I may have been sent by a virus (.scr file)

altaybasar · October 6, 2022

Hello! I've been a seller on Fiverr for 5 months. I'm about to become a level 2 seller soon. I'm so sorry if this is a wrong topic to write but I'm a bit worried right know and don't know what to do.

About a 1 hour ago I received a zip file from a new client. I was stupid enough to download and open it. And it had a .scr file. I was a complete idiot to open that too since my Windows Defender didn't detect any virus. But then I made a researchment on the internet and learned that it is a common virus. I never thought of that because I often receive files from my clients. I changed my password for Fiverr, scanned my computer with two different Antivirus programs and it was all clean.

I also wrote a warning message to most of my clients about that issue so they won't open any files they will receive from me.

Is there anything I can do to secure my account or my computer?

(I'm really sorry for that messy topic but I'm really worried so I hope you understand my situtation)

Edited October 6, 2022 by altaybasar
Wrong title

uk1000 · October 7, 2022

9 hours ago, altaybasar said:

I changed my password for Fiverr, scanned my computer with two different Antivirus programs and it was all clean...Is there anything I can do to secure my account or my computer?

For your computer if you've already run 2 anti-virus programs on it and they said it was okay it could be okay. What you could do is contact CS about it so they know. Maybe they can check the .scr out if you tell them which message/user sent it to you and they could check if anything unusual has happened with your account or will know if something does happen.

If it was safe to do, what might help is if you knew what that particular .scr file did, in case it has run. Not all .scr files will be a virus (eg. they're also screen savers ) but it's very suspicious if someone has sent one in a zip file if you're not expecting that). Some people have suggested checking the a file with an online virus checker (eg. someone suggested the virustotal site I think). I've not done that so I don't know how good/safe it is. Maybe there's an option to send a file for checking to an antivirus company (eg. one you have an antivirus for). Maybe they could let you know what it does. If you're careful (ie. don't actually double click on it or run it) maying loading it into a hex editor might give you an idea what it actually does/what's in it (don't load it into a normal editor). So whatever you do be careful not to actually run/open it/double click on it. You could also use an account (eg. windows) with low privileges so it's less likely to do damage depending on what you did.

If you haven't already done it you could turn on 2 factor authentication. That should help.

Edited October 7, 2022 by uk1000

altaybasar · October 7, 2022

4 hours ago, uk1000 said:

For your computer if you've already run 2 anti-virus programs on it and they said it was okay it could be okay. What you could do is contact CS about it so they know. Maybe they can check the .scr out if you tell them which message/user sent it to you and they could check if anything unusual has happened with your account or will know if something does happen.

If it was safe to do, what might help is if you knew what that particular .scr file did, in case it has run. Not all .scr files will be a virus (eg. they're also screen savers ) but it's very suspicious if someone has sent one in a zip file if you're not expecting that). Some people have suggested checking the a file with an online virus checker (eg. someone suggested the virustotal site I think). I've not done that so I don't know how good/safe it is. Maybe there's an option to send a file for checking to an antivirus company (eg. one you have an antivirus for). Maybe they could let you know what it does. If you're careful (ie. don't actually double click on it or run it) maying loading it into a hex editor might give you an idea what it actually does/what's in it (don't load it into a normal editor). So whatever you do be careful not to actually run/open it/double click on it. You could also use an account (eg. windows) with low privileges so it's less likely to do damage depending on what you did.

If you haven't already done it you could turn on 2 factor authentication. That should help.

Thank you for your answer,

I contacted CS just as this happened, they requested the usernames and I've given them, I'm awaiting response.

But the problem is: My account sent 3 bot messages just like I received last night. I saw that and immediately warned the sellers saying not to download and open that file. My two factor authentication is enabled but I received no messages about another device that is trying to access my Fiverr account. I wonder if there's a way to remove those bots from my accounts.

uk1000 · October 7, 2022

35 minutes ago, altaybasar said:

But the problem is: My account sent 3 bot messages just like I received last night. I saw that and immediately warned the sellers saying not to download and open that file. My two factor authentication is enabled but I received no messages about another device that is trying to access my Fiverr account. I wonder if there's a way to remove those bots from my accounts.

