Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Email Was Compromised. Infected?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Phil Sandler

Phil Sandler

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 07 August 2015 - 10:03 PM

Today I received reports from several friends that they got spam from my Yahoo email address.  I took the precautions recommended by Yahoo.  No idea how that could have happened.

 

Another odd thing I have been seeing is that when I open a new tab in Chrome, I am getting frequent "He's Dead Jim" messages.  Never happened before, and it is not a memory issue, or any of the potential causes they list to diagnose the problem.

 

Finally, my Harris Bank login is constantly asking me to enter answers to security questions.  It normally only does this when I access my accounts from a new computer.  I have cleared all cookies, browsing data, etc., and uninstalled/reinstalled Chrome, but the problem persists.

 

I was a little worried a few days ago, and ran an updated version of Malware Bytes.  It didn't find anything.

 

Not sure if I am right to be worried or being paranoid, but would appreciate any help.

 

 

Thanks,

 

Phil

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 11 August 2015 - 11:41 PM

Hi Phil :)

 

My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions. In the meantime, as a precautionary measure, please telephone or visit your financial institution which keeps prompting you with you security questions and ask them if there has been any unusual account activity.

 

Let me know if you have any questions.

 

polskamachina

 



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 14 August 2015 - 09:53 PM

Hi Phil :)

 

Sorry for the delay in getting back to you. I'm consulting with staff while reviewing your logs and concerns.

 

polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 15 August 2015 - 02:54 PM

Hi Phil :)
 
I see nothing threatening in your FRST logs. What follows are some suggestions and answers to your concerns.
 
First, I hope you've had time to follow up with your financial institution regarding your security questions. Also, it is imperative that you change your banking and yahoo e-mail passwords with strong ones. In fact, it is always a good idea to change your passwords even if you have no reason to believe you've been hacked. After you change your password, monitor your e-mail account closely and check with your friends to see if spam is still being sent.

Regarding the, He's Dead Jim message you frequently receive, it doesn't mean impending doom. The reason as explained by Google is this:

Why you’re getting this error message
You might see the “He’s Dead, Jim!” message in a tab if:

  • You don’t have enough memory available to run the tab. Computers rely on memory to run apps, extensions, and programs. Low memory can cause them to run slowly or stop working.
  • You stopped a process using Google Chrome's Task Manager, the system's task manager, or a command line tool.
Fix the error on computers

First, close other tabs or unused programs
Close every tab except for the one that’s showing the message, then try refreshing that tab.

If closing tabs doesn’t work, restart your device
Shut your computer down, then turn it back on.

Finally, if you’re still having problems, reset Chrome
Extensions and other programs may affect how much memory Chrome is using on your device. Resetting Chrome will remove temporary internet files and restore all settings to the ones the browser had when you first installed it.

 

For further details, please see this link.
 
Just to make sure your system is operating as efficiently as possible, please follow the directions that follow:
 Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click the icon and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Let me know if you have any questions.

 

polskamachina



#5 Phil Sandler

Phil Sandler
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 August 2015 - 10:02 PM

Thanks much for your help.  I followed your recommendation with the banking site and Yahoo.  My secondary hard drive died yesterday, and that may be the cause of some of this (not sure--some if it seems like it couldn't be related).

 

The ADW scan took only a few seconds, is that normal?  It then said "Waiting for action. Please uncheck elements you want to keep."  However, there was nothing to check/uncheck so I just clicked "Logfile" which generated the text below:

 

-------------------

 

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 21:58:47
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : psandler - PHIL-WINDOWS-8
# Running from : C:\Users\psandler\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner[S1].txt - [670 octets] - [16/08/2015 21:56:49]
C:\AdwCleaner[S2].txt - [602 octets] - [16/08/2015 21:58:47]
 
########## EOF - C:\AdwCleaner[S2].txt - [664 octets] ##########


#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 17 August 2015 - 02:06 PM

Hi Phil :)
 
It is unlikely your failing hard drive had anything to do with your spam e-mail problem. Maybe it had something to do with your Chrome problem. If it's failed and removed from your system, then I wouldn't worry about whether or not it affected your system. However it is important that you keep a close watch on your e-mail and banking accounts for a while to make sure no unusual activity is taking place.

The ADW scan took only a few seconds, is that normal?  It then said "Waiting for action. Please uncheck elements you want to keep."  However, there was nothing to check/uncheck so I just clicked "Logfile" which generated the text below:

You have a 64-bit operating system with a fast, i5 processor so it would make sense that the scan would only take a few seconds. Your log showed no detections so that would explain why there were no boxes to check. That's a good thing. :)
 
Do you have any other questions or concerns? How is your system behaving now?
 
polskamachina



#7 Phil Sandler

Phil Sandler
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 17 August 2015 - 08:33 PM

Everything seems to be running normally.  Thanks for your help!



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 18 August 2015 - 07:08 PM

Hi Phil :)
 
What follows are instructions to update your Java and Adobe Flash:
 
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system which is Windows x64: jre-8u51-windows-x64.exe and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u51-windows-x64.exe to install the newest version.
  • If the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. However, be aware that the Java updater prompts you to make Yahoo Search your browser's default search engine and home page...the option is pre-checked.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:

  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Next:
Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:

  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

Please let me know if you were able to update the programs successfully or if you had any questions.
 
polskamachina



#9 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 23 August 2015 - 01:11 AM

Hi Phil :)

 

I just wanted to make sure before you signed off from this thread that you were able to update your Java and Flash.

 

polskamachina



#10 Phil Sandler

Phil Sandler
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 August 2015 - 09:22 PM

Yep, all up to date now.  Thanks again for your help!



#11 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 AM

Posted 27 August 2015 - 10:01 AM

Hi Phil :)
 
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.
 
If you are not experiencing any other malware related issues, it is time to do our final steps:
:
bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.
When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.Be safe :hello:
 
polskamachina

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:43 PM

Posted 30 August 2015 - 01:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users