Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked bad link in an email.


  • Please log in to reply
4 replies to this topic

#1 JT08

JT08

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 19 November 2016 - 07:47 PM

Hi all,

 

For the first time in my life I have been tricked by one of these phishing emails. It looked so authentic... 

 

I had a notification for an email from itunes, which was odd, since I hadn't purchased anything off itunes lately. Opened the email to see it was an invoice for a subscription to netflix. I haven't touched netflix for over a year so obviously panic sets in. And in my blind panic, I immediately click the link that says 'Manage/Cancel subscriptions' What happened, when I click that, was for not even half a second, something tried to open and immediately closed to taskbar and disappeared. So I didn't see what it was or get a chance to do anything. Something attempted to open and then closed itself.

 

Then even worse panic sets in because I know what I've done wrong. I hovered over the address of the email and sure enough the email is something like: crzsst.itunes@apple or something similar. Cannot get the exact email as I deleted it immediately and shut down my computer. 

 

I rebooted my computer and ran Malwarebytes. Came up clear. Then I ran a scan on Avast. The only two antivirus programs I have on my computer. That came up clear too. All the while these we running, I changed a majority of significant passwords on another computer.

 

I'm too terrified to log back into anything on this computer. Do I potentially have a bad virus that my scans didn't detect?

 

Any help would be appreciated. Thank you.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 20 November 2016 - 06:28 AM

Welcome to BC...

 

Your browser or one of your security programs may have prevented the malicious website that the link would of taken you to from opening.

Your changing passwords using another computer was a good move on your part. Most of the time the link in the email would of taken you to

a web page that would of asked for details the criminals could use to access your accounts for profit.

 

I don't think malware was downloaded to your computer. My advice is to NEVER click on a link in an email that you are not 100% sure where it will

take you and to NEVER click on a link in an email that says it will direct you to an account such as a bank or Netflix....no matter what the email says or

how sure you are it is legit.

 

If you have never used the programs below to clean and remove adware....I suggest you do that.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JT08

JT08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 20 November 2016 - 11:40 AM

Hey buddy215. Thank you for your assistance! 

 

Ah, thank you for the welcome. Did not get a chance to introduce myself while panicking. 

 

It is a relief to know you think that no malware was downloaded. I have taken this as a lesson learned and will be obsessive to the point of crazy for future emails. I feel a little scorned as until this point, I haven't fallen for one. 

 

Here are the logs you asked for. (I hope it was ok to tamper with them to omit my name)

 

AdwCleaner

 

# AdwCleaner v6.030 - Logfile created 20/11/2016 at 16:25:55
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-19.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : **** - DESKTOP-9VAHQMN
# Running from : C:\Users\***\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-3288278985-3147911849-1280119754-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Key deleted: HKU\S-1-5-21-3288278985-3147911849-1280119754-1001\Software\yahooprovidedsearch
[#] Key deleted on reboot: HKCU\Software\yahooprovidedsearch
[#] Key deleted on reboot: [x64] HKCU\Software\yahooprovidedsearch
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1416 Bytes] - [20/11/2016 16:25:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [1649 Bytes] - [20/11/2016 16:25:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1562 Bytes] ##########

 

 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by ***** (Administrator) on 20/11/2016 at 16:30:04.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\****\AppData\Local\crashrpt (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/11/2016 at 16:30:50.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Once again, thank you for kindly helping.



#4 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 AM

Posted 20 November 2016 - 12:27 PM

You run a tight ship....only minor crapola removed...possibly just leftovers.

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 JT08

JT08
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 20 November 2016 - 12:29 PM

Wonderful! Thank you for that. A good day to you~






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users