If you received no messages saying someone else was was trying to log into your account from a new device it maybe that the 'bot' is running on your device (eg. your computer). You can speak to CS about it - you could ask them what devices you have logged in and if they can close others you're not using.

But if something its running on your device that's doing it then that would mean your 2 virus checkers didn't find it. You could try another virus/malware checker. You could try using that virustotal site to check the file with that if you think that would help or try the other suggestions I gave about using an option with the antivirus site to let them check it (if they have an option for that).

If you're using windows you could try looking at the taskmanager in case it shows up there and see if there's something new/unusual running (though they might hide it from the taskmanager).

So either it's running on your device sending the messages or it could have sent your log-in details to them but if it did and they're using that I'd expect it would have said something in an email to you talking about a new login.

Edited October 7, 2022 by uk1000

altaybasar · October 7, 2022

1 minute ago, uk1000 said:

If you received no messages saying someone else was was trying to log into your account from a new device it maybe that the 'bot' is running on your device (eg. your computer). You can speak to CS about it - you could ask them what devices you have logged in and if they can close others you're not using.

But if something its running on your device that's doing it then that would mean your 2 virus checkers didn't find it. You could try another virus/malware checker. You could try using that virustotal site to check the file with that if you think that would help or try the other suggestions I gave about using an option with the antivirus site to let them check it (if they have an option for that).

If you're using windows you could try looking at the taskmanager in case it shows up there and see if there's something new/unusual running (though they might hide it from the taskmanager).

Yes I'm using Windows and I've checked taskmanager, there was nothing looking unusual. I informed CS about everything and awaiting them to reply. Thank you so much for your help. I've been incredibly under stress and worried about this thing since last night. I really hope things turns out to be well.

uk1000 · October 7, 2022

Just now, altaybasar said:

I informed CS about everything and awaiting them to reply.

I think when something like this happened to a lot of people they put the accounts on hold (or some similar status) until they sorted it out.

You could ask CS to put your account on hold (or whatever status would stop someone else changing it/sending messages with it) until everything is secure if you wanted.

altaybasar · October 7, 2022

1 minute ago, uk1000 said:

I think when something like this happened to a lot of people they put the accounts on hold (or some similar status) until they sorted it out.

You could ask CS to put your account on hold (or whatever status would stop someone else changing it/sending messages with it) until everything is secure if you wanted.

Yes this is the primary option in my head if they reply me

uk1000 · October 7, 2022

These are 2 threads where something similar happened to a lot of people:

altaybasar · October 7, 2022

34 minutes ago, uk1000 said:

These are 2 threads where something similar happened to a lot of people:

Yes I saw them during my research. That's a really unfortunate problem, it's sad to see ill-intented scammers on Fiverr. I know it's my fault to download and open that file but I've completed 100 orders like this, receiving the file from the client and downloading them as the .jpg and .mp4 formats since I'm an animator. I just couldn't know this one included a virus. I wish all of these haven't happened but I hope CS will help me and it will be okay.

I know I am not the only one who is affected by this scam. And I think I'm lucky to be aware of the situation quickly and act. I hope no one gets their business hurt.

Edited October 7, 2022 by altaybasar

I may have been sent by a virus (.scr file)

Question

altaybasar

Link to comment

Share on other sites

8 answers to this question

Recommended Posts

uk1000

Link to comment

Share on other sites

altaybasar

Link to comment

Share on other sites

uk1000

Link to comment

Share on other sites

altaybasar

Link to comment

Share on other sites

uk1000

Link to comment

Share on other sites

altaybasar

Link to comment

Share on other sites

uk1000

Link to comment

Share on other sites

altaybasar

Link to comment

Share on other sites

Please sign in to comment

Forums

Community Guidelines

Events

Resources & Help Center

Activity