GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

i think my e-mail account is hacked--help

View previous topic View next topic Go down

i think my e-mail account is hacked--help

Post by prairiedog on Fri Jul 19, 2013 3:54 am

This account has been disabled because it has exceeded sending thresholds. The message that you've just tried to send through webmail has been rejected.)  this is what i get when i try to send an e-mail, i can receive them, using thunder bird.ran malware bytes but it came up with nothing
thanks


Last edited by prairiedog on Fri Jul 19, 2013 4:39 am; edited 1 time in total (Reason for editing : added more info)

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Fri Jul 19, 2013 7:42 pm

What type of email account do you have?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Fri Jul 19, 2013 10:14 pm

sasktel, i never come close to exceeding my limit, called saasktel and they figured my account has been hacked

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Fri Jul 19, 2013 10:18 pm

[You must be registered and logged in to see this link.] wrote:sasktel, i never come close to exceeding my limit, called saasktel and they figured my account has been hacked
sasktel would be your IS provider but I would like to know what you're using for your e-mail; Outlook, Yahoo mail, AOL??

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Sat Jul 20, 2013 2:37 am

mozilla thunderbird

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Sat Jul 20, 2013 7:06 pm

When your e-mail account has been hacked it is usually locked by the provider. You will need to get in touch with them and reset your password.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Sun Jul 21, 2013 3:17 pm

i did get a hold of them, they told me to get rid of the virus first, i ran my scanner and mal ware bytes but nothing showed up

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Sun Jul 21, 2013 10:30 pm

Ok, we'll run some scans but I'm quite sure your computer is clean.

Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*****************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Mon Jul 22, 2013 2:44 am

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 20:40:46
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Boyd - BOYD-PC
# Boot Mode : Normal
# Running from : C:\Users\Boyd\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Boyd\AppData\Local\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Boyd\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\Boyd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3290229
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\prefs.js

C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN17700663809544121");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.installDate", "6/4/2013 20:08:06");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN177006638[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

*************************

AdwCleaner[S1].txt - [5070 octets] - [21/07/2013 20:40:46]

########## EOF - C:\AdwCleaner[S1].txt - [5130 octets] ##########

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Mon Jul 22, 2013 10:41 pm

I'm waiting for the Junkware Removal Tool log.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Tue Jul 23, 2013 3:08 am

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 20:40:46
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Boyd - BOYD-PC
# Boot Mode : Normal
# Running from : C:\Users\Boyd\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Boyd\AppData\Local\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Boyd\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\Boyd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3290229
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\prefs.js

C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN17700663809544121");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.installDate", "6/4/2013 20:08:06");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN177006638[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

*************************

AdwCleaner[S1].txt - [5070 octets] - [21/07/2013 20:40:46]

########## EOF - C:\AdwCleaner[S1].txt - [5130 octets] ##########

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Tue Jul 23, 2013 3:11 am

thats the only log file i could find, Adware Cleaner [SI]

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Tue Jul 23, 2013 10:14 pm

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Wed Jul 24, 2013 1:37 am

C:\$Recycle.Bin\S-1-5-21-776468156-1697017053-570795564-1000\$RJ1H3MX.exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined
C:\Atemega for Dish\wicked loader 5\WickedAtmegaLoaderV5.0.rar a variant of Win32/Packed.MultiPacked.K trojan deleted - quarantined
C:\Atemega for Dish\wicked loader 5\Wicked 3m V5.0\Wicked_Atmega_Loader_v5.1a.zip a variant of Win32/Packed.MultiPacked.K trojan deleted - quarantined
C:\Users\Boyd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P1ILTGR\yontoosetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Boyd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\216bd74a-2deebf09 Java/Exploit.Agent.NEF trojan cleaned by deleting - quarantined
C:\Users\Boyd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\b405839-15719d0b Java/Agent.FI trojan cleaned by deleting - quarantined

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Wed Jul 24, 2013 1:51 am

Your computer is clean. E-mail hackers don't infect your computer. They work at the site where you have your e-mail and hack your password.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by prairiedog on Thu Jul 25, 2013 4:02 am

thanks for the help Dave

prairiedog
Novice
Novice

Status :
Online
Offline

Posts : 25
Joined : 2009-11-01
OS : xp
Points : 26214
# Likes : 0

View user profile

Back to top Go down

Re: i think my e-mail account is hacked--help

Post by Superdave on Thu Jul 25, 2013 7:08 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3
Points : 83141
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum