Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Opened malicious Excel Macro from Upwork job request [Closed]

Upwork macros excel macro

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 1 posts

A couple days ago I received my very first job request on Upwork. It said the details were in an .xls file they attached to the job order. I was suspicious when I opened the file and it asked to enable macros. So, I scanned the file with AVG Free and it came back negative. Because it was my first work offer, I was excited and went against my instincts and enabled the macro. I quickly realized it was a bogus job offer. 


I didn't notice anything going on with my system, but the next day I received a message from Upwork:


Unfortunately, we believe your computer may be infected with a virus. This notice applies to you if the following is true:

  • You recently opened an .xls (Excel) or .doc (Word) file which was related to a job opening that you applied to or were invited to apply to and the file was named any of the following: The Past.doc foodvoice.xls voice.xls restvoice.xls

  • The file asked you to enable macros (or you already had macros enabled)

  • You enabled macros

Unfortunately, we’ve determined that the job opening was posted on a compromised account for the purposes of spreading malware, and the file is malicious.

If you took the above steps, please run a full antivirus scan using one of the following recommended options:

If you need further assistance with virus, malware, or spyware removal, you may visit the Geeks to Go forums for free technical support (please note that Upwork is not affiliated in any way with Geeks to Go and we are not responsible for the content of their website):


If you need additional support, we recommend hiring a professional computer technician for spyware and virus removal.

After verifying that your computer is free of malware, please ensure the security of your online accounts (especially your Upwork and email accounts) by updating your current passwords and security questions.

For your safety, routine antivirus scans should be performed on any devices used to access your account. Never run exe or other suspicious files sent to you by users you do not know or trust; even if a trusted individual sends you an exe or other suspicious file, you should verify its safety before running it. You may upload exe and other files smaller than 64MB to http://www.virustotal.com to have them scanned by 50+ antivirus programs.

If you have any questions, please reply to this notification and we'll be happy to help. Please stay safe!


Upwork Account Security


So, I scanned my entire computer with my AVG Free and it came up clean. To be extra safe, I installed and scanned with Avast Free, and it says I have viruses. However, it doesn't give me an option to see what or where they are, just the option to Remove All. I have a few installer files which scan as viruses, and which I have already marked as safe in AVG. I'm worried that is what they are finding and I don't want to remove them. But I'm also worried that it found the actual virus from this macro and I don't know what to do. Does it seem like AVG Free would have found any malicious virus installed by the macro and I should be safe since it didn't? 

Any advice is welcome.

  • 0




    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi curtdusoleil,

Welcome to   :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask youInstead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

In any event, please find a clean machine (that you trust), and change your password for your email and/or online banking.

FRST.gif Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0



    GeekU Minion

  • Expert
  • 4,568 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

  • 0

Similar Topics

Also tagged with one or more of these keywords: Upwork, macros, excel, macro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP