Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't know what to do


  • Please log in to reply
3 replies to this topic

#1 Curiousp

Curiousp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 AM

Posted 09 June 2011 - 07:45 PM

Recently, spam emails have been sending to our email account supposedly from our provider asking to change our password or "upgrade" as something has caused the network to go down. It's obviously spammers trying to get your email address and password.

Well my parents received these emails, opened them, and thought something was dodgy. They rang up our provider, who confirmed it was indeed a scam (we received multiple strange emails) and changed our email password. After doing so we received more fake emails. My mum did reply to a few though (no matter how many times I tell them not to) and said here is the password and email etc. She made up the password though as she thought something was wrong as she had just changed the password with them on the phone. She did give them our real email and her date of birth and when they asked for future password she wrote, do not know- sounds a bit dodgy.

Our provider says that once we change our password we should be safe, but I am still skeptical as I research a lot about spam and viruses. We are still receiving weird emails from "British Lottery" but we just delete them. I am a bit afraid that my Mum clicked on one of the spamming links that supposedly update the account.. but she says she cannot remember if she clicked on it or not. I have done scans with HitmanPro, Eset and Malwarebytes and nothing has been found.

Just wondering if the spammers have access to our account now as we changed the password, and we just gave them a false password. Is there anything else I need to do? All these lottery winning emails and other false items are getting really irritating. I don't know if they gave us viruses because any future fake emails were deleted and there is only one email in question where she may have clicked on the fake link, but ESET and malwarebytes find nothing. Should we be okay?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 PM

Posted 09 June 2011 - 09:17 PM

Hello, I am moving this to Am I Infected as you may be.

Change your password from a different computer.

Are you on a router and is there mor than one PC connected?

Please run these and post the logs.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 AM

Posted 09 June 2011 - 09:50 PM

Update:

Just checked our sent items and there are no strange emails that have been sent to our contacts list. It looks like my Mum only responded to one of the phishing emails, but all the others were deleted. I know that once you respond, they know that your email is real and use it for future spamming. Before I run the programs you have suggested, are there any good spam/phishing filters that can block these items as ESET Nod32 does not.

Thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 PM

Posted 09 June 2011 - 09:59 PM

Sorry I do not know. I just use the block or mark as in my ISP email
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users