Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam Chinese Ads Getting into Email


  • This topic is locked This topic is locked
2 replies to this topic

#1 xvicarious

xvicarious

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 26 September 2013 - 11:11 AM

I've tried long and hard to figure out what is going on with this, but I can't seem to find anything that explains it in any logs or scans, or even Googling it.

 

Recently at the company I work for a few emails have been strange.  So far it only seems that four people are affected by this.  They will send an email through our PMS Micros Opera, which we use through (a very very outdated version) Internet Explorer (which we cannot update unless risk not being able to use Opera) and it will generate Chinese characters in the email.  It will completely replace the signature we have that is applied by our Exchange server.

 

[Spolier=Example]

䠼䵔㹌䠼䅅㹄ℼⴭ吠浥汰敮慲整䔠捸慬浩牥䴠楡楄捳慬浩牥ㄠ㨱㔳獥慤敓瑰浥敢〲㌱匼奔䕌琠灹㵥整瑸振獳倾戮扦㤶挳㘶㝥㐭搱愭ㄱ摡昱〳䅍䝒义䥌戮扦㤶挳㘶㝥㐭搱愭ㄱ摡昱〳䅍䝒义㌹っ㘭收ㄴㅤ愭㍦㌰㕤笠䴉剁䥇㩎〠浣〠浣〠瑰䉁䕌戮扦㤶挳㘶㝥㐭搱愭ㄱ摡昱〳搳吵扡敬笠䴉剁䥇㩎〠浣〠浣〠瑰䐊噉匮捥楴湯慰敧敓瑣潩湩潦笠䘉乏䥓䕚呓䱙㹅䕈䑁㰊佂奄汣獡㵳晢㙢㌹っ㘭收ㄴㅤ愭㍦㌰㕤㰾倯㰊䅔䱂㹅吼佂奄㰠剔 †㰠䑔㰾浩摲牥〽眠摩桴栠楥桧㵴猠捲㩤挶挳戳瀮杮摀扡㈱晦㤴晢䑔㰾启㹒††㹄䄼栠敲㵦栢瑴㩰楨畢晦污摯睯瑮睯㸢潈楬慤畂晦污਍†††潄湷潴湷䑔㰾启㹒††㹄䈼䨾摵汇瑡桺景牥敮慲慍慮敧㱲䈯㰾启㹄㰠剔 †㰠䑔挠慬獳椽普㹯敄慬慷敲䄠敶畮䈠晵慦潬㈴㈰䑔㰾启㹒††汣獡㵳湩潦倾潨敮ㄲㄲ䑔㰾启㹒吼㹒吼汣獡㵳湩潦䴾扯汩㩥㜠㘱㠭㐶㘭㠳㰶启㹄‾਍††汣獡㵳湩潦䘾硡䑔㰾启㹒††汣獡㵳湩潦䔾慭汩灳㰻牨晥慭汩潴䨺汇瑡桺景牥䡀牡䡴瑯汥琠瑩敬汃捩猠湥浥楡䜠慬穴潨敦慴杲㸧䝊慬穴潨敦䁲慈瑲潈整獬挮浯䑔㰾启㹒††㹄䄼栠敲㵦栢瑴獰捡扥潯潨楬慤楹湮畢晦污摯睯瑮睯㰾浩摲牥〽眠摩桴敨杩瑨㐽牳㵣挧摩㠺㘰湰䁧愱㘸戰戰㐮㥡挴㜵㰾䄯㰾牨晥灴㩳睴瑩整楨晢潬潤湷潴湷㸢椼杭戠牯敤㵲楷瑤㵨㘵栠楥桧㵴猠捲㥥㜲瀮杮昲敡㕡摢换㥦㹁䄼栠敲㵦栢瑴獰湩整敲瑳挮浯栯牡桴瑯汥㰾浩摲牥〽眠摩桴敨杩瑨㐽牳㵣挧摩湰䁧㤳ㅥㄷ摥㐮愲捦敦㰾䄯㰾启㹄㰾启佂奄㰾启䉁䕌汣獡㵳晢㙢㌹っ㘭收ㄴㅤ愭㍦㌰㕤㰾倯㰾䈯䑏㹙>਍

[/spoiler]

and

[spoiler=Example2]

