I know that anything MSN related is gonna get slated, but up until this week I haven't had any issues with spam on my hotmail accounts. This week though it has set me as "away on vacation" and keeps spamming other peoples accounts with crap. I opened up my mail yesterday to find about 50 messages from hotmail postmaster saying my mail was not sent.....well I didn't send any mail.

The mail it seems to be sending or forwarding is not one I have ever received myself and is some spanish/portugese type language. So i don't understand how it is doing it. I have all my settings to the highest security level, ie to only recieve mail from people in my contacts or those I have said are safe.

I double checked all my settings the day before yesterday and when I went to look last night it had changed the settings back as me being on vacation..... arghhhh!!!

I have anti virus etc set up and have done a scan and don't seem to be have any viruses or trojans etc.
Anyone have any clue how I can sort this out? and please don't just tell me to dump hotmail.....as I have used it for the last 6 years or so with no issues like this, so it isn't common for me despite the issues I know other people get with it.

I don't know if this is related but 3 days ago my homepage was reset to be msn and not firefox as i normally use. I had a right fuck about trying to reset it too.
I also had a very suspect email claiming to be from WOW/blizzard asking for my sons account details and it was just some phishing scam and ignored, reported and deleted.

Thanks for any help!

EO.

PS sorry to anyone who may be in my email contacts and has been spammed by my account.

edit to add.... most of the returned mails seem to be to people that are not in my contacts.

sounds as if your machine has been "hijacked"? people controlling your machine via remote server?

hope i'm wrong, dont mean to scaremonger but it sounds very strange

Change MSN password....

problem solved

Thanks for the replies guys, have already changed my password yesterday and it sent more last night after the change. Having just had another look, I did get a spammy email from someone in my contacts, one of those ones that forwards it to all their contacts type thing.... but the one that my account seems to be sending is not the same as that it's not even in the same language.

If someone had hijacked my machine from a remote server why bother just spamming people unknown to me with mails? Surely my bank account or other things would have been targetted too? Which it hasn't.

hmmm didnt think of that, yeah i suppose it's more likely that somebody has hacked the password. i guess the account could set the homepage but what about changing the browser?

spammers hijack unwary pc's and use them to send spam emails.

have a look at http://news.bbc.co.uk/1/hi/programmes/clic...ine/7938503.stm

e2a in the full-length version of the above video it suggests regularly updating any available fixes to the operating system of your machine, this makes it harder for spammers to take over you machine

Its happened to me loads ...
I do alot of music work on my pc so I need it clean as a whistle!
At first I virus checked with ever known virus checker under the fuckin sun..
Formatted comp many times.....

read up on net ...

changed password and alls sweet..
Never open any emails you don't know .. you jusy highlight them and click : Phishing scam..
never click on any links from friends unless you know what it is ...
There are loads of these fuckin little things going about at the mo..
The're a minor annoyance.

Cheers for that info

It doesn't seem to still be doing it ...well in the last couple of hours anyway. Out of interest all the recipients that are bouncing back start with the letter "c" and don't seem to be uk recipients.

The title of the mail it is sending is "Estimado amigo,"

Cheers, I do have my updates set to be done automatically. But as it's a windows OS (vista) I guess it is to be expected that it has some holes in it.

Maybe you had a weak Hotmail password, and a spammer just guessed/brute-forced it - that's why, when you change it, you should change it to something non-easily guessable, a non-dictionary word, something with numbers and punctuation marks in it. (and I *don't* mean changing it to 'passw0rd1' )

¿Have you made sure that you're using a decent (and also up-to-date) anti-malware solution(s) on your PC? And by that, I don't mean Norton, McAfee or DrSolomon's or any of those shite ones.

You can scan your PC online with a decent anti-malware scanner like Trend Housecall.

I do use McAfee....wasn't aware it was shit or I wouldn't have paid for it!!! I also run Lavasofts adaware occasionally.

I have also changed my password to a strong one, having read about the particular email I have been sending on 'msn today help pages' and finding pages and pages of people having their email accounts blocked for breaching TOU for the very same issue I am having. It seems that as you say my hotmail account password wasn't strong enough (it was medium) and the account was hacked.

I followed the link you provided and used the trend housecall scan and it was clear. I can't believe it scanned that quickly though, a few seconds literally.

Just wanted to add that having done a scan with trend micro housecall (as mentioned in my previous post) I wasn't convinced it had scanned very well it seemed too quick. So I rescanned with lavasofts adaware and it found 102 files/items.
Most of them were just data mining cookies and the like but 4 were critical files and a registry key.

I would recommend running adaware if you have it on your pc.

That's not right...

¿Are you sure that you selected the right folders that you wanted scanning, or 'whole machine' or whatever the option is?

Adaware (and Spybot S&D) and it's ilk are pretty good malware scanners, but they are not to be confused with being virus/rootkit scanners - two different things.

¿What was the 'critical' files and the reg key(s) that it found, anyway? They might give some insight as to what was going on your PC.

