Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Sending Dodgy emails

  • 16-12-2010 09:44AM
    #1
    Vinnie70
    Closed Accounts Posts: 32


    Hi guys,

    I think my email has been hacked. Everytime i go into my hotmail account everybody in my address book gets an email about buying electronic goods. I have scanned my pc with AVG and spydoctor and found nothing and if I start to compose a new mail I get this message at the start unless I delete it

    Hello, dear.how are you doing ?
    I introduce you a Very low price ,original quality site: www.emallzone.org Iphone ,Ipad,Blackberry ,PS3 ,,nikon ,SONY ,motorcycle ~! They do wholesale business. i think it is suibalble for your business , contact E-mail:emallzone88@188.com Msn : emallzone388@hotmail.com
    I have got a iPhone , very fast shipping.

    Has anyone else had this issue and if so how do I get rid?

    Cheers guys


Comments

  • #2
    bhickey
    Registered Users, Registered Users 2 Posts: 1,340 ✭✭✭bhickey


    Have a read through this thread first. You should do a good check for viruses first, then change your password and clean your personal signature in Hotmail.


  • #3
    Vinnie70
    Closed Accounts Posts: 32 Vinnie70


    Thanks bhickey! Just got rid of that message at the start of composing a mail, it was my personal signature. All I have to do now is scan for malware so I'll let you know how I get on.

    This is the result from the scan with Malwarebytes Anti malware

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    16/12/2010 13:57:20
    mbam-log-2010-12-16 (13-57-20).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 271809
    Time elapsed: 1 hour(s), 24 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 9
    Files Infected: 23

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (Worm.AutoRun) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwareremovalbot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows network data management system service (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\12087504 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\92097496 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\AG\Local Settings\Application Data\Mozilla\Firefox\Profiles\k395urp7.default\Cache\A4350937d01 (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Local Settings\Temp\Rar$EX01.656\keygen\santa.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Local Settings\Temp\Rar$EX01.719\keygen\santa.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Local Settings\Temp\Rar$EX02.531\keygen\santa.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Local Settings\Temp\Rar$EX03.094\keygen\santa.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-436374069-484763869-839522115-1003\Dc30.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\12087504\12087504.glu (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\12087504\pc12087504cnf (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\12087504\pc12087504ins (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\Log\2010 Dec 16 - 10_36_22 AM_562.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\Log\2010 Dec 16 - 10_57_04 AM_046.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Start Menu\Programs\System Security\System Security 2009 Support.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Start Menu\Programs\System Security\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Desktop\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\cd1f7b22-eb89-415f-9233-d2e0df9bb23c.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\AG\list.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\MalwareRemovalBot Scheduled Scan.job (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Adrian Griffin\Local Settings\Temp\server.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Advertisement