Email hack

View previous topic View next topic Go down

Email hack

Post by AngelsElf on Sat Apr 18, 2009 1:38 am

I logged in to read my emails tonight and found that somehow someone accessed my emails and sent out several emails to people. Some failed to be sent. Here is the cut and paste of the failed email. Any idea how I can get rid of this >.<


Delivery Status Notification (Failure)‏
From: Mail Delivery System (MAILER-DAEMON@mail.bis.na.blackberry.com)
Sent: April 17, 2009 8:46:14 AM
To: angels_email@hotm

Attachments: 2 attachments Anti-virus scan by Windows Live OneCare
details00...txt (0.3 KB), FW.mht (3.3 KB)

The following message to was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'5.1.1 : Recipient address rejected: User unknown in virtual alias table'



--Forwarded Message Attachment--
From: [You must be registered and logged in to see this link.]
To: [You must be registered and logged in to see this link.]
Subject: FW:
Date: Fri, 17 Apr 2009 08:46:13 -0400








My dear friends,Thanks for your concern.
I am sorry to disturb you,But hope i can bring your happys and good news now!!!
Recently,I find one well company ( [You must be registered and logged in to see this link.] ),They can wholesale or retail more and more popular Brand goods(Hand bags,Clothes,Shoes,Watches),Such as Nike,Adidas,Puma,Gucci,Prada,Chanel,Lacoste,Armani,Chloe,Dior,Fendi,Burberry,Rolex Watches,Moncler coats,UGG Boots etc......
Of course, I have order some items from this company, And surprised received my likes items in 6 days!!!
As you know, I have pay very cheap money and get one best quality items, So i must have to introduce and recommend you this good Brand company ( [You must be registered and logged in to see this link.] )!!!
The better service with low price,what are you waiting for???
Please Join this company immediately,All items will bring you more profit and pleasantly surprised price.
Hope we can get more cheap price and High-quality items from this popular company in future!!!
Looking forward to your good news soon!!!
Contact this company website: ( http:epayehome.net ).
Best regards,yours sincerely!


Last edited by AngelsElf on Sun Apr 19, 2009 2:00 pm; edited 1 time in total

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 1:45 am

Change your email password?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 2:52 am

okay they didnt actually log onto my email lol this was done via a virus or something lol

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 1:37 pm

Ah, fake email generator. If there was no actual hack, then probably nothing to worry about.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 5:19 pm

so then a trojan or virus didnt get into email and try to send out emails to people on my list?

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 5:30 pm

Lets see what this says.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 6:38 pm

As requested ^^


DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 14:35:55.12 on Sat 04/18/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1257 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090417-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\FRAPS\CLEAN UP SCREEN\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\Skype\Phone\Skype.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Homestead\Homestead SiteBuilder\SiteBuilderLPX.exe
C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Programs\CorelPP.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Fraps] c:\fraps\clean up screen\FRAPS.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wise-FTP Scheduler] c:\program files\acebit\wise-ftp\WF_Scheduler.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cp2020 series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CP2020_Series -f PQOptimizerVideo.xml -o RemindLater
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: []
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\pnvqtk59.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 114768]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-2-12 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-2-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-2-12 352920]

=============== Created Last 30 ================

2009-04-18 14:35 360,021 a------- c:\program files\dds(2).scr
2009-04-17 21:43 7,425,826 a------- c:\program files\SM3installer3.2.2.exe
2009-04-16 18:19 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 18:19 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 18:19 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 18:19 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 18:19 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 18:19 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 18:19 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 18:19 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 18:19 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 18:18 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 18:18 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 18:18 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 09:28 --d----- c:\program files\Windows Installer Clean Up
2009-04-15 09:27 --d----- c:\program files\MSECACHE
2009-04-14 23:18 384,656,464 a------- c:\program files\CorelDRAWGraphicsSuiteX4Installer_EN(3).exe
2009-04-14 20:59 2,967,800 a------- c:\program files\mbam-setup(2).exe
2009-04-14 20:25 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-04-14 20:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 20:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 20:25 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 20:25 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 20:23 2,967,800 a------- c:\program files\mbam-setup.exe
2009-04-14 19:57 360,002 a------- c:\program files\dds.scr
2009-04-14 19:41 812,344 a------- c:\program files\HJTInstall.exe
2009-04-10 03:00 --d----- c:\windows\system32\KB905474
2009-04-09 23:22 43,083,040 a------- c:\program files\AdbeRdr910_en_US_Std.exe
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 6:39 pm

==================== Find3M ====================

2009-04-15 23:28 11,264 a--sh--- c:\program files\Thumbs.db
2009-04-14 22:56 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-16 21:03 7,183,527 a------- c:\program files\SM3installer3.1.5.exe
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 23:03 7,147,317 a------- c:\program files\SM3installer3.1.3.exe
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-24 23:50 606,208 a------- c:\program files\Joann'sRepairedData(3).SDB
2009-02-24 23:36 606,208 a------- c:\program files\Joann'sRepairedData(2).SDB
2009-02-24 23:22 606,208 a------- c:\program files\Joann'sRepairedData.SDB
2009-02-24 12:25 7,145,045 a------- c:\program files\SM3installer3.1.1(2).exe
2009-02-24 02:39 7,145,045 a------- c:\program files\SM3installer3.1.1.exe
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-13 00:50 2,249,512 a------- c:\program files\SkypeSetup.exe
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-26 10:45 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-26 10:45 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-26 10:45 116,472 -------- c:\windows\system32\pxcpyi64.exe
2009-01-23 13:14 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-01-23 11:07 30,868 a------- c:\program files\a337fa43905ef4953971bbf7caeb6087
2009-01-22 16:53 21,468 a------- c:\program files\soap1.jpg
2009-01-16 18:27 2,413,642 a------- c:\program files\videomach-5.2.0(3).exe
2009-01-16 18:26 2,413,642 a------- c:\program files\videomach-5.2.0(2).exe
2009-01-16 18:19 2,413,642 a------- c:\program files\videomach-5.2.0.exe
2009-01-13 23:44 1,051,957 a------- c:\program files\illustration(2).eps
2009-01-13 23:43 1,051,957 a------- c:\program files\illustration.eps
2009-01-13 15:15 6,578,176 a------- c:\program files\PhotoToMovieSetup.msi
2009-01-13 09:55 178,992,632 a------- c:\program files\ESDVSPRX2IEPCPF.exe
2009-01-13 08:40 5,271,552 a------- c:\program files\PStory.msi
2009-01-13 08:15 331,805,736 a------- c:\program files\WindowsXP-KB936929-SP3-x86-ENU.exe
2009-01-13 07:55 9,413,888 a------- c:\program files\Q883956_xpe_sp2_x86_enu.exe
2009-01-13 07:52 894,504 a------- c:\program files\WGAPluginInstall.exe
2009-01-13 07:46 27,288,880 a------- c:\program files\QuickTimeInstaller.exe
2009-01-13 07:42 12,754,672 a------- c:\program files\MP10Setup.exe
2009-01-13 07:39 27,926,896 a------- c:\program files\wmp11-windowsxp-x64-enu.exe
2009-01-12 17:35 3,740,422 a------- c:\program files\wpm.exe
2009-01-11 23:38 115,952 a------- c:\program files\green.png
2009-01-10 04:05 247,144 a------- c:\program files\SiteBuilderSetup.exe
2009-01-09 19:45 14,558 a------- c:\program files\dancing_in_the_rain_op_800x532.jpg
2009-01-09 19:39 25,817 a------- c:\program files\dancing in rain 1.jpg
2009-01-02 11:45 13,833 a------- c:\program files\Craigslist and Kombucha 011.JPG
2009-01-01 14:10 604,360 a------- c:\program files\HandcraftersCompanion-HowToMakeYourOwnLipGloss.pdf
2009-01-01 14:08 6,100,988 a------- c:\program files\HandcraftersCompanion-Guide.pdf
2008-12-24 16:24 871,728 a------- c:\program files\BCM-win32-v1.0.0.20.exe
2008-12-17 03:31 40,412,504 a------- c:\program files\eppexwin202en.exe
2008-12-17 03:26 16,597,320 a------- c:\program files\mx850svst100ej.exe
2008-12-17 03:25 11,679,080 a------- c:\program files\fu123mx850win1030en.exe
2008-12-17 03:22 17,409,864 a------- c:\program files\mx850svst64100ej.exe