You should also make sure that your Java is up-to-date (quite a lot of malware uses holes in older Java versions to propagate) and also scrap Adobe Acrobat PDF reader (uninstall it) and replace it with a decent, fast one like Foxit PDF Reader.

Not only is Adobe's one slow, bloated and installs loads of crap into your startup sequence etc., it can also act as a conduit for malware - when you install Foxit, just be sure to untick the box where it asks you if you want to install Yahoo! toolbar, IIRC.

Weirdly enough, in fact - this story came out a few minutes ago:

I did select to scan whole machine and within seconds it told me scanning was completed

I copied the scan results below but they really don't mean a thing to me tbh


20090429 19-48-16 : Tried to Quarantine an infection.
20090429 19-48-17 : Successfully Quarantined File: C:\Program Files\Common Files\Windows Live\.cache\wlcCB1.tmp belonging to Win32.FraudTool.HomeAntivirus2009

20090429 19-48-17 : Successfully Quarantined File: C:\Users\XXXXXX\AppData\Local\Temp\wlsetup-cvr.exe belonging to Win32.FraudTool.HomeAntivirus2009

20090429 19-48-18 : Successfully Quarantined File: C:\Users\XXXX\AppData\Local\Temp\wlsetup-cvr.exe belonging to Win32.FraudTool.HomeAntivirus2009

20090429 19-48-20 : Successfully Quarantined File: C:\Program Files\WinRAR\Rar.exe belonging to Win32.Backdoor.Agent

20090429 19-48-20 : Quarantine succeeded.
20090429 19-48-30 : Started cleaning the system of infections
20090429 19-48-31 : Clean operation finished

edit to add infact the more I look at them they look like they may well have been harmless .... are they from the vista security software???

Read my post above your latest one.

Well - if that's Trend's scan, then it definitely worked then.

Got rid of a couple of real nasties, too - Win32.FraudTool.HomeAntivirus2009 and Win32.Backdoor.Agent. (looks like you need to download a legit copy of WinRAR )


No - they most certainly are not - ¿how on Earth did you come to that conclusion?

They are first-class examples of real, nasty malware.

The scan resultsI posted are from adaware not trend. The trend scan said there was no threat to my machine



well i was wondering cos of the name HomeAntivirus2009

I never purported to know what I was on about tho

Win32.FraudTool.HomeAntivirus2009 is one of those blag fake 'Anti-Virus' infections that pupports to scan your PC and always says it's found 1000's of infections, and then throws you to a link where you can pay for the 'full version' that promises you it will get rid of them.

They also run other nasty stuff in the background (botnets, keyloggers etc..).

¿You are using a decent web browser like Firefox, Opera or Chrome, aren't you - and not the piece of crap that is Internet Exploder?

Download and run this file - it's the latest version of the Trend Housecall module.

Yes I am using firefox. Dumped IE a couple of years ago.

Thanks for your help scribble...it's very much appreciated

will follow your link now.

It looks like the 'Win32.Backdoor.Agent' in WinRAR is a 'false positive' - this has been reported quite a lot with Vi$ta and the latest versions of AdAware - if you've downloaded WinRAR from a reputable source (like in the link in my post above), then you can be sure that it's OK.

¿Now can you see why McAfee and it's ilk are piles of shite - it didn't lift a finger to help you find and sort any of this out, did it?

AVG 8 detects this as a threat, personally I'd download 7zip, it's clean and free.

Yeah - it's a false positive caused by over-zealous heuristics.

Shame about AVG - it was a nice, lean *free for personal use*, reliable antivirus scanner - but in recent editions, it's become so *bloated* it's untrue. It's not so bad if you install it, and then disable a lot of the unnedeed services, though - like the 'link scanner', 'email scanner' etc.

Personally, I'd disable everything except the on-demand file scanner, and then just do a manual scan every now and then - not even have the resident 'background' scanner active - they make even fast PCs feel like molasses to me.

Comodo do a free internet security suite now - firewall and anti-virus, doesn't seem too bloated. I'd second Oldman's recommendation of the 7-zip in place of winrar - 7-zip does RAR & Zip files and a host of others, plus as OM says it's free too. Hope you get it sorted EO, but please stay away from those dodgy free pron sites in future.

Aye, I found the same with AVG. Shame they had to bloat it out, but I've done what you say, disabled everything so I can just use it to do a scan every now and then.


Edited to add and if you use Firefox, I find the adblock and noscript addons to be very useful.

- Also, CustomizeGoogle, VideoDownloadHelper & FlashBlock are very useful, too - esp. in conjunction with AdblockPlus.

I swear that I can't browse the web with a browser like Chrome (you can use a custom HOSTS file with the likes of Chrome and Opera which will help some - not as good as FF+AdblockPlus, though) or on anyone else's machine that's not been setup the way I use them - seeing ads at all just blows my mind these days - they're *so* distracting.

Are you sure it's not just someone using your eMail address as the return address in their headers they're sending out? I'm amazed at how many huge internet companies return 'spam' mail to those addresses, knowing full well they are probably forged.

