Suspicious rar file opened [SOLVED]

[Nicola R Pulcino]

Hello everyone,
i hope you can help me.

Having received an email from DHL which informed about an alleged package of mine, i downloaded the file attached to it (a rar archive) and after extracting the file i opened trough mozilla firefox the .WFS (or something like that, i can't remeber) file it contained.

I realized it was a false email, probably for phishing, and i would never have opened it but i am really expecting a package, so i fell for it (like a fool).

I am wondering if i have taken some damage on my pc, but when i opened the .wfs file only a window with weird series of character appeared, a bunch of numbers and symbols, as if mozilla could not read it.

Do you think i could be in trouble?

Thank you all.
Fabio

[Moem]

Very unlikely. Any payload obviously did not trigger properly, or you would have seen a message saying something like 'your files are now encrypted, pay us to decrypt'. It can't be a Linux virus since those have never been found in the wild (as yet). I think you can relax.

[Pjotr]

You're probably OK. Like 99.9 % sure. The only precaution I'd take: clean your Firefox profile by resetting it to the defaults.

Like this:

Code: Select all

rm -v -R ~/.mozilla

Close Firefox and relaunch it.

[phd21]

Hi "Nicola R Pulcino",

Welcome to the wonderful world of Linux Mint and its excellent forum !

I just read your post and the good replies to it. Here are my thoughts on this as well.

It would help to know more about your system setup like which edition and version of Linux Mint. If you run "inxi -Fxzd" and "lsusb" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.

I would also agree that you are probably safe, but never open links or download files from any unknown source. FYI: Most, if not all, shippers would not send you an attachment only an email with information... Unless you specifically asked for it.

You can also check a file(s) using "virus total" website before using it, or extracting it in the case of an archive file.
https://www.virustotal.com/#/home/upload


Hope this helps ...

[Nicola R Pulcino]

Thank you all for your time and answers.

To phd21, here are the results of the commands line you suggested:

Code: Select all

System:    Host: Bahamut Kernel: 4.4.0-21-generic i686 (32 bit gcc: 5.3.1)
           Desktop: MATE 1.14.1 (Gtk 3.18.9-1ubuntu3.3)
           Distro: Linux Mint 18 Sarah
Machine:   System: TOSHIBA product: Satellite Pro C660 v: PSC0RE-01E00RIT
           Mobo: TOSHIBA model: PWWAA v: 1.00
           Bios: TOSHIBA v: 2.00 date: 05/09/12
CPU:       Dual core Intel Core i3 M 380 (-HT-MCP-) cache: 3072 KB
           flags: (lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 10109
           clock speeds: max: 2533 MHz 1: 1466 MHz 2: 1466 MHz 3: 1866 MHz
           4: 1466 MHz
Graphics:  Card: Intel Core Processor Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.18.3 drivers: intel (unloaded: fbdev,vesa)
           Resolution: 1366x768@60.00hz
           GLX Renderer: Mesa DRI Intel Ironlake Mobile x86/MMX/SSE2
           GLX Version: 2.1 Mesa 11.2.0 Direct Rendering: Yes
Audio:     Card Intel 5 Series/3400 Series High Definition Audio
           driver: snd_hda_intel bus-ID: 00:1b.0
           Sound: Advanced Linux Sound Architecture v: k4.4.0-21-generic
Network:   Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: 3000 bus-ID: 01:00.0
           IF: enp1s0 state: down mac: <filter>
           Card-2: Broadcom BCM4313 802.11bgn Wireless Network Adapter
           driver: bcma-pci-bridge bus-ID: 06:00.0
           IF: wlp6s0b1 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (11.0% used)
           ID-1: /dev/sda model: TOSHIBA_MK5075GS size: 500.1GB
           Optical: /dev/sr0 model: TSST CDDVDW SN-208AB
           rev: TO02 dev-links: cdrom,cdrw,dvd,dvdrw
           Features: speed: 24x multisession: yes
           audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition: ID-1: / size: 220G used: 50G (24%) fs: ext4 dev: /dev/sda5
           ID-2: swap-1 size: 2.00GB used: 0.00GB (0%) fs: swap dev: /dev/sda6
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 52.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 198 Uptime: 52 min Memory: 528.2/1872.8MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35 

And:

Code: Select all

Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 058f:a009 Alcor Micro Corp. 
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

[chrisuk]

Nobody can help you, Fabio, as nobody knows what you downloaded. Best advice is mentioned above: send the file to virustotal to see if it's malware.

[WharfRat]

A .wfs file is script written for automating tasks in Microsoft Windows installation process.

If you were running windows when you opened that file then you would really need to worry.

Since such scripts cannot be executed in Linux, I would just say be grateful your on Linux

[Nicola R Pulcino]

Thank you WharfRat.