Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


yahoo email hijacked! is this malware?

  • Please log in to reply
2 replies to this topic

#1 quadfather


  • Members
  • 2 posts
  • Local time:04:59 PM

Posted 04 July 2010 - 01:48 AM

Hi there. My friend recommended your site.

My Yahoo email appears to be hijacked. All my friends are telling me they are getting weird emails from 'me' with various attachments that are links to online pharmacies, usually for Viagra.. etc. Also, all my sent emails are gone! I have looked over some of the other forum posts with similar problems, and it appears some scans are in order.

I have Avast antivirus and CyberDefender. They don't seem to find anything that has stopped the problem. I really don't want to delete this email account because i've had it a really long time now, but i'm worried my computer security is at risk. I am running Vista 64-bit on a Sony Vaio (pretty new).
Thank you in advance.

Edited by Orange Blossom, 04 July 2010 - 03:17 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB

BC AdBot (Login to Remove)


#2 quadfather

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:59 PM

Posted 06 July 2010 - 10:11 AM

Looks like I forgot to follow instructions. :thumbsup: Ok. Here is what happened when I followed your preparation guide. Nothing seems to be happening as described in the guide. but I did my best....

1- DDS file download link didn't work. Didn't get that log. I get following message:

File not found

Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr.

* Check the file name for capitalization or other typing errors.

* Check to see if the file was moved, renamed or deleted.

2- Gmer options for scan weren't as described in the preparation guide. All option boxes were greyed out except last three:

'Services', 'Registry', and 'Files'. 'C:\' drive was selected as was 'ADS'. 'Show All' was also greyed out. I did a scan with those options.
That log ark.txt is attached

Well, now i don't see an option to attach a file. So i'll just post it here too.

GMER - http://www.gmer.net
Rootkit scan 2010-07-06 07:54:56
Windows 6.0.6001 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcd035
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d3be9a
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00214fbcd035 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002433d3be9a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,106 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:59 PM

Posted 29 July 2010 - 12:01 AM


I'm afraid you posted your log in the wrong forum. Had I seen this a lot sooner, I would move it to the correct forum, but given the time lapse, we need fresh logs.

Please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users