Virus has beaten me

[4ycr]

I need help with this one.

A business client has a computer that he keeps on getting return messages in his emails and the links are to adult sites but none are on his address book just generic yahoo email addresses.

I have looked in the usual places
all users system32\drivers etc...
but none have any unusual file or folder names.

I have scanned with
AVG (was installed on pc)
TDSSKiller
hitman pro
Vipre
malwarebytes
as well as bitdefender rescue cd.

Everything came up clean except for coockies

I don't know wireshark well enough to sniff for smtp, I tried using their online help but got errors.

Anyone any ideas

OS win7 pro with AVG IS

[compnet]

Is his computer infected or is his email hacked?

[HFultzjr]

If no other issues....sounds like e-mail hacked.
Did he try changing passwords?
Also change any secret question answers and other security related items.

I've seen a lot of these lately.

[4ycr]

it is a business email account that they are being sent through. I have been told it is only on this computer and I don't think it will have been hacked.

[HFultzjr]

Paste e-mail header in the following link.

Great for seeing where it originated.

http://www.iptrackeronline.com/email...r-analysis.php

[HFultzjr]

Quote:

Originally Posted by 4ycr

it is a business email account that they are being sent through. I have been told it is only on this computer and I don't think it will have been hacked.

Hi,

Any e-mail can be "hacked" (compromised)

Check the e-mail header and see where it is coming from or has been.

Use the link I've provided.

May be someone internal, ex-employee, etc.

[ZenTree]

Quote:

Originally Posted by 4ycr

and I don't think it will have been hacked.

assumption is the mother of all &%*($£ ups. My first gut from your post was email has been hacked and it will take all of two seconds to change the login details etc. I've dismissed things before because I've assumed it wasn't and found out many hours later that it was. If the fix for the possible cause is a quick one like this it's really not worth NOT doing it.

If you want to rule out the machine just nuke and pave to make sure, if they have the backups then it's quicker than trying to find some elusive virus. But i'd change the email password first and see how you go. IMO.

[nesrinamb]

maybe his email just got out and is being spammed by porn companies.

Or maybe i don't exactly get the question.

look up his email in Google if you can find it then its his email that got out.

[iisjman07]

I have little experience with Bitdefender; I'd recommend running an offline scan either from a boot cd or slaving the drive. My personal favourites are kaspersky and sophos.

[YeOldeStonecat]

See my other thread from a day or two ago...we've seen a TON of Yapoo accounts busted into and spamming away junk.....in just the past week or so. Including only people that use it via browser (web based)...and including a good friend of mine that is a Cisco engineer that does work for the military (so he is a security nut)...and he only runs home-spun linux distros.....so it's not getting infected from the workstation side.

I would not waste another minute of your time trying to scan his computer and find stuff...Yahoo accounts are getting busted from the inside. As they have been for years. yet another reason to not use freebie e-mail like that for business!