+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 37

Thread: Hotmail Virus?

  1. #1
    Ultimate Member gyoung's Avatar
    Join Date
    Oct 2001
    Location
    Carmel, IN
    Posts
    1,066

    Hotmail Virus?

    The other day my wife's hotmail account sent 3 emails to her entire contact list in her hotmail account. The text of the email was:

    Dear friend:
    We are wholesale company which can offer you laptops,Digital cameras,videos,GPS , cellphone,mp4,game console and many other electronic products with international guarrantee all over the world.
    We can offer you both high quality products and good price. with the new beginning of 2008, we want to have a long term business with you/your company If you want to buy something ,please feel free contact us at:
    our website : <http://www..com>
    MSN : x@hotmail.com
    E-mail : xhotmail.com
    Welcome to x.com! MSN: x@hotmail.com
    I replaced the address with the x. No need to give them more traffic. Any idea how this could happen? How can a Hotmail account be compromised? I find it very hard to believe that they hacked her password. It was a strong password (> 8 characters) with no words. It was comprised of numbers, letters (in upper and lower case). One of her friends replied that she also received another email with the same message from another friend.

    At first I thought it was a spoof of her email address, but I actually see the sent message in her sent message folder. It happened 3 times at 11:27am, 11:29am, and 11:32am.
    Last edited by gyoung; March 12th, 2008 at 08:41 PM.
    Intel Core2 Quad Q9400,Gigabyte GA-EP45-UD3P,8GB,HD6850,256GB Samsung SSD
    HP Pavilion dv7t Intel i7, AMD HD 6470M, 16GB, 128GB OCZ SSD, 750GB HD

  2. #2
    Banned Keymaker's Avatar
    Join Date
    Jan 2005
    Location
    Loveland, CO
    Posts
    5,489
    Blog Entries
    2
    Run a scan and post the results.

    HijackThis Analyzer & Tutorial

    It doesn't take a password to hijack the inter workings of things through maleware.

    You can use this utlity to trace where the E-Mail came from. Paste the full headers in the utility.

  3. #3
    I Void Warranties KarmaKiller's Avatar
    Join Date
    Feb 2007
    Location
    Springfield
    Posts
    13,485
    Blog Entries
    5
    Hi there.
    My gf works in a office, that runs instant messengers, and she was telling me just the other day that they had a similar thing happen there. It spread through out the hole office though.
    Their IT guy narrowed it down to a IM program though, so you might check that.
    Also, he did mention it was a trojan, so you should run some virus/Adware scans.
    Good luck
    Q6600@4Ghz | i7 920@4.4Ghz |E6320@3.5Ghz
    FAQ's ~ Team Stats
    My PC

    TechIMO Folding@home Team #111 - Crunching for the cure!

  4. #4
    Ultimate Member gyoung's Avatar
    Join Date
    Oct 2001
    Location
    Carmel, IN
    Posts
    1,066
    Here is a copy of the log file. Also, one thing I should mention. This happened the day after I reinstalled Windows XP fresh on her laptop. I installed XP, drivers, and all service packs. The only websites visted during this were microsoft and lenovo.

    I went to bed the night before and the next day she told me about it. It was then that I realized that I hadn't installed the anti-virus software yet. When I got home I installed it and scanned and didn't find anything.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:53:54 PM, on 3/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\program files\airset\airset.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\***** \*****\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [CompanionLink] "c:\program files\airset\airset.exe" -Icon
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1204995129746
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --
    End of file - 7762 bytes
    Last edited by gyoung; May 16th, 2008 at 10:29 AM.
    Intel Core2 Quad Q9400,Gigabyte GA-EP45-UD3P,8GB,HD6850,256GB Samsung SSD
    HP Pavilion dv7t Intel i7, AMD HD 6470M, 16GB, 128GB OCZ SSD, 750GB HD

  5. #5
    Ultimate Member gyoung's Avatar
    Join Date
    Oct 2001
    Location
    Carmel, IN
    Posts
    1,066
    email header:
    Content-Type: multipart/alternative;
    boundary="_1b26284b-fb65-4caa-85f9-6a8d4badb0e7_"
    X-Originating-IP: [58.39.172.238]
    Whois search at whois.net returns:

    OrgName: Asia Pacific Network Information Centre
    OrgID: APNIC
    Address: PO Box 2131
    City: Milton
    StateProv: QLD
    PostalCode: 4064
    Country: AU
    I did this the day it happened, so I knew that something sent this out. I just was confused on what did it since scan came up empty.
    Intel Core2 Quad Q9400,Gigabyte GA-EP45-UD3P,8GB,HD6850,256GB Samsung SSD
    HP Pavilion dv7t Intel i7, AMD HD 6470M, 16GB, 128GB OCZ SSD, 750GB HD

  6. #6
    Ultimate Member 2monsters's Avatar
    Join Date
    Feb 2007
    Location
    Illinois
    Posts
    2,504
    Sounds like she got Phished. Change all her passwords.
    http://en.wikipedia.org/wiki/Phishing

    TechIMO Folding@home Team #111 - Crunching for the cure!

