Hotmail account hacked

Hi!

On the 10th April around 1930GMT my hotmail account started sending spam to my contacts. I have changed my password.
I have run all the tools as described in read and run first. As trojans were found in this process I would be grateful if you could check my logs and make sure my system is no longer infected. I don't feel safe shopping online/internet banking etc at the moment.
Root Repeal would not run - I will attach a screenshot of the error message in the next message.

Thank for your help

 

Root repeal error message attached..
lemonthins.

 

Hello lemon.thins,

Your logs are clean but here are a few steps I would recommend:

From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 29 (outdated)
• Java(TM) 6 Update 7 (outdated)

__

Now install the current version of Sun Java from: jre-7u3-windows-i586.exe
__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Thanks for your advice, and for checking the logs..

Since I posted last my hotmail account has been blocked - I have unblocked it by following the steps provided by windows live - but is this a sign of further infection?

Thank you,
lemonthins.

 

No. It sounds like Hotmail took measures to prevent your account from continually spamming others is all.

 

Cheers, was hoping it was something like that! Thanks for your help

 

You're welcome

 

Hi,
Since I ran the tools, Avast does not begin at startup any more - is there a fix for this?
In MSConfig it is listed under services, but not under startup.
Is there a fix for this?
Thanks

 

Manually open Avast and re-enable the protection modules. Remember we had you disable Avast before as part of the running ComboFix procedure?

 

Thanks for your reply,

I re-enabled Avast after uninstalling combofix. The problem is that now, it doesn't run on startup, which means I have to manually open it from the start menu every time I turn my computer on. Before running the tools Avast used to begin with startup. I'm just wondering if there's a registry fix that will set things back to normal?

Cheers

 

Attached is a registry fix you can try. Let me know if it works or not.

You will have to merge, and then reboot.

 

Hi,

I had no luck with the registry fix, but thanks for trying. In the end a fresh install of Avast got it working again.

Thanks for all your help

 

You're welcome.