Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have I got a problem or am I needlesly paranoide?


  • Please log in to reply
20 replies to this topic

#1 Balliol

Balliol

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 November 2015 - 01:34 PM

I opened my Windows Live Mail and the following came up.

 

"It looks like someone else might be using your account

To help you—and only you—get back into b2m13j10v21@btinternet.com, we need to verify that it's yours.

Terms of Use Privacy & Cookies Sign out

© 2015 Microsoft"

Then a box came up which I can't copy with the words,

 

"Windows Live Mail"

"Sign in to Windows Live Mail"

"Your Windows Live Services are updated to match any changes you make when you are signed in."

There were other words and they all looked valid but I'm meeting all sorts of scams these days.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 21 November 2015 - 03:15 PM

Hello,

 

Did that email came from this address?

 

 

 

b2m13j10v21@btinternet.com

 

If yes, that in not genuine Microsoft mail!


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 November 2015 - 06:05 PM

Many thanks.



#4 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 November 2015 - 06:07 PM

I just switched my Windows Live mail off and on again and the dam thing above keeps showing up.  Is there a way to block it?



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 21 November 2015 - 08:14 PM

You should report it as a spam? Can you take a screenshot of that email?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 November 2015 - 12:47 PM

I attempted to open up my Windows Live Mail and the following came up.

 

It looks like somebody might be using your account. To help you—and only you—get back into My address@btinternet. com, we need to verify that it's yours. Terms of Use Privacy & Cookies Sign out © 2015 Microsoft

 

I had just discovered Emsisoft Anti-Malware so I downloaded it but I then found that I was unable to open either my Windows Live Mail or the Internet.  I closed down and when I opened up the following morning there was a Blue screen so I took a chance and inserted a Dell recovery disc from my laptop.  This bought back the icons on my screen but I could still not open Windows Live Mail of the Internet.

I thought that it was possible that my AVG and Malwarebytes may be interfering with Emsisoft so I unsuccessfully attempted to uninstall them.  AVG then opened up on its own and showed four Trojan Horses the first of which had the following name.

Trojan Horse PSW  Name: C:\Windows\Temp\tmPoooo7oa300000008

Process name C:\Program Files\Emisisoft anti-malware\az service.exe

 

When I tried Live Mail The application was unable to start correctly and came up with a box showing the following:  (Oxc000000) Click OK to close.

 

I tried to open the internet and the following box came up showing: (0xoooo142)

I did a second AVG scan Sunday morning and it showed a Trojan Horse,  PSW.Agent BNNB.

 

Whenever I attempt to open Windows Live Mail or the Internet a box as above comes up.

I looked into Emsisoft and it showed 17 malicious items in quarantine and 35 Malware objects in “Logs”

 

I am able to use the desktop for typing so I typed this, put it on a USB stick and stuck it into my laptop, opened up the Internet to find "Bleeping Computer" and posted it.  So, at the moment I don't know what to do with the desktop or the new Emsisoft Anti-Malware  which I now doubt because these troublers only started once I had installed it.



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 22 November 2015 - 02:24 PM

Yes, that is a fake Microsoft address. Do not send any account information to that address.

 

-------

Can you try to boot in Safe Mode and try to uninstall Emsisoft and MBAM?

Can you try to use Restore Point?

 

-----

Download these tools and copy to your USB stick, run it, and copy logs to USB stick and post here. 

 

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

--------

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

§  Please copy and paste the log to your reply.

------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 November 2015 - 03:13 PM

Many thanks for that but the situation is that at the moment I lack the confidence to follow those instructions but I have a young friend coming over tomorrow who can help me so many thanks for the moment and I will let you know how we got on.  Two questions, Emsisoft came highly recommended so is there a problem with it? and please excuse my ignorance but I know now what MBAM stands for.



#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 22 November 2015 - 03:26 PM

MiniToolBox and FSS won't make any changes to your PC. I just wanted to see if some services are damaged. But if you have somebody who can help you, you should try with his help. Let me know if you need any help. 

 

Emsisoft is respective software, and I would like to see Emsisoft log to see what went wrong, or MiniToolBox log so I can see what has caused BSOD. 


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 24 November 2015 - 03:47 AM

Many thanks again.  Regrettably the person who came in to help me totally ignored your instructions so I have to go looking for someone who will do as they are asked. 



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:37 PM

Posted 24 November 2015 - 02:14 PM

Hi there,

It looks like AVG's detection is actually EAM's service process (a2service.exe).

I would try uninstalling AVG, or excluding EAM in AVG.

Also if it is possible, please export the logs that showed the detections (either File Guard, Behavior Blocker or Scan - or maybe a combination) and post them here. You can find them in the Logs section of the main GUI - there is a View details button which shows the contents of each log.

#12 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 26 November 2015 - 12:46 PM

I just received a text from my youngest son waiting to go into the operating theatre in England for a hernia operation telling me that he had received a text from his Bank saying that someone in America was using his credit card.  I then opened my Emails and found the following and wondered, Is this a scam. 

 

From "Admin" <belfor2@mhcable.com

Your email account was recently logged in from another Windows 8.1,mobile device located on this IP 58.97.209.150. For your protection,Please take a second to update your records by following the reference
link below.

http://ifntech.yolasite.com

Once the information provided matches what is on our record, Your account will work as normal after the verification is processed.

Sincerely,
Technical Support



#13 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 26 November 2015 - 01:48 PM

It is a scam:

 

http://www.scammed.by/scam.php?id=137635

 

 

From: 



To: undisclosed-recipients


Sent: Tuesday, September 29, 2015 10:03 AM


Subject: Technická podpora


 


Vá? e-mailový ú?et bol nedávno prihlásený iný Windows 8.1, mobilného

zariadenia nachádza na toto IP 58.97.209.150. Pre va?u ochranu, prosím, aby

druhý aktualizáciu va?ich záznamov pomocou odkazu odkaz ni??ie.



http://nfteih.jimdo.com/



Po informáciách zápasy, ?o je v na?ich záznamoch, ú?tu bude fungova? ako

normálne po overení je spracovaná.



S pozdravom 
Technická podpora

 

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#14 Balliol

Balliol
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 26 November 2015 - 02:22 PM

I think half the world must be employed as thieves because in the same lot of Emails I had an obvious scam claiming to be from Barclays bank.  By the way, thanks for the list of procedures to sort out my infected computer.  I think that I have found someone to help me with them.  



#15 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:01:37 PM

Posted 26 November 2015 - 02:26 PM

Let me know if you need any help.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users