  7. #7
    Banned Keymaker's Avatar
    Join Date
    Jan 2005
    Location
    Loveland, CO
    Posts
    5,489
    Blog Entries
    2
    I don't see anything that would cause this. There are a few unknowns. Do you use Airset?

    The IP address doesn't show up as a Phish site. At least not yet. The site is from China and information is lacking. Usually they will use a proxy so this doesn't say much. Meaning the true IP address is masked even the when the E-Mail headers are sorted out.

    It could be that the person obtained info. from another E-Mail that was sent and opened, there by allowing some kind f virus that read the contacts list in the E-Mail account.

    I would change the passwords and change the setting in the account to not download all the content when viewing E-Mail. I use an E-mail client called Thunderbird and have phish security installed through the use of addons. In web based E-Mail I use FireFox with an addon on called NoScript.

    Has this happened more than once?

    Use this to generate a good password


    http://www.itsecurity.com/features/2...stakes-022807/

    www.trashmail.net


    www.opendns.com
    Last edited by Keymaker; March 13th, 2008 at 05:27 PM.

  8. #8
    Ultimate Member gyoung's Avatar
    Join Date
    Oct 2001
    Location
    Carmel, IN
    Posts
    1,066
    Yeah, we use airset. I don't think it was a phishing scam. She is pretty good about that but I don't know for sure. I had her change her password and it is strong (it was strong before).

    And it only happened once. She did get an email the next day from a friend. Looks like it happened to her friend too. She also had a Hotmail address.
    Intel Core2 Quad Q9400,Gigabyte GA-EP45-UD3P,8GB,HD6850,256GB Samsung SSD
    HP Pavilion dv7t Intel i7, AMD HD 6470M, 16GB, 128GB OCZ SSD, 750GB HD

  9. #9
    Junior Member
    Join Date
    Apr 2008
    Posts
    1

    Hotmail virus

    Similar problem occurred Mar.31/08 I had this Electronics outfit send two emails to my entire contact list BUT when I went to look at my Contact list --IT WAS GONE! Two nites later they did it again EVEN tho my contact file was gone. They seem to be holding it captive. Two qwestions? Is Microsoft doing anything about this to anyones knowledge. Second My NOD32 scanner pick up nothing so please let me know if anyone finds a virus scan to find this & clean it??
    Many thanks Balmybrucevivi

  10. #10
    Super F@D Folder
    Join Date
    Jun 2004
    Posts
    5,093
    If you do a search for the first sentence of that you can find stuff all over the web with nearly identical setups

    I'd grab a trial copy of avg antivirus/antispyware. Well to be honest, I'd trash McAfee and buy the version of avg for $35. Much better protection. The only thing it's missing is the firewall but I'd think you're better off with a free firewall over McAfee's anyways. From my experience their software is junk!

    Big question is, do you have a router? If she's aware of what she's doing on the web and you have a router, I may not even worry so much about a firewall...

    -Kevin

    BruceV - Post up scans using hijack this. I wouldn't trust just one anti-malware program if there's evidence of an infection. No av program is perfect! On a side note, you'd probably be better off opening your own thread for it, that way we can comment on each problem specifically rather than trying to help two people in one thread! The problems seem similar but they may be very different...
    Last edited by sr71000; April 3rd, 2008 at 12:54 PM.

  11. #11
    Banned Keymaker's Avatar
    Join Date
    Jan 2005
    Location
    Loveland, CO
    Posts
    5,489
    Blog Entries
    2
    Last edited by Keymaker; April 3rd, 2008 at 10:16 PM.

  12. #12
    Junior Member
    Join Date
    Jun 2008
    Posts
    1
    same thing happened to me...three time this past week...I'm just not sure what I am supposed to do to stop it. It's quite annoying! I'm a real novice at computers...so any assistance from those more experienced might help. I do have an antivirus program on my laptop...why would this still happen?

