My email account has been hacked.

[Jessie]

Emails were being sent from my computer to everyone in my contact list recommending various services and products such as a Canadian Pharmaceutical Company for Viagra, a weight loss program, a cruise line etc.

I ran full scans with both Microsoft Security Essentials and Super Anti Spyware Professional and nothing was found.

I contacted Super Anti Spyware and was told that I may have been phished and to change my password ASAP but unfortunately they don’t protect email and to contact MSE.

I contacted MSE and was told to contact MSN tech support as this was an email problem.

I have been in contact with MSN tech support and reset my password. They said that I had been infected and that there was no way of finding it and if it continued after resetting my password I may have to reformat my hard drive.

I have recently upgraded from Vista to Windows 7 and was having the problem before and after upgrade.

My questions are is there any way of finding and removing this virus/program whatever it’s called. If it has my email address is resetting my password enough or should I also change my email address. If I end up reformatting my hard drive do I use the Windows 7 disk and proceed as if I was upgrading from Windows XP.

Thanks
Jessie

 

[clifford_cooley]

My questions are is there any way of finding and removing this virus/program whatever it’s called.

You can try using various anti-malware applications. Malwarebytes is a good one to use.

If it has my email address is resetting my password enough or should I also change my email address.

This should be enough to put a stop to your problem.

If I end up reformatting my hard drive do I use the Windows 7 disk and proceed as if I was upgrading from Windows XP.

This approach will work just fine, however I would give the first two items listed here a chance before such a radical move.

 

[davehc]

I am not totally clear as to how this is manifesting, but, if you are using Live mail, have you tried right clicking the offending posts, open the item "junk mail" and "add sender to blocked senders list"

 

[TrainableMan]

I would start by downloading and running RKill to see if it can find the virus. Also once you do get rid of it, realize every back-up, every flash-drive, every CD & DVD you use should be scanned as it could be sitting there waiting to reinfect.

 

[Jessie]

Thanks for the replies.
Clifford,
I did download and try the free version of Malwarebytes and ran a full scan but nothing was found.
Dave
The emails were definitely being sent from my OH computer. We first realized we had a problem when I started receiving emails from her on my computer (we are hardwired together on a home network) and there were postings on her Facebook account not from her.
TrainableMan
Thanks for the input, I haven’t tried RKill yet I’ve been looking at the Bleeping Computer site for information on how to use RKill. I will certainly let you know how I make out.
We have reset all the passwords on both email accounts and Facebook. MSN thinks that this should do it. The alternative is to reformat the hard drives, something I don’t want to think about.
What bothers me, is this something that’s embedded on her computer if yes I sure would like to find it and kill the little bugger.

 

[Kalario]

Out of curiosity, did you receive and open an email containing "here you have" in the subject line?

 

[yodap]

Out of curiosity, did you receive and open an email containing "here you have" in the subject line?

Good question. That one is moving fast.

http://abcnews.go.com/Technology/virus-mail-spreads-online/story?id=11596433

 

[Jessie]

Kalario, Yodap I’m not sure where it originated we got an email from my brother recommending a Canadian Pharmaceutical Company.

 

[TrainableMan]

You should call him as he may be infected as well.

 

[irving]

I had the same problem. Apparently somebody guessed my password to Hotmail. I knew it was Hotmail because some of my contacts are invalid addresses and they were returned to my Hotmail account. I ran all the scans, too. I sent an email to everybody in my contact list about the phising, and then I changed my Hotmail passsword. I had never changed it in 10 years. I now plan to change it every 3 months.

 

[irving]

Oops! I now see that this thread was 4 weeks old. Sorry about the post.

 

[TrainableMan]

Good question. That one is moving fast.

http://abcnews.go.com/Technology/virus-mail-spreads-online/story?id=11596433

Yoda I don't believe that is the same virus as it sends a PDF. The one the poster mentions is sending ads to Canadian viagra and other ED medications. I can tell you from personal experience that malwarebytes could not detect nor repair the Canadian ED virus as little as one week ago. My old GF's computer was emailing me every few days for 2 weeks and she had scanned with her antivirus and with malwarebytes to no avail. I sent her an email to try RKill about a week ago and I have not heard back from her since. I don't know if she fixed it with RKill, deleted me from her contacts, or closed her email account; I just know I haven't been spammed with it since.

 

[etalmar]

We first realized we had a problem when I started receiving emails from her on my computer (we are hardwired together on a home network) and there were postings on her Facebook account not from her.

