Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email hacked


  • Please log in to reply
4 replies to this topic

#1 daintylu

daintylu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 05 October 2010 - 09:45 AM

Hello

I have been hacked twice on my email. First I received a spam email from a Canadian pharmacy company, coming from someone in my contact list. When I asked if he had sent the email, he said no. Then his email was deleted from my contact list.

This happened again from another contact. Same spam company, same deleting her email.

I have changed my password to the email account.

Can you please help?

Thank you

Daintylu

BC AdBot (Login to Remove)

 


#2 daintylu

daintylu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 05 October 2010 - 05:06 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4749

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/5/2010 5:45:43 PM
mbam-log-2010-10-05 (17-45-43).txt

Scan type: Quick scan
Objects scanned: 174458
Time elapsed: 12 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MsSC2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tdlsoui.flag (Rogue.MalwareDestructor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Lee\AntiVirusPro.exe.log (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie M. Lee\AntiVirusPro.exe.log (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#3 Clifford Tan

Clifford Tan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Christchurch
  • Local time:06:02 AM

Posted 06 October 2010 - 03:35 AM

Hi Daintylu,

Sometimes this may not necessary be virus/malware related. For instance most popular web based hosted accounts already have a good spam system in place so most spam emails gets filtered before you get to see them in your inbox. Having received spam from any of your contact list that hasn't send, may also sound like a lack or improper setup in the SPF records of your company's domain or an issue with your ISP.

To help us understand the cause of email problems, could you identify which type of email account are you using...?

1. web based hosted ones like Gmail, hotmail.. or
2. email accounts provided by ISP
3. Website email accounts
4. Email accounts from your company

thanks

Edited by Clifford Tan, 06 October 2010 - 03:39 AM.

~ Clifford The IT Guy ~
PC Optimization Secrets

#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:02 PM

Posted 06 October 2010 - 07:15 AM

First, what you describe has been an issue for a lot of people over the past several months.

I've seen reports that state users of hotmail, msn mail, ISP mail, google mail, etc have been sending those same links to people on their contact lists. It affected my daughter and her yahoo mail-she never sent links like that to anyone, but somehow they did get sent out and her name is listed as the sender.

Is YOUR mail sending them out also? You state that

First I received a spam email from a Canadian pharmacy company, coming from someone in my contact list. When I asked if he had sent the email, he said no. Then his email was deleted from my contact list.

This happened again from another contact. Same spam company, same deleting her email.


That means YOUR email hasn't been hacked, but the senders email account has been.

I'm not a malware expert, so I won't comment on your MBAM log. I'll leave that to those who know what they are doing.

#5 daintylu

daintylu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 06 October 2010 - 07:58 AM

Thanks for your replies.
I am using gmail & yahoo. But the spam email from my contacts came to me via my gmail account.

Daintylu




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users