Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Post Here for Malware Removal ... / Re: So tired of what ever is messin up my system
« Last post by kevinf80 on October 29, 2014, 02:31:00 am »
Hello briannab1369 and welcome to SpywareHammer,

Please read the instructions at the following link: [NEW Instructions!] What Do I Do First?

Post the requested logs in your next reply in this thread....

Regards,

kevinf80..
12
Post Here for Malware Removal ... / So tired of what ever is messin up my system
« Last post by briannab1369 on October 29, 2014, 12:37:18 am »
Ok.. I could really use some help here.. Been battling something for at least a year and really having a tough time finding someone to help me.. I am failing miserably on my own.. Just cleaned 7 infections with eset online but laptop still 1 big SNAFU
13
Post Here for Malware Removal ... / Re: [In Progress] Hotmail repeatedly hijacked
« Last post by Hoov on October 28, 2014, 01:57:22 pm »
OK, try this.

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now run Ccleaner, and make sure to remove all the cookies on your computer.

Now try resetting one of the e-mail accounts and see if you can continue to logon and use it. Once you know one way or the other, run msconfig again and select Normal Startup and then click apply then all and reboot the computer. Let me know how it went.
14
No the browser makes no difference.  I have tried Firefox, Chrome, IE and Opera.
15
Sorry.  I didn't see this because I've been busy and haven't had a chance to borrow another computer to try to boot Kaspersky.

But, I only have these two computers, both the same model (s230u) but this one a little newer (more memory, better processor).  They both have the problems and are both on 'this network.'  Since you mentioned it, at home there are other computers (a laptop and a desktop) neither of which have been having problems, and at the University there are ... probably thousands of computers, and the tech support didn't seem to have seen the problem before.  I've had these problems both at home and at the University.  And also eduroam, though I'm not sure which network is which half the time, because my computer feels the need to switch between them randomly.
16
Post Here for Malware Removal ... / Re: [In Progress] Hotmail repeatedly hijacked
« Last post by Hoov on October 28, 2014, 10:22:55 am »
If you use a different browser can you go thru the verification and send emails?
17
If I log out and log in again I type in my password and then the page below comes up saying my account has been blocked and I can go no further.  It requests a phone number, If I go through with this it sends a code and you put in the code to get back into the account and it just gets blocked again.  Something on my machine is invisibly joining in on my email sessions and I am going crazy trying to work out what it is!
18
My main email account got blocked when my PC was first infected.  I can put my username and password in and a screen comes up that says 'we have temporarily blocked your account'.  I cannot access my inbox at all or send messages.  To try to test if there was an infection, I created several new clean hotmail/outlook accounts.  If I create a test account on a clean PC, there are no problems with using the new account.  As soon as I log in to a clean test account from the infected PC, that account gets blocked.  Any attempt to access hotmail with any account using the infected computer results in immediate account block.  I have tried creating a new windows user on the infected pc and logging in from there, but the virus is still triggering the account to be blocked.  When I used a clean HDD so that the PC was not infected, my latest test account did not get blocked.  Therefore, hotmail have not blacklisted my IP address.  I can also log in to a clean test account using thunderbird even on the infected PC without the account being blocked.  Accounts that have already been blocked cannot log in with thunderbird.

I set up wireshark to monitor all network activity.  I then logged into hotmail on the infected PC using a clean test account and wrote down every IP address that was being connected to.  I then googled every IP address to see if they were legitimate.  They were all normal e.g. microsoft owned or akamai, etc.  That seems to rule out a key logger sending my keystrokes to an unauthorised machine.

My hypothesis is that there might be some malware that waits for me to start a session with outlook/hotmail using my web browser and as soon as I log myself in, it takes control of the account and tries to send spam as if it is me doing it through my session.  This way there is no need for the virus to connect with the hacker's computer, it can work all by itself.  The malware only gets in to my email when I use a web browser.  I have tried other browsers but it does not help.

Could it be something to do with java?  I disabled updates to preserve the state of the computer incase it helped locate the infection but I could try updating java.  Also, are there any other settings I could change on my browser?  Is there any way to monitor processes that might hijack my browser?  If I could monitor java processes during my log in, maybe that would identify the problem?

Below I have copied some screenshots of what happens as the account gets hacked.  Continued on next reply (4 pics limit)
So, I log in to the clean account and click new message.  I compose the message and press send.   Instead of sending the message, the bar shows 'please verify your account'.  I have to do a captcha and after, it takes me back to the message I am composing.  The next time I press send, the account gets  blocked.
19
Post Here for Malware Removal ... / Re: [In Progress] Hotmail repeatedly hijacked
« Last post by Hoov on October 27, 2014, 06:24:01 pm »
You say your e-mail is still blocked? Are you meaning that you cannot login to it? Or you cannot send or receive email?
20
I ran the new Avira CD and it was different to the other one and worked this time.  I scanned and it detected some viruses but I do not think they are the culprit.  Is there anything else that can be tried?  The logs are below:


Avira
Rescue System
Scan Report
Start: 18:53:47    End: 20:17:30
Detections:    2
Files treated:    2
Files scanned:    211527
Engine version:    8.3.24.40
VDF version:    7.11.181.158
Scan status:    Finished
Update Report
Update finished successfully!Updated files:
vbase031.vdf 7.11.181.132 -> 7.11.181.158
aevdf.dat 7.11.181.132 -> 7.11.181.158
Update finished successfully
Details
Detection:    /target/C:/users/user1/appdata/roaming/thunderbird/profiles/pve7kfs0.default/imapmail/imap.gmx.com/inbox
Virus name:    TR/Crypt.Xpack.66273    file renamed
Virus Type:    trojan    
Detection:    /target/C:/users/user1/appdata/roaming/thunderbird/profiles/pve7kfs0.default/mail/pop.gmx.com/inbox
Virus name:    TR/Crypt.Xpack.66273    file renamed
Virus Type:    trojan



Avira
Rescue System
Scan Report
Start: 20:39:23    End: 21:28:14
Detections:    1
Files treated:    1
Files scanned:    145757
Engine version:    8.3.24.40
VDF version:    7.11.181.186
Scan status:    Finished
Update Report
Update finished successfully!Updated files:
vbase022.vdf 7.11.181.62 -> 7.11.181.163
vbase023.vdf 7.11.181.63 -> 7.11.181.164
vbase024.vdf 7.11.181.64 -> 7.11.181.165
vbase025.vdf 7.11.181.65 -> 7.11.181.166
vbase026.vdf 7.11.181.66 -> 7.11.181.167
vbase027.vdf 7.11.181.67 -> 7.11.181.168
vbase028.vdf 7.11.181.68 -> 7.11.181.169
vbase029.vdf 7.11.181.69 -> 7.11.181.170
vbase030.vdf 7.11.181.70 -> 7.11.181.171
vbase031.vdf 7.11.181.158 -> 7.11.181.186
aevdf.dat 7.11.181.158 -> 7.11.181.186
Update finished successfully
Details
Detection:    /target/H:/adata hd710/manualbackup140313/users/downloads/adlsoft_uncompressor_v2_3.exe
Virus name:    ADWARE/InstallCore.Gen    file renamed
Virus Type:    virus
Pages: 1 [2] 3 4 ... 10