If you haven't done so already, I would recommend that you try to convince your GF to also change her Facebook password, since it seems from your explanation that her account may have been hacked as well. Then the deviant punk started sending messages to everyone on her friend's list. It is well documented on line that Facebook has been the target of numerous hack attempts this year, so unfortunately, I'm not surprised to read that it happened again.

 

[TrainableMan]

Please post back as to whether you were able to solve this and if so with what tool. There is definitely some interest in this issue and it's always good to have an update.

 

[clifford_cooley]

I changed my Hotmail passsword. I had never changed it in 10 years. I now plan to change it every 3 months.

I'm not going to worry about mine unless it becomes a problem. I don't see changing a password as making it more difficult for someone to crack. Cracking a password is something of chance. Who knows the lottery numbers could come up with the new password before the old password.

 

[etalmar]

A good rule of thumb for creating a strong password is to come up with a random combination of characters, numbers, and letters, using both upper and lower case, at least 8 to 10 characters in length, that is easy for you to remember, but difficult for a cracker to guess, using a program to scan for commonly used passwords, the most obvious (and moronic) choice being "password".

After you get into the habit of creating secure passwords, use a password management program to keep those passwords safe. There are several good ones that are freely available. Regardless of which one you choose, make sure that it encrypts your password as it is being transferred, in order to avoid having it captured by a keystroke logger.

Second rule of internet safety is never keep any personal data (bank account, credit card info, driver's license, SS#, etc.) in any online email account, regardless of how well you think that you have protected said account. With any account password, there is always the risk that it can be hacked, so don't leave your personal data open for the world to see online and you'll drastically reduce your risk of falling victim to identity theft.

Third and most important - never provide your username and password for any account, regardless of the content of the email you receive - even if that content looks legitimate. It is very easy for a competent scammer to copy company logos and create fake login pages that appear to be authentic. This practice of creating fake login pages is known as "phishing", where the person is trying to get you to unknowingly provide your username and password to an account, which gives them complete access to your account from thereon, especially since they'll immediately change the password and prevent you from logging back into your account.

If you need to contact your email account support, your bank, etc., always do so without including your password, as they will never ask you for it. Also, never click on any link in any email unless you are absolutely certain where and whom it came from. When in doubt, throw it out.

Remember .. a little understanding and caution will go a long way in helping to keep your information away from those who would use it to their advantage.

 

[TrainableMan]

I doubt seriously anyone "guessed" these passwords. I believe it is more likely the individuals opened an email containing a script or had some toolbar/code installed to their browser so that with their email client open it sent mail to their contacts. No password cracking needed - they do all the work themselves by opening email links or installing unknown addons.

 

[etalmar]

Yes, of course, TM. I wasn't referring to the specific phishing incident that occurred, but rather, trying to offer basic advice about how to create, store, and use a secure password, as well as manage personal information in general.

 

[irving]

I doubt seriously anyone "guessed" these passwords. I believe it is more likely the individuals opened an email containing a script or had some toolbar/code installed to their browser so that with their email client open it sent mail to their contacts. No password cracking needed - they do all the work themselves by opening email links or installing unknown addons.

Perhaps, but after I changed my password, I received an email in Hotmail purportedly from the Hotmail something-or-other asking me some info regarding my password. This email was in red. I really didn't bother reading it very carefully as it obviously was a trick to disclose my new password. I really think someone guessed it because I used that password as a user name on some web forums. Actually, when I was visiting a web forum, just before this happened, I received a strange message in a block asking me if I wanted Windows to prevent recurring keys from occurring. Not thinking, I clicked Yes. After I did so, I could not type anything for 15 seconds, and I heard the seconds ticking away. The message said that would happen. When the time was up, I was able to type again. Is there an enabling mechanism to prevent repetitive keystrokes? I tested it by typing repetitive keystrokes, but the strokes appeared. I think somehow somebody used that time to steal my contacts. The user name on that forum was the same that I used for the Hotmail password.

 

[TrainableMan]

Is there an enabling mechanism to prevent repetitive keystrokes? I tested it by typing repetitive keystrokes, but the strokes appeared.

Yes there is a delay setting to prevent doubling up letters if you hold the key. You can go to Control Panel \ Keyboard to adjust the timing.

I think somehow somebody used that time to steal my contacts. The user name on that forum was the same that I used for the Hotmail password.

If it came from W7 it was real (for example, unless it's been disabled, try pressing and holding the shift key for 6 seconds). But if it was within your browser from a website then it was a script, potentially malicious. Again this would be you running a script, it may very well have installed a "key logger" on your machine - no guessing would be needed, it watches your key strokes and can transmit them to its' master.

I suggest you update your anti-virus and run a complete scan, also run malwarebytes, and it wouldn't hurt to run RKill as well.