virus sends emails and messages from my account

uriel556 · Oct 17, 2010

Hi
I wasn't sure whether or not to post this in the email section or here but lately a few people on my contact list on gmail have been getting emails from me that I never sent like:

omg well whats up
well hi its been forever since ive heard from you I spotted this on the tv Hosting24.com you must take charge of your life do not keep putting this off trust me everybody will be jealous.

I also received similar messages from my friends on messenger.

A scan with bitdefender says there is nothing wrong and I am not sure if it is a virus on my laptop or if it is on my friends laptop.

Can anyone help? I am mortified that this thing may be sending emails to people I work with.

djch129 · Oct 17, 2010

uriel556 said:
Hi
I wasn't sure whether or not to post this in the email section or here but lately a few people on my contact list on gmail have been getting emails from me that I never sent like:

omg well whats up
well hi its been forever since ive heard from you I spotted this on the tv Hosting24.com you must take charge of your life do not keep putting this off trust me everybody will be jealous.

Click to expand...

I also received similar messages from my friends on messenger.

A scan with bitdefender says there is nothing wrong and I not sure if it is a virus on my laptop or if it is on my friends laptop.

Can anyone help? I am mortified that this thing may be sending emails to people work with.

Since you AV scan came up empty, perhaps the next move is to call your ISP and tell them you want a new e-mail address and new password.
Then change your e-mail account settings with the new info.
There will be this hassle of informing your contacts of your new address. I don't see any other alternative.

Lorien · Oct 18, 2010

Are you using IE to access gmail or are you using an e-mail program (if so, what name and version)?

Before you go through the hassle of changing email accounts - though you certainly should at the very least immediately change your password and any additional security information used to confirm it is really you - (which can be quite a bother but may, in the end, be necessary anyway especially if your current address is now "out there" being used by someone else or perhaps even some automated program), let's first do a much more thorough scan of your system for any type of malware infection. Besides, if your system is infected, changing addresses may do no good as they may learn the new one as soon as you add it - so before changing addresses let's make sure that it can't happen again (if that's how it happened in the first place).

Try to run anti-malware programs (in safe mode with networking if necessary). To fix this problem (if it is a problem) download, install, and run the following two programs: http://www.malwarebytes.org/mbam.php and http://www.safer-networking.org/en/index.html. You may also want to try the new, free Microsoft Security Essentials http://www.softpedia.com/progDownload/Microsoft-Security-Essentials-Download-131683.html (with the caveat that only ONE AV program can be installed and running on your system at any one time). Use removal tools when appropriate http://www.raymond.cc/blog/archives/2009/05/05/comprehensive-list-of-uninstallers-or-removal-tools-for-antivirus-software/. You may also want to try the free Avira at: http://www.free-av.com/ and Avast at: http://www.avast.com/index. Reboot after completing all the scans. You may also want to try the free OneCare at http://onecare.live.com/site/en-us/center/whatsnew.htm and let it run all the options (except the registry cleaner) because that’s good maintenance (it will take some time to complete but can be done in the background). When done and after removing the last program installed, either re-install your old AV program or one of those you tried which you may prefer. I use and recommend MSE.

I hope this helps. Please keep me posted. I'd like to know if any of these scans turned up anything - even if it was cleaned (give me the names of what was found and deleted). Then we can decide if we need to call in assistance from a malware removal expert or if your system is basically clean. And then we can see where to go from there - probably what djcp129 suggested in the first place unless we do find and eradicate the problem.

Good luck!

uriel556 · Oct 18, 2010

Lorien said:
Are you using IE to access gmail or are you using an e-mail program (if so, what name and version)?

I use google chrome but I just asked my sisters and they say they only get those emails from my old hotmail account that just imports to my gmail account.

When I tired to access the hotmail account my password wasn't working :sarc:

... so I had it reset ... a bit of a hassle since they just sent the new password back to the account I can't access.....

but anyhoo I will still run the scans, I had actually begun the "ultimate malware removal guide" on this forum and super antispyware found a few hundred .... so should i still run the malwarebytes scan??

Lorien · Oct 19, 2010

Absolutely, and all the others given what you just said - especially since you found so many (if it's still installed and has a log or report, please save a copy of it to the desktop to attach to your next reply). SuperAntiSpyware only addresses spyware and adware - it does not address viruses and worms and trojans and other malware - and that's what I'm most concerned about. The others do. It sounds as if you are massively infected. In fact, I'd like you to add Hijack This HijackThis - Trend Micro USA (the full release, not the beta) to the list (and do it right after Malwarebytes). Although it does not really clean they system, it is very good at detecting infections. Under the circumstances, given so much infection and possibly more yet to be revealed, I may ask our malware removal security expert to take a look and offer advice to get you system completely clean as even this may not be enough (but she will do a thorough job using special tools I'm not qualified to use).

