Client clicked a link in email that appeared to be from FedEx tracking. The following screen appeared. The victim was expecting FedEx shipments and so was baited into clicking the email link. She uses Windows XP as an Administrator account so the virus was immediately installed without consulting her. Click the photo for the raw image.
Note the colors on the left are wrong for Microsoft, and there is a request for money on the bottom. CTR-ALT-DEL and ALT-F4 were disabled. The virus made it appear that it had erased all items from the Start Menu and was bringing up multiple Microsoft-like warnings of “hard disk failure”. Isolated testing of the Hard Disk showed nothing wrong with the disk.
Virus Scan results on the disk, under Linux and ClamTK. Click picture for larger image.