2008-12-17 03:20 44,198,736 a------- c:\program files\mpnexwin111ej.exe
2008-12-17 03:16 21,865,296 a------- c:\program files\eppwin370en(2).exe
2008-12-17 03:15 2,017,280 a------- c:\program files\ewpwin264en(3).exe
2008-12-17 03:14 2,017,280 a------- c:\program files\ewpwin264en(2).exe
2008-12-17 03:13 21,865,296 a------- c:\program files\eppwin370en.exe
2008-12-12 14:22 41,828,062 a------- c:\program files\PGE6_Demo_Installer.dmg
2008-12-12 11:31 193,105,916 a------- c:\program files\PGE_Platinum_Demo.exe
2008-12-12 11:17 8,297,995 a------- c:\program files\AutoEye_2_Setup.exe
2008-12-07 14:02 2,972,904 a------- c:\program files\ccsetup214.exe
2008-12-07 13:58 911,000 a------- c:\program files\ccsetup214_slim.exe
2008-12-03 21:37 18,719 a------- c:\program files\night games 2.jpg
2008-12-03 21:18 29,994 a------- c:\program files\Mead Hole.jpg
2008-12-02 09:37 123,368,360 a------- c:\program files\Office2003SP3-KB923618-FullFile-ENU(2).exe
2008-12-02 09:30 10,999,224 a------- c:\program files\word2007-kb934173-fullfile-x86-glb.exe
2008-12-02 09:29 27,343,560 a------- c:\program files\compatibilitypacksp1-kb940289-fullfile-en-us.exe
2008-12-02 08:58 123,368,360 a------- c:\program files\Office2003SP3-KB923618-FullFile-ENU.exe
2008-11-14 12:49 1,238,528 -------- c:\program files\PGE7_PlugIn.8bf
2008-10-22 15:39 4,900,376 a------- c:\program files\LimeWireWin.exe
2008-09-08 14:14 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2008-08-10 21:58 13,826 a------- c:\program files\aqmjkm5i
2008-07-18 03:28 5,543,936 a------- c:\program files\LiDE30_7030WNENZ(2).exe
2008-07-18 03:26 5,543,936 a------- c:\program files\LiDE30_7030WNENZ.exe
2008-07-18 02:35 16,219,136 a------- c:\program files\cstbwin5011ea14.exe
2008-07-18 00:56 2,017,280 a------- c:\program files\ewpwin264en.exe
2008-07-18 00:55 131,944 a------- c:\program files\argb1998win140ea24.exe
2008-07-11 18:24 2,266 a------- c:\program files\Search.asp
2008-07-11 11:03 798,244 a------- c:\program files\ConvertSetup.exe
2008-06-26 19:55 996,908 a------- c:\program files\SMhelp(3).chm
2008-06-26 19:53 996,908 a------- c:\program files\SMhelp(2).chm
2008-06-26 19:52 996,908 a------- c:\program files\SMhelp.chm
2008-06-22 12:45 13,567,090 a------- c:\program files\SMInstaller2.8.exe
2008-06-11 08:42 45,220 a------- c:\program files\manual_tp_install.php
2008-06-04 13:54 69,043 a------- c:\program files\webinstall(5).php
2008-06-04 13:43 69,043 a------- c:\program files\webinstall(4).php
2008-06-04 13:38 69,043 a------- c:\program files\webinstall(3).php
2008-06-04 13:36 69,043 a------- c:\program files\webinstall(2).php
2008-06-04 13:35 69,043 a------- c:\program files\webinstall.php
2008-06-04 13:21 7,024,640 a------- c:\program files\winzip112.msi
2008-06-03 18:16 7,525,224 a------- c:\program files\SFTPMSI.exe
2008-06-03 08:28 5,231,534 a------- c:\program files\wiseftp30.exe
2008-06-03 08:26 2,009,056 a------- c:\program files\EasyLogin_setup_US.exe
2008-05-31 17:33 85,901,040 a------- c:\program files\DesignPro5_4_Limited.exe
2008-05-01 10:16 15,241 a------- c:\program files\index.php
2008-03-31 14:06:47 A------- 1,863,265 c:\program files\Diet.psd
2007-02-28 10:59 56 ---shr-- c:\windows\system32\29AB314F78.sys
2008-03-28 13:21 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-13 08:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011320090114\index.dat

============= FINISH: 14:36:32.20 ===============

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 7:02 pm

Do you know what these files are?

2008-12-17 03:31 40,412,504 a------- c:\program files\eppexwin202en.exe
2008-12-17 03:26 16,597,320 a------- c:\program files\mx850svst100ej.exe
2008-12-17 03:25 11,679,080 a------- c:\program files\fu123mx850win1030en.exe
2008-12-17 03:22 17,409,864 a------- c:\program files\mx850svst64100ej.exe
2008-12-17 03:20 44,198,736 a------- c:\program files\mpnexwin111ej.exe
2008-12-17 03:16 21,865,296 a------- c:\program files\eppwin370en(2).exe
2008-12-17 03:15 2,017,280 a------- c:\program files\ewpwin264en(3).exe
2008-12-17 03:14 2,017,280 a------- c:\program files\ewpwin264en(2).exe
2008-12-17 03:13 21,865,296 a------- c:\program files\eppwin370en.exe

There's a dump of exe files in your program files folder, some look suspicious.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 7:36 pm

no clue what they are

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 7:43 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\*.exe
    c:\program files\*.php
    c:\program files\a337fa43905ef4953971bbf7caeb6087
    c:\program files\*.jpg
    c:\program files\*.chm
    c:\program files\winzip112.msi


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 9:40 pm

========== FILES ==========
c:\program files\OTMoveIt3.exe moved successfully.
File/Folder c:\program files\*.php not found.
File/Folder c:\program files\a337fa43905ef4953971bbf7caeb6087 not found.
File/Folder c:\program files\*.jpg not found.
File/Folder c:\program files\*.chm not found.
File/Folder c:\program files\winzip112.msi not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_174027

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 9:44 pm

Did you run OTMoveIt twice there, the log doesn't seem right.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 10:31 pm

Yeah i did >.< i didnt mean to ; ; but i checked back to see what i needed to do here and they closed >.<

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sat Apr 18, 2009 11:34 pm

Ah, that explains it. Run this, it will probably come out clean, but I'd like to be sure.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sat Apr 18, 2009 11:54 pm

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/18/2009 7:54:14 PM
mbam-log-2009-04-18 (19-54-14).txt

Scan type: Quick Scan
Objects scanned: 77275
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sun Apr 19, 2009 12:13 am

Hello.
If the spam is still being sent, then you aren't dealing with an infection. You've been phished most likely.

See this article:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Email hack

Post by AngelsElf on Sun Apr 19, 2009 1:57 pm

As far as i know it was only sent out once and ummmmmmm what is phished?

Also i dont use MSN only Windows Live Hotmail or is that the same thing >.< excuse my noobness.

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30337
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Email hack

Post by Belahzur on Sun Apr 19, 2009 2:24 pm

Same thing.

Phished means you've entered your details into a fake webpage that looks real.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum