Browse » Home » Spam, Trojans » UPS_invoice.exe

UPS_invoice.exe

Posted July 16, 2008 

UPS_invoice.exe delivers a damn Trojan, Downloader.Diliv, that pulls the usual tricks: Downloader.Diliv rips open a big backdoor in your PC, to download a bunch of malware.

You catch Downloader.Diliv from a damn spam email, with the attachment ups_invoice.exe.

Cheers to spending a weekend dealing with identity theft.

So you probably picked up on the sarcasm.

But I’m sincere about showing you how to remove UPS_invoice.exe for free.

And also about how much I fancy your mum.

Remove UPS_invoice.exe Automatically, with SmitFraud

Don’t have a lot of time? What with YouPorn.com reading The Guardian, my charity work, and more, neither do I. If you don’t know how to manually delete UPS_invoice.exe files, and don’t want to learn, here’s how you automatically remove UPS_invoice.exe.

Before you start, print out these instructions—you’re going to have to restart your computer in Safe Mode. Also, back up your PC in case you make a mistake.

  1. Download SmitFraudFix for free, and save it to your desktop.
  2. Reboot your PC in Safe Mode.
    • To reboot in Safe Mode using Windows XP, restart your PC, and when a progress bar appears at the bottom of the screen, hit F8 once every second. When you see the Windows Start-up menu, highlight Safe Mode and hit Enter. Your desktop will show up, and make whatever repairs necessary. Then reboot your system and allow it to start up as normal.
    • To reboot in Safe Mode using Windows Vista, go Start > Run. Type “MSCONFIG” into the Open field, and click OK. From the BOOT.INI tab, check /SAFEBOOT and click Restart).
  3. Once your desktop loads, double-click SmitfraudFix.exe.
  4. After the credits roll, you’ll see a menu. Click option number two, “Clean (safe mode recommended)“. Click Enter and delete your files infected with UPS_invoice.exe.
  5. SmitFraudFix will clean your PC. When SmitFraudFix is finished, its Disk Cleanup automatically starts.
  6. Once Disk Cleanup is done, it’ll ask you, “Registry cleaning – Do you want to clean the registry?” Type in “Y” (yes), and click “Enter“. When Disk Cleanup finishes, restart your PC.
  7. If your system’s wininet.dll is infected, SmitFraudFix asks you if you want to replace the file. If SmitFraud asks, “Replace infected file?” Type “Y” (yes) to answer and click “Enter“.
  8. Once that’s finished, restart your system.
  9. After restarting, a Notepad file might popup with a log of the files SmitFraudFix deleted. If it doesn’t popup, you can find the log as a file rapport.txt in Local Disk C:, the root of your hard drive.
  10. Restart your system again, in Safe Mode. Once it boots up, go to C:\Windows\Temp. Select “Edit“, select “Select All“, and click “DELETE“. Click “Yes” to confirm you want all these files to get trashed in the Recycle Bin.
  11. Restart your system one more time, in normal mode. Go to Windows Update and download any critical updates for your computer. You’re done.

Remove UPS_invoice.exe with Your Bare Hands

You like a workout, eh? Manually removing UPS_invoice.exe can be hard and time consuming, but apparently you’re into that. Obviously, I can’t guarantee these instructions will completely remove UPS_invoice.exe from your system, but it’s worth a try. Just make sure you backup your system before you try to remove UPS_invoice.exe manually.

Before you start, print out these manual UPS_invoice.exe removal instructions and close all applications, including your web browser.

  1. Uninstall UPS_invoice.exe: Select Start menu > Settings > Control Panel. Double-click “Add/Remove Programs“, and search for “UPS_invoice.exe”. If you find UPS_invoice.exe, uninstall UPS_invoice.exe.
  2. Stop UPS_invoice.exe processes: Select Start menu > Run. Type taskmgr, then click on the Processes tab for a list of running processes. Search for UPS_invoice.exe processes, like UPS_invoice.exe.exe. Right-click “UPS_invoice.exe.exe”, and click “End task“.

    Stop UPS_invoice.exe processes
  3. Delete UPS_invoice.exe files in Windows Vista and XP: Select Start menu > Settings > Search. Click For Files and Folders… You’ll see a speech bubble asking you, “What do you want to search for?” Select All files and folders. Type the names of UPS_invoice.exe files into the search box. Now select Local Hard Drives, and click Search. As soon as you see a bastard UPS_invoice.exe file, just delete it.