Your password to your hotmail account wasn't working probably because whoever hijacked it changed it to something else. By changing it, it may stop him at least temporarily. Are you saying they sent the new password to the account where you told them your password didn't work? That makes absolutely no sense. How do they expect you to get it? Call them back and have them send it to an account you can access, even if you need to create a new one just for that purpose (perhaps a free yahoo account or another hotmail account using somewhat fictitious information so it won't flag as a duplicate account).

If this old hotmail account is just there to get e-mails from people who you forgot to notify about your new gmail address and is essentially inactive and all these messages are coming from it, then I suggest you consider one final check of anyone you know still using that address and notify them of the new address with your gmail account and then close that hotmail account for good.

When this is done, considering how much you were infected (and we're not sure we have everything yet), I would strongly suggest changing products. I recommend you switch to the free Microsoft Security Essentials (one you will be using so you may want to move that one to the last one so you don't have to uninstall it) for real-time AS/AV/AM protection, plus update and scan with SuperAntiSpyware and Malwarebytes ever 2-3 weeks to catch anything MSE may have missed. That's how I protect my own system and while I've been attacked many times, I've never been successfully infected to the point where it could not be removed without causing any harm. And they're all free. Plus MSE uses less system resources than most of the others and updates through Windows Update so you don't have to do it manually.

But PLEASE do ALL of the scans even if it is a hassle and a bother and takes time (and even if the first couple come up clean) since we KNOW you've been severely infected already, so there's a very good chance there's more to be found. No one product is good enough to find everything, so we need to use several to be more sure we've caught and removed everything. When done and you've posted the logs, if they show anything, I'll ask our expert to examine them to see if anything else is required. And then we'll check your files to see if the infections caused any damage we need to repair - that sometimes happens even if the malware is removed.

While you're doing these scans (you can still use the computer while they run in the background), try to deal with anyone you want to stay in contact with still using that old hotmail account (in fact, they are at risk right now because whoever may be using your account may attempt to infect your friends as well) and then close it out for good. That may solve the false email problem. And this malware removal process should keep it from happening again (assuming the information was obtained from your computer and not from hotmail itself - but you can only deal with protecting your own computer so that's what you should focus on).

I hope this helps. I know doing all those installs and removals and running all those scans and removals and saving the logs is a bother, but we want to deal with this problem once and for all so it is crucial to do it right. I can't emphasize that enough.

Good luck!

uriel556 · Oct 19, 2010

lol it is not a problem for me to run scans thanks for telling me which ones to run. I attached the superantispyware log.

I have contacted hotmail and they said they will review my situation (had to prove I was the owner of the account etc,) I am not sure if I will delete the account though... since I really like using messenger.

Lorien · Oct 19, 2010

You need to use SuperAntiSpyware to delete these 644 spyware cookies. Then run another scan to make sure it is clean.

Thanks for the update and keep me posted.

Good luck!

niemiro · Oct 19, 2010

uriel556 said:
lol it is not a problem for me to run scans thanks for telling me which ones to run. I attached the superantispyware log.

I have contacted hotmail and they said they will review my situation (had to prove I was the owner of the account etc,) I am not sure if I will delete the account though... since I really like using messenger.

Those are nothing particularly dangerous, however, they do show us that you may visit some high risk websites. I think that it would be worth having a deeper look soon under a security professional. I am sure she will come online soon.

uriel556 · Oct 20, 2010

ok so I have run the malware bytes and spybot scan. The first only found one infected file and spybot (as far as I can tell) only found cookies.

I have attached the log files for both. There are two files for the spybot log.... I don't know why but when I went into the folder there were two, one titles checks and the other fixes.

Everything is going well except that I am having trouble running hijack-this. It keeps giving me an error message that it cannot access the host files and the restart the scan as the administrator.... but when I right click there is no option for me to run it as the administrator (I am the only one who uses the laptop and I do have administrative rights)

I've attached images of what I am seeing... so hopefully someone can help

niemiro · Oct 20, 2010

Just OK through the message. It will only become a problem if the Hosts file has been hijacked, which it may not have done, and even then it is a simple fix.

virus sends emails and messages from my account

uriel556

My Computer

System One

djch129

Banned

My Computer

System One

Lorien

Account Suspended

My Computer

System One

uriel556

My Computer

System One

Lorien

Account Suspended

My Computer

System One

uriel556

Attachments

My Computer

System One

Lorien

Account Suspended

My Computer

System One

niemiro

Banned

My Computer

System One

uriel556

Attachments

My Computer

System One

niemiro

Banned

My Computer

System One