  13. #13
    Junior Member
    Join Date
    Jun 2008
    Posts
    5

    Angry hotmail

    spent 2hrs and 41min last sunday on phone with m-soft over this!!!!!last week i installed I.E.7 and almost ended up tossin my l-top in the street.4.5 DAys . UN-INSTALL "7" and hope it's not ruined!!! Mine works but, 10 times worse than b-4!!!!!!!!!!!!!!

  14. #14
    Banned DeathWish187's Avatar
    Join Date
    Sep 2004
    Location
    Joliet, IL
    Posts
    2,858
    use gmail

  15. #15
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    email hijack

    I think it is also problem for gmails
    Unauthorised use of my Gmail contact list - Reading Messages | Google Groups

    and mac computers too...
    Apple - Support - Discussions - Browser hi-jack, virus, worm or ? ...

    my Aunt's computer has sent me an email (and all her contact list)
    if there is a copy in her sent folder, I assume it's not just a spoof and she should at least change her password... maybe reinstall everything?

    I can't tell from reading these forums if this is a system wide problem like a virus/worm or what?

    any advice from those whove fixed the problem?

  16. #16
    Junior Member
    Join Date
    Jun 2008
    Posts
    2
    x
    Last edited by notjustpretty; June 30th, 2008 at 01:46 AM. Reason: duplicate

  17. #17
    Junior Member
    Join Date
    Oct 2008
    Posts
    1

    Cool same thing plus

    I actually received one of the emails from a friend of mine and then I sent a new message back (not a reply) to tell her to check out her computer for a virus. A few minutes later I recieved a reply that had VACATION REPLY in the subject line and the same message from the original email. I'm betting that the problem is actually with M-Softs server where the info is stored not your own computer. Anyone that has a problem or gets an email should notify hotmail so they can pull thier heads out and solve the problem.

  18. #18
    Junior Member
    Join Date
    Nov 2008
    Posts
    1
    Quote Originally Posted by slagski View Post
    I actually received one of the emails from a friend of mine and then I sent a new message back (not a reply) to tell her to check out her computer for a virus. A few minutes later I recieved a reply that had VACATION REPLY in the subject line and the same message from the original email. I'm betting that the problem is actually with M-Softs server where the info is stored not your own computer. Anyone that has a problem or gets an email should notify hotmail so they can pull thier heads out and solve the problem.
    This EXACT problem is happening with me right now! I wish I knew how to rid of it... as I would hate to lose all my emails and such by having to cancel the account and switchover to say...gmail.

    Any solutions yet??

  19. #19
    Junior Member
    Join Date
    Nov 2008
    Posts
    1

    Hotmail 'Vacation' virus...

    I don't know if this is a fix/solution.
    Goto your hotmail options, select 'vacation' and remove the advertisement from there, and set the autoreply to 'Off'.
    Also in the options, check your signature. Mine had the advert installed there as well. I've tried sending email to my work acct and it looks ok right now.
    As to how this happened, I imagine it's a virus on the Microsoft server.

  20. #20
    Junior Member
    Join Date
    Jan 2009
    Posts
    1

    Me too

    This happened to me. The exact same message went to everyone in my contacts list today, appeared in my Sent Items 70-odd times, but also every recipient bounced back a Mail Delivery Failure message into my inbox.

    I then found that the whole message was installed as my personal e-mail signature, and also as my vacation reply, though my vacation reply wasn't activated.

    I've run AVG, Microsoft Malicious Software Tool, Search and Destroy, Ad-Aware and they all say there's no virus.

    I'll be changing my email password but from what I've read before that may not make any difference so I'll be keeping a close eye on it for the next few days. I'm sincerely hoping it doesn't happen again as I can't keep sending apologies to everyone in my address book!

Quick Reply Quick Reply

If you are already a member, please login above.

What is 10 and 5 added together?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. HOTMAIL: Virus SPAM
    By MatrixmaN in forum Security and Privacy Issues
    Replies: 10
    Last Post: March 29th, 2011, 10:46 AM
  2. Replies: 0
    Last Post: September 22nd, 2006, 02:06 PM
  3. "johnnie_blaze_ hotmail.com" is a virus.
    By HaPeErKa in forum Networking and Internet
    Replies: 3
    Last Post: February 7th, 2005, 04:22 AM
  4. Hotmail Virus Alerts
    By robexe in forum General Tech Discussion
    Replies: 1
    Last Post: March 2nd, 2004, 09:31 PM

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Copyright 2014 All Enthusiast, Inc