Email Contacts hacked - viagra links sent

Greetings Honorable Geek :major Squad::wave

This morning I learned my Yahoo 'email contacts' were hijacked and all recipients were sent a email from me with an international link selling viagra and Cialis. First I scrambled to broadcast a message not to open. Then I ran Avast and Malwarebytes - no problem. (Actually ran these two programs last evening before this happened).

I know this is very common of late. Is there ANOTHER program I can download to learn if I have an 'email worm' or... correct any problems as a result of my e-contents being hacked.

Question: Obviously someone hacked in.... is there a special 'anti-virus' I should run? Should I download 'house calls' from this site?

Re- Geeks Malware Removal program... I just completed this three weeks ago and have been diligent in keeping system clean and updated. I refer here to the 'email threats'. Should I run another program (from Geeks site) for an email worm? Avast & Malware Bytes did not pick up a viurs? IS IT OK TO HAVE MORE THAN TWO ANTI VIRUS on System?

Please advise......I humbly ask...
Thank you ! Snapper

 

Hello Tim:wave..
Thank you for fast reply.

(drat) I already changed my 'pass' from same system... don't have another pc.

YES I do want for the :major to check for 'Keylogger'. This is a term I was previously unfamiliar with. I WILL follow instructions as you stated. Since this takes some time and focus... will have to do so in a few hours as I am due for work shortly. Thank you again...
humbly.....
snapper
PS - nice photo...

 

Hi Tim:major

Came home early as I think this has been a larger problem than earlier thought today.

For months I have been trying to eradicate the 'browser' from moving up and down, and closing out - almost impossible to even type. In some cases, if I move the mouse to the left - the screen moves in the other direction. Very "Addams Family-esqe". Then in Feb, hit with 2 hijacks and 11 trojans. After cleaned up - the rolling of screen only slowed down. Today - even as I type - the screen movement has increased. Hence your description of keylogger may be the origin.

Ok - just poured a good cup of java (wish I can offer you same) and about to start following instructions - as you prescribed. Will respond, as directions direct.

Later & thank you
snapper

 

Greetings)

Yes... I want that 'cocktail' myself -:yum- lovely that you are. Will have mine as soon as I submit the logs.

Just checking.... the malware removal guide or (recent thread with browser problems) Master Chaslangs - "Fixing Google Redirection/Hijacking Problems"?

If you are able, please advise. Wish you a 'smooth' evening, and thank you again.

kindly
snapper (aka nadine)

 

Dr Moriarty::cool

Kind of you to assist.... I was a 'fish out of water when this plague hit my system' yesterday and easily missed Tim's detail.

Cheers & Thank you,
Snapper

 

Dear TimW:major

Summary: ComboFix - was a problem.... .

When last left off yesterday my Java and I ran every bit of ChasLangs repairs per letter. Once I got to Section 7: I ran M/Bytes and SAS (showed an old virus from 2/24/2011 in vault. Even though I just downloaded SAS). I ran Combofix - system started and hung at the intro message "normally takes ten minutes .....time easily doublt". This HUNG for 1.5 hours. I ran this previously and know about the rolling stages (50) and know this works.

After 1.5 hours, I closed out. My system was hung. Re-booted (20 times) tried everything, after the first keystroke.... I was frozen. I tried to restore, I tried all I knew from quitting about 3:00 am. :banghead: It did however run Avast - which reported no problem. Could not get on the net. Basically I was semi-fried. Gave in (since I could not email you for assistance) Took the unit to a local comp/shop. They got in - and the virus was 'ComboFix.exe'. It disabled and corrupted Avast and CCleaner. Once he cleaned this up, they reloaded Avast and I deleted all the programs I downloaded for last nights malware cleaning session. While I still have M/Bytes and SAS, those logs are most likely still on my system. But would not show the problems CombFix created. Combofix is OFF my system. Either ComboFix was corrupt or the residence virus on my system 'morphed' into CombiFix. I defer to your good judgment as to whether ComboFix is 'now bad' or became bad on my system. I know this may be important to :major

So for this moment, and having been at this (minus 3 hours) for the last 24 hours. Need to turn off for a day as this reigned over other matters. HOWEVER - I am aware that for the best in of :major - [COLOR="Blue"]there may be some information upon my system which I can extract for you immediately. [/COLOR]

TO RESUME M/ware fighters program - do I have to start all over again - or just resume from Section 7 with the running of the anti-malware (M/Bytes, SAS, Superman icon, MGTools, Rootkit) Please advsie.

