TechSpot

Email "One of my friends bought an iphone from a website..."

By SaucyDee
Aug 27, 2009
  1. Hi

    I have searched google but cannot find a fix for this.

    I previously had a problem with google redirection after searching, I have fixed that but now have an issue where first my gmail account and most recently my husbands hotmail account are sending out the message below to our entire contacts.

    <DIV>Hello,<BR>
    One of my friends bought an iphone from a website:&nbsp; <A
    href="http://www.trade-lc.com">www.trade-lc.com</A><BR>
    He has got the phone, its quality is very good. And the website is
    promoting their products these days, so they have very good price and
    big discount now. This website also sells tv,motor,laptop and so on.
    The promotion will keep 30 days . if you need, please have a look at
    the website. I am sure you will get much surprise. <BR>
    Never forget to share good things with us!<BR>
    Greetings!
    </DIV>

    I have done the following
    Run Spybot - It found a couple of threats which I cleaned.
    Run Malwarebytes Anti Malware and that was clean.
    Run AVG and it found no threats

    I hope someone can help me fix this!

    D
     
  2. strategic

    strategic TechSpot Paladin Posts: 1,020

    Try running Advanced System Care
    and also Super Anti Spyware
    You should also post logs from Super Anti Spyware and Malware Bytes so somebody can review them.
    Maybe you could also just do the 8-step virus removal procedure found on this forum, it normally does a good job solving this.;)
     
  3. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Attached is the Antimalware log. I have run removed the items and am running it again to check they are gone. I have also run CCleaner and am following the 8 steps again. I followed this yesterday.
     

    Attached Files:

  4. strategic

    strategic TechSpot Paladin Posts: 1,020

    Your log shows "no action taken" you need to select all the infections to repair :)
     
  5. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    i also forgot to add that the last two days the laptop has shut down unexpectedly during the day. Where can I find the logs to post? Used to know my way around NT and 2000 but not sure on Vista where I can find these logs. What subsection are they in in Eventviewer?
     
  6. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    I saved the logs before any action was taken. The scan is running right now but is taking just over an hour to finish so will post that log when finished.
     
  7. strategic

    strategic TechSpot Paladin Posts: 1,020

    You can find it in the event viewer under system. (this is in XP, I haven't worked much with Vista, it should be similar.
     
  8. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Ok, so as I said I run the Malware bytes overnight and posted the log this morning. The three problems it found couldn't be deleted until reboot so I told it to clean on reboot then run it again and the same things came up! I looked in the destination it specified and the folder doesn't exist. I have hidden files and folders shown.

    I can't attach the log as after selecting to clean it didn't give me the option to save it, too kme back to the scan page.

    Running superantispyware now.
     
  9. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Regarding the unpexected shutdown, all it says is

    The previous system shutdown at 5:41:38 AM on 8/27/2009 was unexpected.

    There are two of these. Can't attach the .dmp file as it isn't in the location it says it should be.
     
  10. strategic

    strategic TechSpot Paladin Posts: 1,020

    The files are probably there, you may not be able to see them if you can't see system files.
    Check your preferences or if you're logged in as Administrator.
     
  11. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    You have a severe trojan infection. In fact your PC may be part of a "Botnet". The Email repeating action is evidence of that. The emails your PC is sending out on it's own, may be poisoned with malware as well. Pray your contacts don't click on them.

    In any event, some of these infections can be cured, but some require a reformat and reinstall of the OS.

    My suggestion is, if you can't get this problem solved rather quickly, then reformat.

    We don't have enough malware helpers here at the present time, which is going to impede the exact diagnosis of which trojan or worm is involved.

    I also suggest downloading and running the Microsoft "Malicious Software Removal Tool".

    Download this from a different computer. Also, get it from the M$ download page, NOT M$ update. From the download page it is a free standing tool, which could be run or copied from a flash drive. Once the flash drive is connected to your system however, it MUST be REFORMATED, before using it anywhere else! The absolute best approach would be to burn it to CD-R, and not use a flash drive.
     
  12. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    So the Microsfot malicious Software tool reported no infections.
     
  13. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Have you tried running the "Hijack This" and "Super Anti-Spyware" programs. HJT won't fix anything, but it may give us an idea of what is running on your machine that isn't supposed to be.

    System files are normally hidden. Logged on as an administrator, right click on "Computer" > then "Properties", I think then it's settings tab, and check "show hidden files".

    I've never tried this in Vista yet, but the file path is similar to XP.

    Sorry the M$ removal tool didn't help. some of these things are really hidden.

    I can't imagine any other reason besides an infection that would distribute an Email you didn't author to your entire contact list.
     
  14. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Super antispyware is running now so should finish overnight. Will post any logs from that in the morning.

    Will download Hijack This tomorrow and post those too after running.

    Thanks to everyone who has suggested things to try so far! Appreciate the help. I'm away from home right now so don't want to reinstall until i can get everything backed up.
     
  15. strategic

    strategic TechSpot Paladin Posts: 1,020

    Actually it does Cap, if you analyse the file here, and then match the errors with the entries on the log screen, click on fix checked, and that's all there is to it.
    But be careful Saucy, you need to make sure you are aware of what you modify, the lines must match 100% or you could create more problems.
     
  16. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    I just had a random thought. Oh sure, there are those that would say all my thoughts are random.Normally I'd agree, but this Email issue sounds like it might be related to Facebook, there are plenty of problems being generated there nowadays
     
  17. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    But it's spoofing my email address and sending it to all my gmail contacts and spoofing my husbands address and sending it to all his hotmail contacts?
     
  18. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

  19. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Will do, thanks!
     
  20. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Super anti spyware came back clean. Downloading Hijack This now.
     
  21. SaucyDee

    SaucyDee TS Rookie Topic Starter Posts: 18

    Here's the Hijack This log
     
  22. strategic

    strategic TechSpot Paladin Posts: 1,020

    Before this thread gets too long, just run your 8-steps, and post all the logs. Clean or not. Your malware log has 3 'big ones', but it also shows no action taken. So start the 8-steps from the beginning, posst your logs, and we'll do our best to assist you;)
     
  23. strategic

    strategic TechSpot Paladin Posts: 1,020

    Before this thread gets too long, just run your 8-steps, and post all the logs. Clean or not. Your malware log has 3 'big ones', but it also shows no action taken. So start the 8-steps from the beginning, post your logs, and we'll do our best to assist you;)
     
  24. sinned77

    sinned77 TS Rookie

    Hi. I have the same issue as SaucyDee. I followed all the steps outlined above, including the 8-steps, M$ malicious file download, S&D scan and a full McAfee system scan. The M$, S&D and McAfee scans came up clean. The current thread does not come to a final resolution and I would appreciate help to know if the problem has been solved. Attached are my log files.
     
  25. matt9801

    matt9801 TS Rookie

    Well if all else fails you can always reformat your computer.

    Also when i read the email being sent i laughed because it sounds like it was written by someone who doesn't know english.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...