    Delete UPS_invoice.exe files
  4. Unregister UPS_invoice.exe registry keys: Select Start menu > Run. Type regedit, and click OK. Search registry keys with “UPS_invoice.exe” in their name. To delete these UPS_invoice.exe registry keys, right-click the UPS_invoice.exe registry key, select “Modify”, and click “Delete“.

    Remove UPS_invoice.exe registry keys
  5. Unregister UPS_invoice.exe DLL files: Select Start menu > Settings > Run. Type “cmd” in Run’s box, and click OK. To switch directories, type “cd” in the command box, hit the Space key, and type the directory where the UPS_invoice.exe DLL file is located. If you don’t know which directory the UPS_invoice.exe DLL file is located in, enter “dir” into the command box to see a directory’s contents. To go back one directory, enter “cd ..” in the command box and hit Enter. Once you find the UPS_invoice.exe DLL file you want to remove, type “regsvr32 /u MadeUpDLLName.dll” (e.g., “regsvr32 /u UPS_invoice.exe.dll”) and hit Enter. If you delete a DLL by mistake, type “regsvr32 MadeUpWhoopsName.dll” (e.g., “regsvr32 UPS_invoice.exe.dll”) into your command box, and hit Enter.

    Unregister UPS_invoice.exe DLLs
  6. Delete UPS_invoice.exe directories: Select Start menu > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder. Search for “C:\ProgramFiles\UPS_invoice.exe“. Right-click “C:\ProgramFiles\UPS_invoice.exe“. Click “Delete“, “Yes“, and “Yes” again to confirm you want to move the UPS_invoice.exe folder into the Recycle Bin.
  7. Remove UPS_invoice.exe desktop icons: Drag and drop any UPS_invoice.exe icons into your Recycle Bin.
  8. Change your home page: If UPS_invoice.exe hijacked your home page, select Start menu > Control Panel > Internet Options > General. Under “Home Page” select Use Default. Enter the URL you want as your home page (for example, “http://www.damntrojan.co.uk”), and select “Apply” and “OK“. Open a new browser window to make sure your home page has changed.

You’re done. Hopefully these UPS_invoice.exe removal instructions got rid of UPS_invoice.exe for you. Just so we’re clear on things, I can’t guarantee these instructions will completely remove UPS_invoice.exe from your computer.

If you tried these instructions to get rid of UPS_invoice.exe and they didn’t work, throw your computer out the window.

Or consult professionals.

UPS_invoice.exe Might Be a Backdoor

WTF Are Backdoors?

Backdoors are spyware and malware that enter your system secretly, through your PC’s “backdoor”. Worms and Trojans most frequently use your computer’s backdoor to sneak in and steal your information, and maybe leave some more malware as an early birthday gift (yeah, thanks). Sound like UPS_invoice.exe?

UPS_invoice.exe Could Be a Trojan

WTF Are Trojans?

Remember that college class you took on Greek mythology?

Neither do I.

Trojans get their name from Greek mythology, though — a Trojan is software that acts like a Trojan horse. The same way that Trojan horse looked like a great gift to the Spartans — only it was stuffed full of soldiers — Trojans are software that appear harmless but are really designed to kill your computer.

Trojans often pretend to be a video codec you need to watch porn — really — , maybe a photo attached to email, or some sort of other harmless software. Once you open your gates to a Trojan though, it can spy on you, download more malware, or allow a hacker to do whatever he wants on your machine.

How UPS_invoice.exe and Trojans Might Infect You

  • Websites: When you’re surfing the web, you won’t only get infected when you download some codecs or plugins. Sometimes all you have to do is visit a site and a Trojan secretly downloads itself onto your computer. Scary. Use a browser like Firefox to prevent this — it’s much more secure than Internet Explorer.
  • Open ports: If you run any file-sharing applications — and I’m not just talking peer-to-peer music software — you risk opening up your system to infection. It can be as simple as leaving file sharing open on your instant message client. My rule of thumb is to close off every port. Set up a firewall, too, if you don’t already have one.
  • Email: Some random person you don’t really remember just forwarded you some hot pictures? Don’t open them. Lots of Trojans are dolled up as harmless looking email attachments that take advantage of security holes in your mail client. Spam blocker software can help, but it’s better just not to open any attachments from people you don’t know.

Popularity: 3% [?]

WTF? UPS_invoice.exe?

Yep. Read more:

» UPSInv.zip and NorthwestAirlines.zip
» So Many Trojans
» Trojan.Zlob.G
» SpywareGuard 2009
» Nano Antivirus

More in Spam, Trojans »