Go Back   Technibble Forums > Operating Systems > Microsoft Windows

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 05-31-2012, 07:14 PM
4ycr's Avatar
4ycr 4ycr is online now
 
Join Date: Jun 2010
Location: West Lothian, Scotland
Posts: 1,453
4ycr has a spectacular aura about4ycr has a spectacular aura about
Send a message via Skype™ to 4ycr
Default Virus has beaten me

I need help with this one.

A business client has a computer that he keeps on getting return messages in his emails and the links are to adult sites but none are on his address book just generic yahoo email addresses.

I have looked in the usual places
all users system32\drivers etc...
but none have any unusual file or folder names.

I have scanned with
AVG (was installed on pc)
TDSSKiller
hitman pro
Vipre
malwarebytes
as well as bitdefender rescue cd.

Everything came up clean except for coockies

I don't know wireshark well enough to sniff for smtp, I tried using their online help but got errors.

Anyone any ideas

OS win7 pro with AVG IS
Reply With Quote
  #2  
Old 05-31-2012, 07:16 PM
compnet compnet is offline
 
Join Date: Feb 2012
Posts: 757
compnet will become famous soon enough
Default

Is his computer infected or is his email hacked?
Reply With Quote
  #3  
Old 05-31-2012, 07:35 PM
HFultzjr HFultzjr is online now
 
Join Date: Jul 2010
Location: Central PA, USA
Posts: 807
HFultzjr will become famous soon enough
Default

If no other issues....sounds like e-mail hacked.
Did he try changing passwords?
Also change any secret question answers and other security related items.

I've seen a lot of these lately.
__________________
Harold
ACS Alternative Computer Solutions
Reply With Quote
  #4  
Old 05-31-2012, 07:37 PM
4ycr's Avatar
4ycr 4ycr is online now
 
Join Date: Jun 2010
Location: West Lothian, Scotland
Posts: 1,453
4ycr has a spectacular aura about4ycr has a spectacular aura about
Send a message via Skype™ to 4ycr
Default

it is a business email account that they are being sent through. I have been told it is only on this computer and I don't think it will have been hacked.
Reply With Quote
  #5  
Old 05-31-2012, 07:38 PM
HFultzjr HFultzjr is online now
 
Join Date: Jul 2010
Location: Central PA, USA
Posts: 807
HFultzjr will become famous soon enough
Default

Paste e-mail header in the following link.

Great for seeing where it originated.

http://www.iptrackeronline.com/email...r-analysis.php
__________________
Harold
ACS Alternative Computer Solutions
Reply With Quote
  #6  
Old 05-31-2012, 07:42 PM
HFultzjr HFultzjr is online now
 
Join Date: Jul 2010
Location: Central PA, USA
Posts: 807
HFultzjr will become famous soon enough
Default

Quote:
Originally Posted by 4ycr View Post
it is a business email account that they are being sent through. I have been told it is only on this computer and I don't think it will have been hacked.
Hi,

Any e-mail can be "hacked" (compromised)

Check the e-mail header and see where it is coming from or has been.

Use the link I've provided.

May be someone internal, ex-employee, etc.
__________________
Harold
ACS Alternative Computer Solutions
Reply With Quote
  #7  
Old 05-31-2012, 07:50 PM
ZenTree ZenTree is offline
 
Join Date: Aug 2010
Location: UK
Posts: 616
ZenTree will become famous soon enough
Default

Quote:
Originally Posted by 4ycr View Post
and I don't think it will have been hacked.
assumption is the mother of all &%*($ ups. My first gut from your post was email has been hacked and it will take all of two seconds to change the login details etc. I've dismissed things before because I've assumed it wasn't and found out many hours later that it was. If the fix for the possible cause is a quick one like this it's really not worth NOT doing it.

If you want to rule out the machine just nuke and pave to make sure, if they have the backups then it's quicker than trying to find some elusive virus. But i'd change the email password first and see how you go. IMO.
Reply With Quote
  #8  
Old 05-31-2012, 07:57 PM
nesrinamb nesrinamb is offline
 
Join Date: Jan 2011
Location: Southern California
Posts: 687
nesrinamb is on the way
Default

maybe his email just got out and is being spammed by porn companies.

Or maybe i don't exactly get the question.

look up his email in Google if you can find it then its his email that got out.
Reply With Quote
  #9  
Old 05-31-2012, 08:04 PM
iisjman07's Avatar
iisjman07 iisjman07 is offline
 
Join Date: Jul 2009
Location: South End Of The UK
Posts: 3,049
iisjman07 has a spectacular aura aboutiisjman07 has a spectacular aura about
Default

I have little experience with Bitdefender; I'd recommend running an offline scan either from a boot cd or slaving the drive. My personal favourites are kaspersky and sophos.
__________________
put that in your pipe and grep it
Reply With Quote
  #10  
Old 05-31-2012, 08:13 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is online now
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,593
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

See my other thread from a day or two ago...we've seen a TON of Yapoo accounts busted into and spamming away junk.....in just the past week or so. Including only people that use it via browser (web based)...and including a good friend of mine that is a Cisco engineer that does work for the military (so he is a security nut)...and he only runs home-spun linux distros.....so it's not getting infected from the workstation side.

I would not waste another minute of your time trying to scan his computer and find stuff...Yahoo accounts are getting busted from the inside. As they have been for years. yet another reason to not use freebie e-mail like that for business!
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:06 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.