Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Omg!


  • This topic is locked This topic is locked
19 replies to this topic

#1 kittenwitten

kittenwitten

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 08 May 2006 - 02:29 PM

Hi there,
I was chatting to a couple of friends 2 nights ago on messenger when 1 of them asked if I had just emailed her a link then the other started asking me about a video. I hadn't emailed anything so she forwarded it to me. This is what the email looked like:
The email title was HELP
Hi! How are you?
You know I've created my own website!
Can you check how it works?
It's //republika.pl/ferasdi/video
Can you see video?
Bye

This email was sent to EVERYONE in my address book which is contacts I have collected up over 10 years and the link apparently was porn. I havent heard the full extent of the damage yet but 1 friend opened it and got a virus on her work computer (it was a new job too).
At the time this happened I had AVG (free edition), windows firewall and spybot SD resident running but they didnt pick up on it at all. The only reason I know this all happened was because I was told. I ran spybot and AVG but nothing appeared.
Today I downloaded the avast worm cleaner application which found nothing.
Next I downloaded Avast (free) antivirus (and removed AVG) rebooted, it scanned and again found nothing.
A couple of weeks ago I had a trojan and I reformatted the hard drive and wiped everything to get rid of it (AVG did tell me it was there but couldnt seem to clean it up).
Someone mentioned that my comp could have been hacked which worries me as when the email was sent out to everyone I was on paypal, online banking and ebay.
Please can anyone shed any light on how this may have happened, how I can get rid of it and if my bank acount, paypal acount and ebay acount is at risk?
I now have Avast, Ewido aniti malware, spybot and winwasher running and none of them seem to pick up anything serious. I really dont know what to do next.
A big thankyou in advance

//Mod edit: Modified hot link above to protect others.//

Edited by KoanYorel, 08 May 2006 - 02:43 PM.


BC AdBot (Login to Remove)

 


#2 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:05:54 AM

Posted 08 May 2006 - 02:53 PM

Hello kittenwritteen! The first thing you'll want to do is take a deep breath and relax, the people here at bleepingcomputers will be able to make your computer fuctioning like a brand new one. While I have no where near the knowledge of the security MS-MVPs or the HJT Full Team members, I believe I have much to offer you so please sit back and enjoy! But before we begin, please never post malware infected links!

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

Run the scan in safe mode, I suggest the Kaspersky module. If nothing is picked up, I doubt you're infected with a virus or worm. To check for non-viral malware, run a scan using A-Squared anti-malware (http://www.emsisoft.com/en/software/free/) and SpySweeper (http://www.webroot.com/land/freescan-3000.php?rc=266&rsc=417&ac=417). Should nothing turn up, chances are you're not infected with something that could screw your computer over, but just for safety measures, download HiJackThis.exe, run it, DO NOT REMOVE ANYTHING, and post your log in our HiJackThis forum here. HiJackThis is avaliable here: http://www.majorgeeks.com/download3155.html
For preventive measures, just keep Windows Firewall running, Ewido, and Spybot S&D. In my opinion, AVG Free is much better than Avast but it is you're choice to continue using Avast. Please post back here if my instructions are jumbling, confusing, or you need more help. Post back anyways to keep me updated.
Stanford '14
B.S. Candidate | Computer Science

#3 kittenwitten

kittenwitten
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 08 May 2006 - 03:38 PM

[b]C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.


Do I need to stop my avast antivirus or anything else before doing this? Im not completely clear on the instruction The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
am i supposed to choose 1 of these options, which 1 or all of them?
sorry but im not very experienced with these things :thumbsup:

#4 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:05:54 AM

Posted 08 May 2006 - 04:11 PM

No problem! The first time I used David's tool I was a bit confused until he posted some extra help advice. Ok, first things first, no Avast doesn't need to be disabled. Second the choices should have a number next to them. To run one of the modules type the number that corresponds to the anti-virus program. You don't run all of them. Just run Kaspersky by typing in the number that's next to it. The Kaspersky module will update and then ask you to scan say yes. It'll then ask you if you want to scan a certain folder, select no. Kaspersky will now load up and begin scanning; all you have to do is sit back and wait for it to finish.
Stanford '14
B.S. Candidate | Computer Science

#5 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:05:54 AM

Posted 08 May 2006 - 04:18 PM

I forgot to mention that after the scan, a text file will appear. Scroll down the the very bottom of it and there will be a scan summary. Save it to your computer and post the SUMMARY of the Kaspersky module here.
Stanford '14
B.S. Candidate | Computer Science

#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:54 AM

Posted 08 May 2006 - 05:30 PM

Are you completely sure that this infected E-mail was sent to everyone in your address book? It may very well happen that (assuming you have friends in common) that the E-mail was actually sent from another, but infected, computer that had your E-mail address stored on the hard drive, using your name as the sender to all the others the virus found.
Have you checked every one of your various E-mail server's "Send Mail" folder? Have you any record of these E-mails being sent?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#7 kittenwitten

kittenwitten
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 09 May 2006 - 02:22 PM

Hi sorry I got ur message too late and I closed down the report, I did read the bottom first however and it came up with nothing at all, what should I try next?

5 people that I know of have opened and been infected by my email but the number seems to be growing and these 5 people don't know each other at all. The girl who receieved it first forwrded it back to me so I could see the email and in the addresses it had ALL my contacts. Some people don't seems to have recieved it but im guessing their antiviruses may have filtered it perhaps? As soon as I was alerted about the virus I supposedly sent, I quickly wrote an email titled DO NO OPEN LAST EMAIL FROM ME - VIRUS ALERT and explained what had happened. When I checked my sent email folder just now it was completely empty saying that messages 30 days old will be deleted - strange it was empty since I have sent messages very recently.

I have no idea where this virus came from, the last thing I did before that email went out was sign a petition for microsoft where I gave my name and email address but no passwords or anything.
The only other thing I can think of is the trojan I had a few weeks beforehand but I formatted the hard drive to get rid of that so asumed it was all taken care of :thumbsup:

#8 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:05:54 AM

Posted 09 May 2006 - 04:37 PM

Odd... I thought Kaspersky had excellent virus/worm detection ratings and would pick it up. Let me do a little research and I'll get back to you ASAP.
Stanford '14
B.S. Candidate | Computer Science

#9 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:05:54 AM

Posted 09 May 2006 - 06:12 PM

Ok, try the McAfee module in normal mode for the update and then scan in safe mode. Apparently Panda's ActiveScan website is down so it'd be pointless directing you there for further detection help. Nevertheless I believe that McAfee will detect it, however please post back here with the results and for further help (hopefully you won't need any).
Stanford '14
B.S. Candidate | Computer Science

#10 kittenwitten

kittenwitten
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 10 May 2006 - 04:52 PM

Nothing Again!!!!!!!!!!!!!!!!!!!!!!!!!
I saved the results on the administrator desktop by mistake so will have to go back into safe mode and retreave them. I don't have time to do this right now as I have a USB problem and it takes 10 mins to reboot :thumbsup: I will post the results for you but it pretty much seems clean. I have no idea why no antivirus seems to detect anything

#11 kittenwitten

kittenwitten
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 11 May 2006 - 01:33 PM

Here is the report:

Virus Scan Report File
Virus Scan Information

McAfee VirusScan for Win32 v4.40.0
Copyright © 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4759 created May 10 2006
Scanning for 189440 viruses, trojans and variants.

Virus Scan Results


05/10/2006 21:54:41


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*

Summary report on C:\*.*
File(s)
Total files: ........... 51825
Clean: ................. 51769
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 00:38.31


Visit the McAfee Online Web Site
Need some help or advice? Send email to Technical Support.

#12 kittenwitten

kittenwitten
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 13 May 2006 - 05:04 AM

OMG it has happened again PLEASE HELP ME!!!!!!!!!!!!!!!!!

This morning my email sent this email out to everyone:

Title: HELP

Hi!
My computer has been crashed by viruses a few days ago.
I scaned my computer with Norton AntiVirus and Microsoft AntiSpyware and they didn't found anything. But this Spy Guard found 3 viruses and 15 spyware!
I bought it here hxxp://sxpress.org

See you!

Mod edit: Hot link modified to protect all.

Edited by Scarlett, 13 May 2006 - 02:32 PM.


#13 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:05:54 AM

Posted 13 May 2006 - 06:45 AM

For help with removing your infection I would like to refer you to the HiJack This (HJT) forum here at BleepingComputer.com:

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:54 AM

Posted 13 May 2006 - 07:33 AM

I agree with Albert Frankenstein. Its time to post a log.

BTW, there are a couple programs named Spy Guard which are not good. See here and
here.

Using a bogus anti-spyware program can result in false positives or the installation of malware on your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 buddy215

buddy215

  • Moderator
  • 13,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:54 AM

Posted 13 May 2006 - 08:19 AM

Shouldn't that link in kittenmitten's #12 post be edited out. Isn't that the link in the bogus emails that were sent from her email account?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users