If you or somebody you know was recently infected because they were tricked into opening a fake shipping label in an email, there’s a quick and easy way to get rid of it. At least, these are the steps that worked on our test machine.
The email would have come in with an attachment named something like UPS_invoice_NR34073.zip, with the following text:
The courier company was not able to deliver your parcel by your address. Cause: Error in shipping address. You may pickup the parcel at our post office personaly! Please attention! The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.
Naturally, this is a virus that causes your machine to repeatedly reboot itself.
Luckily, there’s a quick and easy fix.
Fixing the Fake UPS Tracking Nmber Virus
When your PC reboots again, hit the F8 key right before Windows starts so you can access the boot options, and then choose Safe Mode.
Once it starts up into Safe Mode, open the Run box and type in shell:startup to get straight to the startup folder, and then delete the file named raryp32.exe from the folder.
You should be able to reboot your machine at this point, and get back into your system. Make sure to run a full virus scan at this point! If you don’t have an anti-virus application, we recommend the free Microsoft Security Essentials.
Note: These are the steps that worked for us on a test machine here at the office. Viruses change over time, so the same steps may not work for you.
Programmer by day, geek by night, The Geek, also known as Lowell Heddings, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on Google+ if you'd like.
- Published 01/18/10