Windows Live Messenger account hacked

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by MaliceMizer661, Nov 9, 2008.

  1. MaliceMizer661

    MaliceMizer661 Private E-2

    I was informed by a friend on my Windows Live Messenger account that they recieved a chat message from 'me' that said something along the lines of "check out these awesome pics from the awesome party ←" with a strange URL link also.

    Basically, I can see that somehow my account has been hacked.

    What should I do?

    Thank you,
    Scott
     
  2. MaliceMizer661

    MaliceMizer661 Private E-2

    (Was not able to edit above post to add this information)

    I did attempt to fix this myself, but since the quotation "check out these awesome pics from the awesome party" was the only hint, I was not able to find many resources about this problem.

    Apparantly though it is a worm which Trend Micro can pick up, but perhaps other anti-virus programs can not.

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.SN&VSect=T

    Anyone have any ideas about how I got this or more importantly how to fix it? I never clicked any link or anything on MSN. This could be related to my previous virus scare that you guys helped me with.

    Anyway, thanks again.
    -scott
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to change your password, preferably using a different computer. And do the Read and Run Instructions again to make sure there is nothing on your system.
     
  4. MaliceMizer661

    MaliceMizer661 Private E-2

    Thanks for the response.

    Just curious, why is it better to change the password on a different computer?

    How was my account hacked? (So i can prevent this from happning again.)

    What is the Read and Run?

    Sorry all the questions,

    Thank you,
    Scott
     
    Last edited: Nov 10, 2008
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Changing your account password on an infected machine will send that info to the hacker.

    This is why you need to do it on a diff. computer.....and we need to be sure your machine is not compromised:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide

    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
  6. MaliceMizer661

    MaliceMizer661 Private E-2

    I am sorry for the late response.

    I had changed my password at the school computer lab nearly a week ago. My friend told me that she still recieved a similar message from me on MSN about 4 days ago (after changing my password.) So, it is either an infection on my system, or perhaps since I am logging into my email account AT my school (?)

    Here are the MG logfiles from the Read and Run procedure (I am still not comfortable with running the Combofix procedure, as I had detailed in my last issue; I am in a foreign country and do not have my Vista installation disc. If something goes wrong during the Combofix procedure, I do not have the startup disc to recover from; and I really need my laptop to be working here, basically.)

    What do you think?

    Thank you for your help,
    Scott
     

    Attached Files:

  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You didnt attach the SAS and MBAM logs. I would like to see any that showed malware in them.

    Let's try this:
    Now go to Bitscan link: agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
     
  8. MaliceMizer661

    MaliceMizer661 Private E-2

    Sorry, how do I locate the logfiles for those programs? I thought the mglogz.zip file would automatically include all of the logs.

    Also I can not find the correct way to use the online bitdefender scanner. When I click "Online" scanner, a window pops up with only 2 choices which both involve the purchasing of a program.

    Thanks.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you using Internet Explorer? If so you should get the notice to accept the terms which will download and activex item and then start the process.

    It does not work with FireFox.

    Your logs are here:
    Code:
    C:\Users\666\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
    su56ad~1.log   2008-11-19         465  "SUPERAntiSpyware Scan Log - 11-19-2008 - 03-07-58.log"
    supera~1.log   2008-08-28         465  "SUPERAntiSpyware Scan Log - 08-28-2008 - 22-33-45.log"
    supera~2.log   2008-08-30         465  "SUPERAntiSpyware Scan Log - 08-30-2008 - 01-20-30.log"
    supera~3.log   2008-09-09         465  "SUPERAntiSpyware Scan Log - 09-09-2008 - 03-25-34.log"
    supera~4.log   2008-11-10         465  "SUPERAntiSpyware Scan Log - 11-10-2008 - 05-33-53.log"
    
    C:\Users\666\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
    mb3608~1.txt   2008-09-11         929  "mbam-log-2008-09-11 (02-50-27).txt"
    mb45c2~1.txt   2008-11-19         817  "mbam-log-2008-11-19 (06-13-57).txt"
    mbadfd~1.txt   2008-11-20         816  "mbam-log-2008-11-20 (01-52-41).txt"
    mbam-l~1.txt   2008-08-28         817  "mbam-log-08-28-2008 (23-26-16).txt"
    mbam-l~2.txt   2008-08-30         799  "mbam-log-08-30-2008 (01-25-49).txt"
    mbam-l~3.txt   2008-08-30         923  "mbam-log-08-30-2008 (02-37-00).txt"
    mbam-l~4.txt   2008-09-01         799  "mbam-log-09-01-2008 (07-24-58).txt"
    
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds