Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Every Time I Go Into My Hotmail Account


  • Please log in to reply
13 replies to this topic

#1 geoffo

geoffo

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 27 July 2007 - 05:52 AM

I went into my Hotmail account this morning, read a message ok and then while I was moving it to a folder, my AV told me I had a "VBS - Malware (Script)" virus (getmsg[1].htm). I moved it to the chest eventually after having to reboot and run my AV. Everything ok at this point. I then went back online, went into several websites ok but then loaded my Hotmail account and immediately the AV virus message came up again - this time the file was "hotmail[1].htm".

Does this mean my account is permanently corrupted? The rest of the internet seems to be working ok.

Thanks - Geoff

BC AdBot (Login to Remove)

 


#2 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:07:52 AM

Posted 27 July 2007 - 06:08 AM

heya geoffo and :thumbsup: to BC

Maybe it is your hotmail account.....maybe someone hacked into it?

You could always try making a new account, opening it on your computer and seeing if another virus is immediately detected. It might be something on your computer that corrupted your account.
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#3 buddy215

buddy215

  • Moderator
  • 13,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:52 PM

Posted 27 July 2007 - 06:31 AM

Is your computer up to date on Windows Updates?

It is likely that some of your email is infected by malware in an attachment.
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 geoffo

geoffo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 27 July 2007 - 10:40 AM

heya geoffo and :thumbsup: to BC

Maybe it is your hotmail account.....maybe someone hacked into it?

You could always try making a new account, opening it on your computer and seeing if another virus is immediately detected. It might be something on your computer that corrupted your account.


Thanks Anna, I've had this account for years and only receive a few messages, so it is odd this should happen

#5 geoffo

geoffo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 27 July 2007 - 10:42 AM

Is your computer up to date on Windows Updates?

It is likely that some of your email is infected by malware in an attachment.
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


My updates are right up to date. The email I was moving was from a building society so is unlikely to be infected. My hjt log has not any strange entries, so it is puzzling to say the least

#6 buddy215

buddy215

  • Moderator
  • 13,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:52 PM

Posted 27 July 2007 - 11:01 AM

I would suggest again that you post the log in the Hijack This Forum. Let the pros find and remove the malware.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ragjaws

ragjaws

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ontario
  • Local time:03:52 PM

Posted 27 July 2007 - 11:06 AM

Is your computer up to date on Windows Updates?

It is likely that some of your email is infected by malware in an attachment.
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


My updates are right up to date. The email I was moving was from a building society so is unlikely to be infected. My hjt log has not any strange entries, so it is puzzling to say the least

geoffo, strangely this occured on my son-in-laws computer last night.

He has Avast Antivirus installed so as soon as he opened his hotmail account all the bells, whistles and warnings were showing..after remoting into it I noticed that Avast was refering to a file in his Local Settings> Temporary Internet Files > Content IE5.. I had to go into Folder Options (Right click Start>Explore>Tools> Folder Options>Tools) and check 'Show hidden files and folders' and uncheck 'Hide extensions for known file types' and 'Hide protected system files'

I then was able to get into his 'user name'> Local Settings> Temporary Internet Files.... I took the chance and deleted everything in there. This worked.

I then ran an online virus scan 'Housecall' plus CCleaner, Ad-aware2007, Spybot, AVG Spyware and Superantispyware for good measure..they did not find anything.

#8 kerim

kerim

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 28 July 2007 - 03:57 AM

Hi geoffo...

I just liked to say that yesterday I had exactly the same problem as yours.
I will likely not open my hotmail account again till I end exploring about that malware script (detected by Avast)
That is how I found you here in this forum :thumbsup:

The following is from the log file of Avast:

7/27/2007 9:37:40 AM SYSTEM 1616 Sign of "VBS:Malware [Script]" has been found in "http://by138fd.bay138.hotmail.msn.com/cgi-bin/HoTMaiL?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=6dca91b7d5e2b79601d3c9495039d921eb71d840fd0e904de83af7519f80cf45" file.

7/27/2007 9:37:51 AM SYSTEM 1616 Sign of "VBS:Malware [Script]" has been found in "C:\Documents and Settings\...Temporary Internet Files\Content.IE5\1XEAUWCK\HoTMaiL[6].htm" file.

Avast deleted them after reboot.

Note: I run XP SP2.... updated

Result: It seems it is just a false positive in Avast update (VPS 761-0), corrected in VPS 761-1.

Edited by kerim, 28 July 2007 - 04:28 AM.


#9 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:07:52 AM

Posted 28 July 2007 - 05:02 AM

Sorry i didn't help Geoffo...

Your problem seems similar to ragjaw's. Try opening your account on another computer with real time protection and see if anything pops up Or you could try downloading Avast then opening your account, it seemed to solve ragjaws and to kerim's problem which sounds the same as yours. You can get Avast! 4 home edition (free) by clicking here

by the way :thumbsup: ragjaws and to kerim
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#10 geoffo

geoffo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 28 July 2007 - 10:27 AM

Is your computer up to date on Windows Updates?

It is likely that some of your email is infected by malware in an attachment.
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


My updates are right up to date. The email I was moving was from a building society so is unlikely to be infected. My hjt log has not any strange entries, so it is puzzling to say the least

geoffo, strangely this occured on my son-in-laws computer last night.

He has Avast Antivirus installed so as soon as he opened his hotmail account all the bells, whistles and warnings were showing..after remoting into it I noticed that Avast was refering to a file in his Local Settings> Temporary Internet Files > Content IE5.. I had to go into Folder Options (Right click Start>Explore>Tools> Folder Options>Tools) and check 'Show hidden files and folders' and uncheck 'Hide extensions for known file types' and 'Hide protected system files'

I then was able to get into his 'user name'> Local Settings> Temporary Internet Files.... I took the chance and deleted everything in there. This worked.

I then ran an online virus scan 'Housecall' plus CCleaner, Ad-aware2007, Spybot, AVG Spyware and Superantispyware for good measure..they did not find anything.


That has made me feel better to know you encountered exactly the same problem (sorry). My AV is Avast also. It also told me that it was in Local Settings/Temporary etc. I moved them to chest. I'm now wondering if it is a blip with Avast, especially in view of Kerims message. Can I ask one vital quation - are you able to go into your son-in-laws Hotmail now or do you still get the whistles and bells?

Thanks Geoff

#11 geoffo

geoffo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 28 July 2007 - 10:39 AM

Hi geoffo...

I just liked to say that yesterday I had exactly the same problem as yours.
I will likely not open my hotmail account again till I end exploring about that malware script (detected by Avast)
That is how I found you here in this forum :thumbsup:

The following is from the log file of Avast:

7/27/2007 9:37:40 AM SYSTEM 1616 Sign of "VBS:Malware [Script]" has been found in "http://by138fd.bay138.hotmail.msn.com/cgi-bin/HoTMaiL?curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=6dca91b7d5e2b79601d3c9495039d921eb71d840fd0e904de83af7519f80cf45" file.

7/27/2007 9:37:51 AM SYSTEM 1616 Sign of "VBS:Malware [Script]" has been found in "C:\Documents and Settings\...Temporary Internet Files\Content.IE5\1XEAUWCK\HoTMaiL[6].htm" file.

Avast deleted them after reboot.

Note: I run XP SP2.... updated

Result: It seems it is just a false positive in Avast update (VPS 761-0), corrected in VPS 761-1.


Kerim - thanks so much for your response. Sounds sick I know but it's always encouraging when someone else has the EXACTLY same problem as you. I also have Avast and my logfile is almost identical to yours, even down to the casing of the letters in "HoTMail[1].htm.".

Like you, I am now exploring the malware script on various techie websites before I dare go back into Hotmail. If you discover anything, I would appreciate if you could post it here - as I will


Geoff

#12 geoffo

geoffo
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 PM

Posted 28 July 2007 - 10:45 AM

Sorry i didn't help Geoffo...

Your problem seems similar to ragjaw's. Try opening your account on another computer with real time protection and see if anything pops up Or you could try downloading Avast then opening your account, it seemed to solve ragjaws and to kerim's problem which sounds the same as yours. You can get Avast! 4 home edition (free) by clicking here

by the way :thumbsup: ragjaws and to kerim


Anna - I appreciate all your help. You can imagine, I was somewhat relieved by ragjaws and kerim's replies. I already have Avast! 4 home edition - and I am now just wondering if it could be a fault with their definitions and the problem isn't with Hotmail. Anyhow, for now I am not going to post my hjt log and carry on investigating.

Thanks Geoff

#13 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:07:52 AM

Posted 28 July 2007 - 06:50 PM

Wish you all the luck in the world with that Geoff.

There is one easy way to see if its Avast's fault, just open your email account up on another computer with real time protection that isn't Avast, or just make sure you have the lastest version as Kerim did.

Will tell you if i come across any other solutions.

Good luck Geoff :thumbsup:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#14 ragjaws

ragjaws

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ontario
  • Local time:03:52 PM

Posted 03 August 2007 - 09:10 AM

Is your computer up to date on Windows Updates?

It is likely that some of your email is infected by malware in an attachment.
Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


My updates are right up to date. The email I was moving was from a building society so is unlikely to be infected. My hjt log has not any strange entries, so it is puzzling to say the least

geoffo, strangely this occured on my son-in-laws computer last night.

He has Avast Antivirus installed so as soon as he opened his hotmail account all the bells, whistles and warnings were showing..after remoting into it I noticed that Avast was refering to a file in his Local Settings> Temporary Internet Files > Content IE5.. I had to go into Folder Options (Right click Start>Explore>Tools> Folder Options>Tools) and check 'Show hidden files and folders' and uncheck 'Hide extensions for known file types' and 'Hide protected system files'

I then was able to get into his 'user name'> Local Settings> Temporary Internet Files.... I took the chance and deleted everything in there. This worked.

I then ran an online virus scan 'Housecall' plus CCleaner, Ad-aware2007, Spybot, AVG Spyware and Superantispyware for good measure..they did not find anything.


That has made me feel better to know you encountered exactly the same problem (sorry). My AV is Avast also. It also told me that it was in Local Settings/Temporary etc. I moved them to chest. I'm now wondering if it is a blip with Avast, especially in view of Kerims message. Can I ask one vital quation - are you able to go into your son-in-laws Hotmail now or do you still get the whistles and bells?

Thanks Geoff

geoff, sorry just got back to this. Yes I was able to get back on immediately and everything has been fine since.

Edited by ragjaws, 03 August 2007 - 09:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users