Accidentally Opened Email ~ Please Help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dell_girl_here, Nov 6, 2012.

  1. dell_girl_here

    dell_girl_here Private E-2

    Hi,
    I accidentally opened an email with an attachment. I went and changed our passwords numerous times but someone is now logging into our email accounts and I am getting tired of it.

    I scan my computer with Norton 360 but nothing shows up. I don't know what to do to fix it so I am hoping some of the big boys (or gals) can offer me some ideas. I think I know who did this and I also have their computer IP's if that'll help out. Is there a way to do a remote assistance with my Windows XP? I would have to have someone who also is running that program, right?

    Please help me!


    Computer_Girl_here
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  3. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,
    I was checking to see if anyone responded to my message and didn't see anything for a bit so I was getting discouraged. Seeing your response is wonderful. I just hope that I can follow thru with this computer stuff. I am a novice but hope to do it just the same.

    I used our other comuter to change all passwords.

    I am usng our other computer which is connected to a Linksys router. I have had the Dell computer turned off all day.

    Thank you again for helping. I'll read the info that you mentioned.

    Dell_girl_here
     
  4. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,

    Before I start any of the malware scans, I wanted to know this:

    I use IE 8 for our browser. Lately, everytime I open it, I get a message saying that my browsing session closed unexpectedly and would I like to restore it or go to the home page. I always shut it down because it seemed suspicious to me. I know that I shut the computer off correctly so something is up.

    I installed SnoopFree from snoopfree.com and thought that I would test IE to see what it did. I got an urgent message saying that someone was trying to do a keyboard hook on our keyboard. I blocked it. Snoopfree was recommended to me by a police officer. I am now using Google Chrome instead of the IE 8 browser. (In case I need to get online, which I'm not from the Dell).

    I'm wondering do I uninstall IE 8 or keep it in case it shows you something that might be on the computer?

    I already have CCleaner installed. Should I remove it? I can always download it again to do the malware scans.

    I wasn't sure if someone could alter my CCleaner or my Norton 360 program. Everytime I scan the Dell, nothing shows up. I have Malware Bytes Anti Malware, too. Should I leave it alone? I just scanned with it and no malware showed up. It seemed to take longer to scan but lately it scans in only 47 seconds.

    I will wait to hear back from you.

    Thank you,


    Dell_Girl_Here
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Don't uninstall anything unless directed to. Run the Read and Run first instructions and attach the requested logs. ;)
     
  6. dell_girl_here

    dell_girl_here Private E-2

    Ok, will do.

    Wish me luck!


    Dell_Girl_Here
     
  7. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,
    I almost hate posting this. I can't install the Rogue Killer. My Norton 360 gave a warning that it wasn't safe to download. I was going to do it anyway but will wait for now.

    On the MG Tools, it started out ok but then I received an application error:

    The application failed to initialize properly (0xc0000135)

    Click to terminate the application.

    I noticed in our history, a web site from new.livejasmine.com was showing up. I was the only one in the system and I checked it this morning and it was still there but when I went to show it to my husband, someone had removed it and I know that it wasn't either of us. I was also getting about.blank in the search bar. I was using google chrome instead of IE. Someone also blocked me out of my yahoo account.

    I'm going to stick with trying to get the logs posted. Something tells me it's going to be fun.

    We're getting a new computer but I want to clean this one up because I have 3 people that want it. I also have another computer at home that I use for business and personal info and it hasn't been a problem.

    I'm sorry if I wasted your time on this.

    Dell_Girl_here
     

    Attached Files:

  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Attach both of these logs into your next reply.
     
  9. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,
    I tried to download the OTL program but I received a message at the top of the tool bar saying:

    To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options. When I click on it, I get a download box but it also gives me a security warning:

    Name: OTL.EXE
    Type: Application 588kB
    From: www.itassociats.com

    Any ideas?

    I really appreciate all that you're doing to help me. It's nice to know that there are still some good guys out there watching out for us.

    I hope that we can figure this mess out.

    Have a good weekend!

    Dell_Girl_Here
     
  10. dell_girl_here

    dell_girl_here Private E-2

  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
    cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
    GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
    ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
     
  12. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,

    I hope I did this correctly.

    At the cmd prompt, I typed in :

    cd\mgtools and hit enter.
    getrunkey and hit enter.

    It moved along but when I typed in shownew, it didn't do anything. Maybe it wasn't supposed to?

    Anyways, here's the info I hope it is what you needed. I'm a novice here but I'm always willing to learn!

    I'll check back later to see if it worked.

    Dell_girl_here
     

    Attached Files:

  13. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,

    In case you needed this info from the command prompt box.

    c:\windows\system32\cmd.exe-getrunkey

    Microsoft Windows XP (Version 5.1.2600)

    (c) Copyright 1985 - 2001 Microsoft

    C:\Documents and settings\Tom>cdmgtools

    Getrunkey.bat-10/28/2012 Version 2.71

    Note: Ignore any error messages about not finding registry keys! Just wait for the program to stop running.

    Zipping runkey.text

    Finished zipping runkey.txt

    This is all that was in the command prompt box.

    Keeping my fingers crossed!
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
  15. dell_girl_here

    dell_girl_here Private E-2

    Hi Tim,
    If you read this, you may want to grab a cup of coffee or a stiff drink! I guess whoever is in my computer doesn't want me to post anything here because after I ran combofix, I came back here to post the log and I couldn't access the Major Geeks website from the infected Dell.

    I tried logging in from our other computer which is connected to a wireless router but it also blocked me from this site. I went to IE tools, internet options, security, allowed sites: nothing was entered in.

    A few days later, I then went to restricted sites and there were hundreds and hundreds of blocked sites. We never blocked one site in the restricted sites. Majorgeeks.com was restricted among many other computer related sites but the others were mostly porn sites including kiddieplayground....sick.

    I noticed that someone shortened the restricted sites and if you want to set it back to the default settings, the box is grayed out. You have to manually delete each item and who wants to sit and do that? I'll find a way to ge it back to the way it should be.

    We had the Dell computer in the shop that also services my husband's work computers just this past August. They had it for a week. They installed a new hard drive that was still under warranty. The person who is getting the computer is wondering if the IT person may have installed some program to gain access to the Dell? We are giving the Dell to someone but I want to fix it before that happens.

    I looked at the Combofix.txt log and this stands out.

    Exact words:

    c:\Windows\System 32\Drivers\i8042 prt.Sys...is missing!!

    The Dell isn't hooked up anymore but we are giving the computer to them as soon as they stop by to get it. They wondered if they should just buy a new hard drive and install a new operating system or if they can reformat the Dell and reinstall the programs?

    I'm sure they tampered with my Registry, the Malware Bytes, My Norton 360 and other things, too.

    Do you have a headache yet? I understand if this is too complicated to fix so if you don't want to help, I'll fully understand. I aim to figure this out and I know that our friend who is getting the computer will also appreciate it.


    Thank you for everything!

    Dell_Girl_Here
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Well, frankly there is not much we can do since you are unable to run most of the scans. My suggestion, since you are planning to give this computer away, is to reformat and reinstall. You would want to remove any personal info anyway. At least that way you would know it was safe to give away.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds