Sketchy looking email from nexus

[Asgaro]

I am not on the Bethesda forums. Also, have there been any other reports of spam?

 

Another edit: From what I'm seeing so far, Superantispyware and Avast are not flagging the downloaded file as a trojan. Malwarebytes, however does. So if you think you may have been hit with it, try malwarebytes first, then hit it with the rest of what you might want to run.

 

What I do to clean PCs:

 

1. Combofix

2. disable system restore

3. Malwarebytes

4. Superantispyware

5. Avast boot-time scan

6. Avast full-system scan

7. re-enable system restore

8. run CCleaner to hit the registry and temp files

9. monitor for suspicious activity

10. If suspicious activity continues/ stuff comes back

a. Run Malwarebytes Anti-Rootkit

b. Continue from step 1.

 

ESET NOD32 AntiVirus stopped the threat: it cut off the download before it was fully done.

So thumbs up for ESET in this case! :D

 

EDIT: ESET received the update to detect this trojan only the day before yesterday! So probably antivirus like AVG now also have been updated.

So it seems the trojan wasn't known or whatever.

See here: http://www.eset.com/us/threat-center/threatsense-updates/search/?q=Injector.BFLP and http://www.virusradar.com/en/Win32_Injector.BFLP/detail

 

"Injector.BFLP" is the trojan so I looked it up on their site.

Edited June 11, 2014 by Asgaro

[Asgaro]

Maybe I'm just inherently cynical, but I never click links from emails unless I know exactly who sent it. I also have it so that images are blocked from even loading unless I allow it. If it's from a company, I always check the email address that sent it. Even if the email address looks legit, I make sure the company is known to send emails with links. If I can't verify either piece of information, I delete the email. Even if legit, they're usually not important anyway.

 

For example, if you really needed to update NMM, you could just come to the site and do so. There would be no logical reason for the Nexus to send you emails to update (aside from the fact that they're not known to do this).

 

Well, I can't disagree with you.

I just have to give probs to those who created it because they made it look pretty legit.

I mean: they even thought about adding an Unsubscribe line at the bottom of the email, where my email address was visible.

And they fooled GMail's Spam feature which normally works all the time.

 

And yes, I agree that Nexus never sends emails.

It's just that I've seen some software devs actually send occasional emails when they reach a milestone.

Like TuneUp Utilities sends me about an email every year.

 

The fact the version number of NMM in the email is 0.50.x made me think they reached a huge milestone, and they wanted to give it exposure. :D

 

Hell, I don't even have Fallout 3 or Fallout NV or Skyrim (don't have Skyrim yet, still waiting for good sale) or HMM installed right now. :D

I just wanted to see the latest changes, so I clicked the big HMM icon since normally icons within a mail bring you to the site or a related article.

[WilliamImm]

I've got this email too - my first thoughts on reciving it were akin to "That's funny, the Nexus never sends emails except on PM notifications, and a NMM version update seems like a weird and suspicious reason to send messages. And I never recall them using Mailjet before." I basically ignored it afterwards, I do not use NMM at all. Only when this was revealed to be a supicious email was when I deleted it and reported it as a phishing/malware email.