䠼䵔㹌䠼䅅㹄ℼⴭ吠浥汰敮慲整䔠捸慬浩牥䴠楡楄捳慬浩牥湯〠㨳㤲牆摩〲匠灥整扭″ⴭ㰊呓䱙祴数琽硥愹〱㔲慤攭㘴戭㜰〸昹㤵㠹笠䴉剁䥇㩎〠浣〠浣〠瑰愹〱㔲慤攭㘴戭㜰〸昹㤵㠹笠䴉剁䥇㩎〠浣〠浣〠瑰䐊噉㤮㈰搵㐭㝢㐷挭㡣㤰㕦㔹㤱䅍䝒义䅔䱂愹〱㔲慤攭㘴戭㜰〸昹㤵㠹慔汢䅍䝒义敓瑣潩ㅮ笠瀉条㩥匠捥楴湯䑔椮普但呎匭婉㩅㤠㰊匯奔䕌㰊䠯䅅㹄䈼䑏㹙值挠慬獳㤽㈰搵㐭㝢㐷挭㡣㤰㕦㔹㤱㸸䉁䕌㰠䉔䑏㹙††㹄椼杭戠牯敤㵲楷瑤㵨㜱敨杩瑨㠽牳㵣挧摩戺愲㤴湰䁧㕦㘴㐮扢㤸挶㰾启㹄㰠剔 †㰠䑔㰾牨晥睷栮敩扸晵慦潬楡灲牯㸢潈楬慤牰獥愦灭†††畓瑩獥䈠晵慦潬䄠物潰瑲䑔㰾启㹒††㹄䈼䌾牨獩慴传㜱䰻畡桧楬䜠湥牥污䴠湡条牥䑔㰾启㹒††汣獡㵳湩潦ㄾㄳ䈠敵汬䄠敶畮䌠敨步潴慷慧䑔㰾启㹒††汣獡㵳湩潦倾潨敮㜸〰䑔㰾启㹒㰠剔 †㰠䑔挠慬獳椽普㹯慆㩸㜠㘱㘭㠭㠷㰷启㹄㰠剔 †㰠䑔挠慬獳椽普㹯浅楡㩬渦獢㭰愼栠敲㵦洧楡瑬㩯潣㤳氻畡桧楬䁮慨瑲潨整獬挮浯楴汴㵥䌧楬正琠敳摮攠慭汩琠㬷慌杵汨湩桃楲瑳琠牡㬹慬杵汨湩桀牡桴瑯汥潣㱭愯㰾启㹄㰠剔 †㰠䑔㰾牨晥捡扥潯潨楬慤楹湮硥牰獥扳晵慦潬楡灲牯㰾浩摲牥〽眠摩桴敨杩瑨㐽牳㵣挧摩携湰䁧㤰㤱㐴㐮愲晥搰㰾䄯㰾牨晥灴㩳睴瑩整硥晢潬楡灲牯㰾浩摲牥〽眠摩桴敨杩瑨㐽牳㵣挧摩昺昹愲湰䁧㘹㌲㐮愲㘶㰾䄯㰾牨晥灴㩳楰瑮牥獥慨瑲潨整獬㸢椼杭戠牯敤㵲楷瑤㵨㔵栠楥桧㵴猠捲㩤㡡㥢戵瀮杮㡀愳戴㝢っづ䑔㰾启㹒䉔䑏㹙䅔䱂㹅值挠慬獳㤽㈰搵㐭㝢㐷挭㡣㤰㕦㔹㤱㸸佂奄㰾䠯䵔㹌

[/spoiler]

 

Now even though it replaces the signature that is added on server side, the fact that it (mostly) happens with sending an email through Opera and that it (currently) only affects four (known) people I concluded that it must be something that is happening client side. We had one of the people try simply sending an email from Outlook directly and it came through just fine. I'm not entirely sure about this, but I have an inkling of it.

 

I ran a HijackThis scan on one of the PCs that have this problem and got the following results:


I briefly looked through this, but quickly got frustrated because I'm not familliar with the specific computer so I have no idea if for example anything would be masquarding as something else because I simply don't know what software has been installed.

Though this particular workstation wil be replaced soon, the other three are fairly new.

 

I simply cannot get my head around what it could be.  Maybe it is server side.  But then why would it only affect certain users in certain situations?

 

EDIT:  I'd like to mention I found something very similar that seemed to affect Internet Explorer on other websites, but none seem to have actually solved this problem.  Links are as follows:

http://www.pcmech.com/forum/site-forum-issues/230798-anyone-else-get-2.html

http://forums.pelicanparts.com/off-topic-discussions/764437-random-ads-top.html#post7586159

http://www.sheffieldforum.co.uk/showthread.php?p=10041047


Edited by xvicarious, 26 September 2013 - 12:52 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 01 October 2013 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/509061 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 AM

Posted 06 October 2013 - 11:20 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users