I will be on for the next few minutes, otherwise will check back tonight.

Thank you -
:zzz snapper

 

Hi TimW::major

I agree about ComboFix not previously have been a problem. As you said, most likely was the 'virus' already on my system.

Thank you for the directions as to where to resume. I will. Now for some W/wine and shot eye.

Have a good night.
:wavesnapper

 

Re: Email Contacts hacked - viagra links sent - logs

Good Morning TimW:major

Ran SAS, Mbam & MGTools as directed. Logs are posted below. SAS & Mbam logs were not readily loadable herein, I copied tonights log into a word doc and attached. MGTools log attached as normal.

Note: MGTools exhibited a pop-up during running "application failed to initialize properly (0xc0000135) clikcl ok to terminate'. I waited for it to resume, it did not.

Thank you for your dedicated efforts in helping others!

best,
snapper

 

Dear TimW :major

Thank you very much for looking at my logs. Thus far - No problems, but have been on system a limited amount of time since getting my lap top back yesterday.

THIS virus incident is the 2nd time my 'butt' has been kicked in the last five weeks. The last blast I had 11 trojans and 2 hijacks. Throughout and there after the screen kept rolling around in software and browsers ala Addams family. (as if someone was toying with me remote - as mentioned). Then two days ago my viagra emails were sent. I suspect my system was not fully cleaned after the last blast five weeks ago. Maybe - actually - hopefully now I am clean. I am relieved you viewed no negative indication!

Question: I run Avast, with Mbam, along with CCleaner and ZoneAlarm firewall. I don't game or download. Just visit news and sciences sites. Why do I keep getting hit? Or is this just the times. My system: Dell laptop, XP Pro, I realize this question may be too below you (truly) yet I just thought to ask. Am I using the best items? Please suggest if you feel inclined.

Again I am very grateful for your time and assistance TimW. Thank you!!!

best!
snapper

 

Good Morning TimW::major

Thank you for the great reply! You have given me a lot to work with. I will to have to re-construct my current AV & AM program, and I will use what was recommended.

Purchase: YES I completely agree :major should be supported! Especially via purchasing products. With all the virus's I have had of late - I will - only if I can speak to someone via phone with my credit card number. That actually has been a problem in trying to order. Have not tried yet with :major.

It is Sunday am and I have a date with my kitchen to finish painting. Hence I will get back to the comp issues tomorrow night. Herein I just wanted to reply, as this is certainly a courtesy you deserve

Bad sites: I have 2. The one 'avast' usually rings off is 'accuweater'. Yes this is blah - sure you have covered this. But I have a good one - if your looking for risk - this will offer: ([B]www.abovetopsecret.com[/B]). Surf the links (in addition to finding out some very interesting earth & space activities). All the 'you tube' downloads - are subject to - well - walking down a dark Alley. If this is old news to you - sorry. (great site actually). A lot of loonies visit this site. If you hunt certain threads - 'real issues' - and keep digging - I find my jaw usually hits the keyboard in what is actually out there. :eek Since this is real time posts from folks all over the world - as I said - dark alley. Hope you find some 'trouble'.

Wish you a great weekend. Will check back after I run the programs you suggested.

If possible - do you know if there is a party with whom to 'speak' to with regard to purchasing at :major site? Have not hunted that down too much this morning.

Kind regards TimW:
snapper

 

Good Evening TimW:

As stated, Sunday am, not enough coffee.... The attachment you very kindly included in your response mentioned - 'support :major'. This I took to mean 'purchase' as I agree :major deserves to be supported. I thought through a purchase. Thank you also for the mbam link.

You offer great recommendation which I will set about installing. i will most likely will email once more after installing new programs).

snapper

 

Greetings TimW:major

Finally getting time to clean and shore up my system with you GOOD recommendations. In the process I came up with a couple of questions: (yes I read your attach).

Deleting ComboFix: because of my system 'leveled' after activating a virus (on my system) during malwarebytes clean up process - the 'shop' I brought my laptop to unloaded ComboFix. But a directory remains off of c:\. Though not listed in 'add/remove' - 280 files & 20MB, but files are hidden. In order to fully remove - should I re-download Combofix - then run the un-install program?

