Hello everyone,
i hope you can help me.
Having received an email from DHL which informed about an alleged package of mine, i downloaded the file attached to it (a rar archive) and after extracting the file i opened trough mozilla firefox the .WFS (or something like that, i can't remeber) file it contained.
I realized it was a false email, probably for phishing, and i would never have opened it but i am really expecting a package, so i fell for it (like a fool).
I am wondering if i have taken some damage on my pc, but when i opened the .wfs file only a window with weird series of character appeared, a bunch of numbers and symbols, as if mozilla could not read it.
Do you think i could be in trouble?
Thank you all.
Fabio
Suspicious rar file opened [SOLVED]
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
-
- Level 1
- Posts: 24
- Joined: Sat May 27, 2017 4:02 am
Suspicious rar file opened [SOLVED]
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: Suspicious rar file opened
Very unlikely. Any payload obviously did not trigger properly, or you would have seen a message saying something like 'your files are now encrypted, pay us to decrypt'. It can't be a Linux virus since those have never been found in the wild (as yet). I think you can relax.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
- Pjotr
- Level 24
- Posts: 20091
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: Suspicious rar file opened
You're probably OK. Like 99.9 % sure. The only precaution I'd take: clean your Firefox profile by resetting it to the defaults.
Like this:
Close Firefox and relaunch it.
Like this:
Code: Select all
rm -v -R ~/.mozilla
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: Suspicious rar file opened
Hi "Nicola R Pulcino",
Welcome to the wonderful world of Linux Mint and its excellent forum !
I just read your post and the good replies to it. Here are my thoughts on this as well.
It would help to know more about your system setup like which edition and version of Linux Mint. If you run "inxi -Fxzd" and "lsusb" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.
I would also agree that you are probably safe, but never open links or download files from any unknown source. FYI: Most, if not all, shippers would not send you an attachment only an email with information... Unless you specifically asked for it.
You can also check a file(s) using "virus total" website before using it, or extracting it in the case of an archive file.
https://www.virustotal.com/#/home/upload
Hope this helps ...
Welcome to the wonderful world of Linux Mint and its excellent forum !
I just read your post and the good replies to it. Here are my thoughts on this as well.
It would help to know more about your system setup like which edition and version of Linux Mint. If you run "inxi -Fxzd" and "lsusb" from the console terminal prompt, highlight the results, copy and paste them back here, that should provide enough information.
I would also agree that you are probably safe, but never open links or download files from any unknown source. FYI: Most, if not all, shippers would not send you an attachment only an email with information... Unless you specifically asked for it.
You can also check a file(s) using "virus total" website before using it, or extracting it in the case of an archive file.
https://www.virustotal.com/#/home/upload
Hope this helps ...
Phd21: Mint 20 Cinnamon & KDE Neon 64-bit Awesome OS's, Dell Inspiron I5 7000 (7573, quad core i5-8250U ) 2 in 1 touch screen
-
- Level 1
- Posts: 24
- Joined: Sat May 27, 2017 4:02 am
Re: Suspicious rar file opened
Thank you all for your time and answers.
To phd21, here are the results of the commands line you suggested:
And:
To phd21, here are the results of the commands line you suggested:
Code: Select all
System: Host: Bahamut Kernel: 4.4.0-21-generic i686 (32 bit gcc: 5.3.1)
Desktop: MATE 1.14.1 (Gtk 3.18.9-1ubuntu3.3)
Distro: Linux Mint 18 Sarah
Machine: System: TOSHIBA product: Satellite Pro C660 v: PSC0RE-01E00RIT
Mobo: TOSHIBA model: PWWAA v: 1.00
Bios: TOSHIBA v: 2.00 date: 05/09/12
CPU: Dual core Intel Core i3 M 380 (-HT-MCP-) cache: 3072 KB
flags: (lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 10109
clock speeds: max: 2533 MHz 1: 1466 MHz 2: 1466 MHz 3: 1866 MHz
4: 1466 MHz
Graphics: Card: Intel Core Processor Integrated Graphics Controller
bus-ID: 00:02.0
Display Server: X.Org 1.18.3 drivers: intel (unloaded: fbdev,vesa)
Resolution: 1366x768@60.00hz
GLX Renderer: Mesa DRI Intel Ironlake Mobile x86/MMX/SSE2
GLX Version: 2.1 Mesa 11.2.0 Direct Rendering: Yes
Audio: Card Intel 5 Series/3400 Series High Definition Audio
driver: snd_hda_intel bus-ID: 00:1b.0
Sound: Advanced Linux Sound Architecture v: k4.4.0-21-generic
Network: Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
driver: r8169 v: 2.3LK-NAPI port: 3000 bus-ID: 01:00.0
IF: enp1s0 state: down mac: <filter>
Card-2: Broadcom BCM4313 802.11bgn Wireless Network Adapter
driver: bcma-pci-bridge bus-ID: 06:00.0
IF: wlp6s0b1 state: up mac: <filter>
Drives: HDD Total Size: 500.1GB (11.0% used)
ID-1: /dev/sda model: TOSHIBA_MK5075GS size: 500.1GB
Optical: /dev/sr0 model: TSST CDDVDW SN-208AB
rev: TO02 dev-links: cdrom,cdrw,dvd,dvdrw
Features: speed: 24x multisession: yes
audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition: ID-1: / size: 220G used: 50G (24%) fs: ext4 dev: /dev/sda5
ID-2: swap-1 size: 2.00GB used: 0.00GB (0%) fs: swap dev: /dev/sda6
RAID: No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors: System Temperatures: cpu: 52.0C mobo: N/A
Fan Speeds (in rpm): cpu: N/A
Info: Processes: 198 Uptime: 52 min Memory: 528.2/1872.8MB
Init: systemd runlevel: 5 Gcc sys: 5.4.0
Client: Shell (bash 4.3.481) inxi: 2.2.35
Code: Select all
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 058f:a009 Alcor Micro Corp.
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Last edited by Anonymous on Sun Oct 29, 2017 9:47 pm, edited 1 time in total.
Reason: Added code tag
Reason: Added code tag
Re: Suspicious rar file opened
Nobody can help you, Fabio, as nobody knows what you downloaded. Best advice is mentioned above: send the file to virustotal to see if it's malware.
Re: Suspicious rar file opened
A .wfs file is script written for automating tasks in Microsoft Windows installation process.
If you were running windows when you opened that file then you would really need to worry.
Since such scripts cannot be executed in Linux, I would just say be grateful your on Linux
If you were running windows when you opened that file then you would really need to worry.
Since such scripts cannot be executed in Linux, I would just say be grateful your on Linux
-
- Level 1
- Posts: 24
- Joined: Sat May 27, 2017 4:02 am
Re: Suspicious rar file opened
Thank you WharfRat.