Email "One of my friends bought an iphone from a website..."

Status
Not open for further replies.

SaucyDee

Posts: 18   +0
Hi

I have searched google but cannot find a fix for this.

I previously had a problem with google redirection after searching, I have fixed that but now have an issue where first my gmail account and most recently my husbands hotmail account are sending out the message below to our entire contacts.

<DIV>Hello,<BR>
One of my friends bought an iphone from a website:&nbsp; <A
href="http://www.trade-lc.com">www.trade-lc.com</A><BR>
He has got the phone, its quality is very good. And the website is
promoting their products these days, so they have very good price and
big discount now. This website also sells tv,motor,laptop and so on.
The promotion will keep 30 days . if you need, please have a look at
the website. I am sure you will get much surprise. <BR>
Never forget to share good things with us!<BR>
Greetings!
</DIV>

I have done the following
Run Spybot - It found a couple of threats which I cleaned.
Run Malwarebytes Anti Malware and that was clean.
Run AVG and it found no threats

I hope someone can help me fix this!

D
 
Attached is the Antimalware log. I have run removed the items and am running it again to check they are gone. I have also run CCleaner and am following the 8 steps again. I followed this yesterday.
 

Attachments

  • mbam-log-2009-08-28 (09-24-54).txt
    1 KB · Views: 7
i also forgot to add that the last two days the laptop has shut down unexpectedly during the day. Where can I find the logs to post? Used to know my way around NT and 2000 but not sure on Vista where I can find these logs. What subsection are they in in Eventviewer?
 
I saved the logs before any action was taken. The scan is running right now but is taking just over an hour to finish so will post that log when finished.
 
You can find it in the event viewer under system. (this is in XP, I haven't worked much with Vista, it should be similar.
 
Ok, so as I said I run the Malware bytes overnight and posted the log this morning. The three problems it found couldn't be deleted until reboot so I told it to clean on reboot then run it again and the same things came up! I looked in the destination it specified and the folder doesn't exist. I have hidden files and folders shown.

I can't attach the log as after selecting to clean it didn't give me the option to save it, too kme back to the scan page.

Running superantispyware now.
 
Regarding the unpexected shutdown, all it says is

The previous system shutdown at 5:41:38 AM on 8/27/2009 was unexpected.

There are two of these. Can't attach the .dmp file as it isn't in the location it says it should be.
 
The files are probably there, you may not be able to see them if you can't see system files.
Check your preferences or if you're logged in as Administrator.
 
You have a severe trojan infection. In fact your PC may be part of a "Botnet". The Email repeating action is evidence of that. The emails your PC is sending out on it's own, may be poisoned with malware as well. Pray your contacts don't click on them.

In any event, some of these infections can be cured, but some require a reformat and reinstall of the OS.

My suggestion is, if you can't get this problem solved rather quickly, then reformat.

We don't have enough malware helpers here at the present time, which is going to impede the exact diagnosis of which trojan or worm is involved.

I also suggest downloading and running the Microsoft "Malicious Software Removal Tool".

Download this from a different computer. Also, get it from the M$ download page, NOT M$ update. From the download page it is a free standing tool, which could be run or copied from a flash drive. Once the flash drive is connected to your system however, it MUST be REFORMATED, before using it anywhere else! The absolute best approach would be to burn it to CD-R, and not use a flash drive.
 
Have you tried running the "Hijack This" and "Super Anti-Spyware" programs. HJT won't fix anything, but it may give us an idea of what is running on your machine that isn't supposed to be.

System files are normally hidden. Logged on as an administrator, right click on "Computer" > then "Properties", I think then it's settings tab, and check "show hidden files".

I've never tried this in Vista yet, but the file path is similar to XP.

Sorry the M$ removal tool didn't help. some of these things are really hidden.

I can't imagine any other reason besides an infection that would distribute an Email you didn't author to your entire contact list.
 
Super antispyware is running now so should finish overnight. Will post any logs from that in the morning.

Will download Hijack This tomorrow and post those too after running.

Thanks to everyone who has suggested things to try so far! Appreciate the help. I'm away from home right now so don't want to reinstall until i can get everything backed up.
 
HJT won't fix anything

Actually it does Cap, if you analyse the file here, and then match the errors with the entries on the log screen, click on fix checked, and that's all there is to it.
But be careful Saucy, you need to make sure you are aware of what you modify, the lines must match 100% or you could create more problems.
 
I just had a random thought. Oh sure, there are those that would say all my thoughts are random.Normally I'd agree, but this Email issue sounds like it might be related to Facebook, there are plenty of problems being generated there nowadays
 
But it's spoofing my email address and sending it to all my gmail contacts and spoofing my husbands address and sending it to all his hotmail contacts?
 
Before this thread gets too long, just run your 8-steps, and post all the logs. Clean or not. Your malware log has 3 'big ones', but it also shows no action taken. So start the 8-steps from the beginning, posst your logs, and we'll do our best to assist you;)
 
Before this thread gets too long, just run your 8-steps, and post all the logs. Clean or not. Your malware log has 3 'big ones', but it also shows no action taken. So start the 8-steps from the beginning, post your logs, and we'll do our best to assist you;)
 
Hi. I have the same issue as SaucyDee. I followed all the steps outlined above, including the 8-steps, M$ malicious file download, S&D scan and a full McAfee system scan. The M$, S&D and McAfee scans came up clean. The current thread does not come to a final resolution and I would appreciate help to know if the problem has been solved. Attached are my log files.
 
Well if all else fails you can always reformat your computer.

Also when i read the email being sent i laughed because it sounds like it was written by someone who doesn't know english.
 
Status
Not open for further replies.
Back