with weird series of character appeared, a bunch of numbers and symbols, as if mozilla could not read it.

Do you think i could be in trouble?

Thank you all.
Fabio
Last edited by Nicola R Pulcino on Thu Nov 02, 2017 4:39 am, edited 1 time in total.

User avatar
Moem
Level 11
Level 11
Posts: 3684
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Suspicious rar file opened

Postby Moem » Sun Oct 29, 2017 1:44 pm

Very unlikely. Any payload obviously did not trigger properly, or you would have seen a message saying something like 'your files are now encrypted, pay us to decrypt'. It can't be a Linux virus since those have never been found in the wild (as yet). I think you can relax.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

User avatar
Pjotr
Level 18
Level 18
Posts: 8842
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Suspicious rar file opened

Postby Pjotr » Sun Oct 29, 2017 1:51 pm

You're probably OK. Like 99.9 % sure. The only precaution I'd take: clean your Firefox profile by resetting it to the defaults.

Like this:

Code: Select all

rm -v -R ~/.mozilla

Close Firefox and relaunch it.
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
phd21
Level 13
Level 13
Posts: 4897
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: Suspicious rar file opened

Postby phd21 » Sun Oct 29, 2017 2:07 pm

Hi "Nicola R Pulcino",

Welcome to the wonderful world of Linux Mint and its excellent forum !

I just read your post and the good replies to it. Here are my thoughts on this as well.

It would help to know more about your system setup like which edition and version of Linux Mint. If you run "inxi -Fxzd" and "lsusb" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

I would also agree that you are probably safe, but never open links or download files from any unknown source. FYI: Most, if not all, shippers would not send you an attachment only an email with information... Unless you specifically asked for it.

You can also check a file(s) using "virus total" website before using it, or extracting it in the case of an archive file.
https://www.virustotal.com/#/home/upload


Hope this helps ...
Phd21: Mint KDE 17.3 & 18.2, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,3gb Ram,160gb hdd, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

Nicola R Pulcino
Level 1
Level 1
Posts: 4
Joined: Sat May 27, 2017 4:02 am

Re: Suspicious rar file opened

Postby Nicola R Pulcino » Sun Oct 29, 2017 2:14 pm

Thank you all for your time and answers.

To phd21, here are the results of the commands line you suggested:

Code: Select all

System:    Host: Bahamut Kernel: 4.4.0-21-generic i686 (32 bit gcc: 5.3.1)
           Desktop: MATE 1.14.1 (Gtk 3.18.9-1ubuntu3.3)
           Distro: Linux Mint 18 Sarah
Machine:   System: TOSHIBA product: Satellite Pro C660 v: PSC0RE-01E00RIT
           Mobo: TOSHIBA model: PWWAA v: 1.00
           Bios: TOSHIBA v: 2.00 date: 05/09/12
CPU:       Dual core Intel Core i3 M 380 (-HT-MCP-) cache: 3072 KB
           flags: (lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 10109
           clock speeds: max: 2533 MHz 1: 1466 MHz 2: 1466 MHz 3: 1866 MHz
           4: 1466 MHz
Graphics:  Card: Intel Core Processor Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.18.3 drivers: intel (unloaded: fbdev,vesa)
           Resolution: 1366x768@60.00hz
           GLX Renderer: Mesa DRI Intel Ironlake Mobile x86/MMX/SSE2
           GLX Version: 2.1 Mesa 11.2.0 Direct Rendering: Yes
Audio:     Card Intel 5 Series/3400 Series High Definition Audio
           driver: snd_hda_intel bus-ID: 00:1b.0
           Sound: Advanced Linux Sound Architecture v: k4.4.0-21-generic
Network:   Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: 3000 bus-ID: 01:00.0
           IF: enp1s0 state: down mac: <filter>
           Card-2: Broadcom BCM4313 802.11bgn Wireless Network Adapter
           driver: bcma-pci-bridge bus-ID: 06:00.0
           IF: wlp6s0b1 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (11.0% used)
           ID-1: /dev/sda model: TOSHIBA_MK5075GS size: 500.1GB
           Optical: /dev/sr0 model: TSST CDDVDW SN-208AB
           rev: TO02 dev-links: cdrom,cdrw,dvd,dvdrw
           Features: speed: 24x multisession: yes
           audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition: ID-1: / size: 220G used: 50G (24%) fs: ext4 dev: /dev/sda5
           ID-2: swap-1 size: 2.00GB used: 0.00GB (0%) fs: swap dev: /dev/sda6
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 52.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 198 Uptime: 52 min Memory: 528.2/1872.8MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35

And:

Code: Select all

Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 058f:a009 Alcor Micro Corp.
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Last edited by WharfRat on Sun Oct 29, 2017 9:47 pm, edited 1 time in total.
Reason: Added code tag

User avatar
chrisuk
Level 4
Level 4
Posts: 490
Joined: Thu Jun 12, 2008 6:16 am

Re: Suspicious rar file opened

Postby chrisuk » Sun Oct 29, 2017 2:17 pm

Nobody can help you, Fabio, as nobody knows what you downloaded. Best advice is mentioned above: send the file to virustotal to see if it's malware.
Chris

LMDE2 MATE - SparkyLinux - MX Linux - Manjaro MATE

User avatar
WharfRat
Level 19
Level 19
Posts: 9925
Joined: Thu Apr 07, 2011 8:15 pm

Re: Suspicious rar file opened

Postby WharfRat » Sun Oct 29, 2017 9:46 pm

A .wfs file is script written for automating tasks in Microsoft Windows installation process.

If you were running windows when you opened that file then you would really need to worry.

Since such scripts cannot be executed in Linux, I would just say be grateful your on Linux :wink:
Image ImageImage

Nicola R Pulcino
Level 1
Level 1
Posts: 4
Joined: Sat May 27, 2017 4:02 am

Re: Suspicious rar file opened

Postby Nicola R Pulcino » Mon Oct 30, 2017 4:02 am

Thank you WharfRat.
:wink:


Return to “Non-technical Questions”

Who is online

Users browsing this forum: No registered users and 3 guests