My Email Has Been Compromised - Please Help

The Crab

My email address has been compromised and it has been sending out bull**** emails to my contacts. I have changed the password to something more secure and also done likewise with the security question.

I'm currently running Malwarebytes and so far it has found 20 infections!!!

My biggest concern, however, is I have been accessing my online bank account and also paying for things via paypal, and credit card (albeit on reputable sites such as ebay and Ryanair). Are my bank details now likely to have been also compromised or will that https thing that those sites have have kept me safe?

Also, should I run a full avast scan (I heard with avast you don't need to as it checks your system continuously)?

FSL

I would cancel the cards and request they be reissued as you think they may have been compromised.

It's inconvenient but a lot less inconvenient than trying to convince your card issuer you have been defrauded.

https ensures a secure connection it doesn't protect against key loggers.

It is a good idea to have a second credit card account which you don't use and keep the card securely locked away. Then if you ever lose your cards or have your computer compromised you have a card to use whilst awaiting replacement of your usual ones.

Iwannahurl

What email program/facility are you using?

The Crab

Iwannahurl wrote: »

What email program/facility are you using?

It was hotmail that I had the problem with.

I'm not sure anything else has been compromised. There were 27 malware items on my system :eek:, which have now been removed. The email account was actually that of my wife who was using a very easily guessable password so maybe the problem was that.

Is it absolutely essential that I cancel my cards, if I cancel them I'd have to cancel all that I have as I have used them all online at various times. In turn that would mean I have absolutely no access to any money until the new cards arrive :eek::eek::eek:.



I'll give a few more details in case it helps people to understand (and tell me please) what has gone on...

1. Its only my wife's email account - hotmail - that has had problems. Her password was very straightforward and highly related to her (anyone who knows her could have guessed it).

2. I have various forum passwords, email accounts, and facebook account. All my passwords are particularly strong and don't seem to have been compromised.

3. The malware that was found was...


Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

Iwannahurl

What are the "bull**** emails" being sent from your Hotmail account?

mbiking123

Hello

Do you have up to date anti virus software on your computer ?

Have you recently done a system scan with the anti virus software ?

Can you see the outgoing emails in the hotmail account ?

White Wolf Airsoft

I have had the same problem in the past and here is what you need to do now
Step 1 Update windows and your AV
Step 2 Disable system recovery (Some viruses can reninstal themselves)
Step 3 Boot into Safe mode |(Press F8 while starting up)
Step 4 Run a Scan with EVERYTHING you have in safe mode
Step 5 Now Change your passwords as your system SHOULD now be clean
Step 6 Also if you can i would advise changing to Gmail as there is a feature that makes you get a text message everytime you try login and asks for a Code sent to your phone this makes it Near to Impossible for an attacker to get in
Step 7 If you Do think your cards are compromised Ask for the credit company to cancel and re issue them
Step 8 Do not go to sites that are untrusted Even if they look good and be aware of phishing scams
Step 9 Buy me a drink for Saving your System jk
Hope this helped

The Crab

White Wolf Airsoft wrote: »

I have had the same problem in the past and here is what you need to do now
Step 1 Update windows and your AV
Step 2 Disable system recovery (Some viruses can reninstal themselves)
Step 3 Boot into Safe mode |(Press F8 while starting up)
Step 4 Run a Scan with EVERYTHING you have in safe mode
Step 5 Now Change your passwords as your system SHOULD now be clean
Step 6 Also if you can i would advise changing to Gmail as there is a feature that makes you get a text message everytime you try login and asks for a Code sent to your phone this makes it Near to Impossible for an attacker to get in
Step 7 If you Do think your cards are compromised Ask for the credit company to cancel and re issue them
Step 8 Do not go to sites that are untrusted Even if they look good and be aware of phishing scams
Step 9 Buy me a drink for Saving your System jk
Hope this helped

Thanks everyone. The bullsh1t emails are just things like "I found this spare parts company really useful, why don't you use them too?"

Thanks for the guide to how to get rid of viruses and spyware. I ran scans in normal mode today but I will do the safe mode scans tomorrow (my computer will be turned off in about 2 minutes and won't be on again until tomorrow).

I will get my wife (as I said, it was her email that was hacked) to change to Gmail. Maybe I'm being naive but I think the problem could easily have been that her password was p1ss simple to guess, it was extremely well connected to her and was a simple English word. I've been trying to get her to change to more cryptic ones for years but she kept telling me I was just a security freak.

I'd be really interested to know if there is a way I can tell what those files that MalwareBytes alerted me to are. They could be purely annoying or they could be plain dangerous so where they lie would dictate how security orientated my reaction will be. Maybe its naive but I'm hoping that she's just gotten a fright and will cop on a bit in terms of creating passwords that are difficult to hack etc (I know mine aren't exactly golden but they would require a lot of effort).

The only problem re: trusted sites is that I do do things like watch sport online.

Iwannahurl

My Gmail was hacked.

My Out of Office function (or whatever it's called on Gmail) was altered to send the same spam message over and over.

It was a simple matter to restore the original settings and change the password. BTW, the Gmail 'report spam' facility was no use at all.

White Wolf Airsoft

Iwannahurl wrote: »

My Gmail was hacked.

My Out of Office function (or whatever it's called on Gmail) was altered to send the same spam message over and over.

It was a simple matter to restore the original settings and change the password. BTW, the Gmail 'report spam' facility was no use at all.

Yes but if you have the gmail SMS security setting turned on then if someone has your password they still need the confirmation code sent to your phone to get in