Unsual File Directory: Again the night I was running Chaslangs list - before posing my logs was 3/30/2011. Off my c:\ I see a directory called Qobox (104 kb) with this date - can I delete?

Hiberfil.sys file - Do you know what that may be? 523,000 KB "Pagefile: - 786,432 KB?
These 2 files were installed around same time of virus being activated. Off Directory c:\.

How to protect myself: Yes I am working through the :major recommendations. Trying to clean system, as directed.

I realize you are very busy helping others - and humbly I ask - with regard to the questions herein - I just don't want to get hit again. In setting up my system - as :major recommends - I wish to take the correct measures.

Thank you TimW for all of your assistance.

I am off to the rolleyes evening meditation - (saviougn blanc).... I will :wine 4-U!
snapper

 

Good Day TimW::major

Been off-line since Friday, just rec'd your reply - Thank you! I do use hibernate - so I will keep. I appreciate your replies to my questions. I am still trying to clean up - and install the necessary programs to keep my machine running.

Thank you also for the 'combofix & MGtools advise. Have not deleted MGtools as of yet. Hopefully tonight (house repairs and job).

Also going to purchase Mabm ... today as my primary (as recommended). Again thank you for your time and counsel.

Will once again toast your 'Malware fighter' :dood:dood dragon slayer skills this evening. I hope you like white wine (well... you have had a few...)

Will check once all is installed.

Happy day...
snapper

 

Dear TimW:

HELP HELP !!! .... this has gotten out of control. I just got up an running today - (just bought Mbam) and have Avast running. I downloaded 'cc-cleaner' to start getting back on a clean track. SInce then I have rec'd about 20 'Avast trojan' alerts 'threat has been detected'. I could not open up email (using my Opera browser)... the virus on Avast was 'bluelithium' and "facebook.com' as described by Avast. No matter what I did under Opera... the threats kept coming. Avast said the virus threat was under 'opera.exe' - so I deleted Opera thinking this may have been a culperate since the last Viagra messages. Then it happened when I was using IE. Honestly TimW....I can't even get back to normal. PLease advsie - You said that anti-virus does not cover email. SHOULD I DISENGAGE AVAST AND ACTIVATE MBAM as primary..... :cry.... going to run MBAM (licensed) now.. I am JUST trying to get my system safe....:cry
thank you
snapper

 

Hi...TimW... Thank you for responding.

!! I actually performed a Avast update before all this happened (and I was thinking it was CCleaner)..... I did read the threads you sent - TU. And I am not the only one to unload a browser.

Since this started I purchased Mbam..... and just ran.... did not detect any problems.

I will update AVAST now and - per you - hopefully this will allow me to earn an income (need my pc for that).

Is it OK to have Mbam - and AVAST running - which one should I turn off..... if you can - PLEASE advise....

:heart - snapper

PS What is a major cake licker - doesn't sound good...... but I am with you - this is getting old....

 

Hi TimW :major

Greetings.........:mad - yep that is what I have looked like for the last 30 hours.

After downloading the avast update (after you advised of update)... I rebooted. and that was it. System froze and never got past load up. Since that time yesterday this machine and the (myself) have been sitting in the comp repair shop. Turns out.. somewhere along the way in this problem... something ate my windows files. Gone - along with everthing else on my computer. Ok..... new install.... to include Mbam and Avast. Not fully back.... but wondered if any other similar victims surfaced yesterday after the Avast problem. (maybe the last virus corrupted my system)

rolleyes - At least I know my system is clean.

Off to the bar... I will be thinking of you.....

 

Hi TimW:

Nice message - t/u. I think that after all the virus trouble I had, and all the nasties - the system must have been compromised. Even though it is more than a pain in the .... to reload and get all my programs back & down loading appropriate items. As I said - I just think I had a nasty somewhere which was hidden - and or the config files were shot. I hope no one else has this trouble. When I ended with malware after downloading ComboFix - which activated something - that should have been the clue I had a bad one hidden. Too bad I could not deliver it to you.....(so you could destroy it)......

By the way - how is your headache.... better? You had a good time last night :wave