SS32 malware? URGENT HELP needed!

I received an email from a trusted friend with an attachment for a picture of a document asking me to help �I cannot see or download this, help please�. When I foolishly clicked on the document it executed an application ss32 and the asked to restart the computer to turn off UAC! I have not switched off the computer afraid it that ss32 may be a malicious application.
Anyone has any information on this mysterious ss32.exe?
What should I do to solve this?

Disconnect the computer from the internet immediately
Kill the SS32.exe process (or whatever process you suspect has been launched) via task manager
Scan the disk for SS32.exe and delete any traces of it.
Run a full antivirus scan
Download the VIPRE Rescue Scanner (google it) and run this on the PC.
Run any additional malware scanning/protection utilities you care to.
Go into Control Panel > User Accounts > User Account Control and turn UAC back on if it appears disabled
Restart computer and assess situation, consider plugging internet connection back in if you think the threat is gone.

If you google for it, it doesn't seem to be anything particularly nasty... but Pipexer's advice is sound- better safe than sorry where unknown software is concerned.

Hi there. I am going to assume you have an antivirus already.

The best tool you can download if it's escaped your current security is malware bytes (I find this anyway and I offer IT help at work on the side - clearing infections of work colleagues machines most days as a bit on the side hehe).
Link: http://www.malwarebytes.org
Click free download
It gives you a free 14 day trial which is plenty to catch the infection and remove it.

Commonly infected machines are blocked from accessing the site or it will take you to a different site where you get more infected so you might be best to get it on another PC and then put it on a memory stick & install it.

Run a full scan, preferably in safe mode.

This finds most of the nasties and is particular good at finding what most other programs miss.

Edited by ukhardy07 (Mon 08-Jul-13 23:48:34)

I thought that too, but a closer look seems the OP has unfortunately come across some very new malware - http://blog.dynamoo.com/ check the blog post date, only 2 hrs ago.

Fair enough, some poor soul has to be the first

Indeed - I've just downloaded said file to see what happened, Windows Defender, using definitions as of now, does not detect it as malware. The OP should be very cautious and would probably be best running some rescue scanners tomorrow when new definitions have become available. Seems this (variant at least) has literally only just hit within the past few hours.

Running Malwarebytes at this very moment will report back to what happens!

Good chance it won't detect anything as I have just seen. Go for a manual removal and the steps I mentioned at the very least before plugging computer back into network. If it is disabling UAC clearly UAC stops it working properly, so ensure you restore UAC to its ON setting.

This malware seems to delete all restore points too!!

Norton AV detected it upon download as:

In reference to securityresponse.symantec.com/security_response/writeup.jsp?docid=2...:

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec�s community of users and therefore are likely to be security risks.

I killed the SS32.exe process then updated Malwarebytes and run a scan, it found the threat > in User APPDATA>Roaming folder I deleted all traces of the SS32
Files Detected: 1
C:\Users\Emer\Documents\Downloads\Document_948357853____.exe (Trojan.Downloader.VM) -> Quarantined and deleted successfully.
Did as you advised downloaded Vipre Rescue Scanner and run it.
Turned on the UAC and all seems ok except that the malware has deleted all my restore points!

I do use Malwarebytes on a regular basis. I updated the definitions and yes it did find the offending malware.
Files Detected: 1
C:\Users\Emer\Documents\Downloads\Document_948357853____.exe (Trojan.Downloader.VM)[/b[/u]] -> Quarantined and deleted successfully.

If you want a thorough scan for rootkits and malware, go to forums.majorgeeks.com and see the Malware Removal subforum

Think you're gonna have to live with your deleted restore points, or should that be live without restore points?

I've done all as you advised plus run as many antivirus and malware applications as I could find, to make sure the pc is clean of ss32.exe turned UAC to max protection and then I created a restore point.

Thanks a million for your help.

I received an email from a trusted friend with an attachment for a picture of a document asking me to help �I cannot see or download this, help please�.

I suggest that you recommend to your friend, they change their email password.

May not be the case. Ive had emails from "friends" with their name in the subject and a dodgy link .Clearly wasnt them but at the same time we are only friends on Facebook, dont have each others email addresses.

From reading around, its a common thing with Facebook, especially as friends lists and email addresses are often not made private

In reply to a post by ggremlin:

I received an email from a trusted friend with an attachment for a picture of a document asking me to help �I cannot see or download this, help please�.

I suggest that you recommend to your friend, they change their email password.

I did ask my friend if he had personally sent me the email, which he confirmed, as I wanted to establish if his email or other social account had been hacked.

I have changed my passwords as a precaution, which I do now and again and have told him to do likewise.

In reply to a post by scopio:

I did ask my friend if he had personally sent me the email, which he confirmed

Why did he send you a virus? He could have clicked on it just as well as you and infected his PC instead of yours.

In reply to a post by XRaySpeX:

Why did he send you a virus? He could have clicked on it just as well as you and infected his PC instead of yours.

That is something that I have discussed with him! He should have noticed that the email when he received it came from someone he did not know and it should have started bells ringing, particularly when it contained an attachment! He did infect his pc as he did click on it and could not see the document, which is why he sent the email to me to try and 'open' see the attached document! I fell for it because the email was coming from him and not from someone I did not know, thinking it was genuine I fell for it too!
Lesson to be learned!