As for your interweb changing.... It's windows! I'm suprised everyone here isn't more use to things randomly changing, especially internet explorer defaults.

Hi scribble can you give me a list of the things I should turn off and recommend me software to keep my xp machine secure? I have a copy of avast anti-virus but can you recommend some free effective non bloated anti-spyware software?

Just use AdAware, Spybot S&D and an antivirus scanner like AVG or Avast! - what I do suggest, though - is to turn off all the 'resident' stuff that these apps try to install (like 'TeaTimer' and 'Resident Protection' for Spybot S&D, and something that AdAware asks to install, Live! or something, and like Booj has done, disable all of the 'Link Scanner' and 'Email Scanner' etc., that AVG wants to run all the time).

Also, strip down your startup sequence - you can use an app like HijackThis or Win's built-in services.msc for this. Getting rid of common, useless things like jusched.exe and GoogleUpdater.exe that always install to run on every boot - just check yourself for Java and Chrome/Google updates from time to time.

This way, you get to keep a nice, fast, lean machine that doesn't have 1001 useless processes running in the background all the time, grinding your PC to a practical halt. You can still run these apps to update then scan whenever you like, though.

There's a great resource here that tells you what XP services you can safely disable/set to 'manual' (like TCP/IP NetBIOS Helper, Clipbook, IPSEC Services etc.) to make your machine much leaner as well.


e2a: Also uninstall Adobe Acrobat (PDF) Reader, and install a nice, free, *fast* reader like Foxit PDF Reader.

e3a: And use a decent web browser like Firefox (*never* Internet Exploder ) and install some of the fantastic plugins for it like AdBlockPlus, CustomizeGoogle, FlashBlock, NoScript etc.

Thank you scribble, I have already got firefox and foxit (both brilliant programs) so that saves me downloading.

Another handy wee program that's also free is xp-Antispy (get it from .org) - lets you turn off a load of features and tweak a few settings. Don't use windows firewall, but if you do uncheck the box for Remote Registry and select "Don't Allow Exceptions". you can (and probably should) disable Remote Registry under Control Panel/Services. A few others to disable are Secondary Logon, Fast user Switching, NetMeeting Remote Desktop Sharing and Terminal Services.

If you are running XP Professional, type "mmc" in the Run box (without the " ") and then select File - Add/Remove Snapin - Add - Group Policy Object Editor. There's a shit load of settings in Windows that you can adjust via this, including removing "Everyone" (and all other user groups) from the "Access this computer from the network", but add "Everyone" to the "Deny access to this computer from the network" option. Basically if it says "Disable" enable that option (ie disable it) and if it says "Enable" turn it off to fuck. Windows XP Home Edition users aren't able to add a security policy (as far as I remember).

Hi EnigmaticOne, sounds like you have a serious problem here.

My PC got PROPER fucked up last year after accepting a file from a friend that I was in a convo with, I never questioned it at the moment the request appeared on my screen but i wish i did now!
I accepted the file and instantly my pc screen started going haywire, I have about 90 contacts on my msn and 30 or so were online at the time...

What happened was the moment I accepted the file (which was obviously a virus) it took over my computer, sent an identical duplicate file to every single person on my msn list and within 5 seconds I knew I had fucked up.

I had at least 15 of my contacts msg me there and then saying 'dude, you're infected with a nasty virus'.

It seems I was probably the only person unaware of the risk of accepting files.

One of my contacts had obviously fell for it seconds prior and it took over their computer, sending me and all this persons other contacts this virus file.

The virus that infiltrated my computer was called a 'vundo' virus and it was a fucking pain in the arse to remove, no 'vundo' removal tool would get rid of this vile virus, put simply, I couldn't remove it no matter what I did, There were constant porn ads popping up on my screen and all my contacts were getting constant e-mails and instant msgs from what appeared to be me but wasn't.

In the end I had to give my P.C to a good friend who's a total nerd when it comes to computers, he spent 2 weeks attempting to remove the virus, every time he removed the file manually using his geeky knowledge it would re-incarnate imbedded somewhere else at the next boot-up and in the end there were over 2000 infected files.

As a result he had to completely empty everything out the computer and start again from scratch, re-installing Windows and all the rest of the kit you need to run a PC.

I was proper pissed cos I lost a lot of stuff, including my excel files containing all my years earnings and more sadly, a huge wad of family photos and photos of people/events etc that were close to my heart.

The virus checker that my buddy used during this removal attempt was the Windows Live OneCare scanner, It amazingly seemed to find virus files that AVG, Norton, AdAware and Spybot couldn't detect, I've included the link below. (it's free)

Windows Live OneCare Scanner

I wish you the very best of luck mate and hope you get it sorted.

TT

With all due respect, it sounds like your 'geeky mate' isn't all that when it comes to geekery.

You needn't have lost all the personal files that you did - it would have been a fairly trivial matter to boot a machine with your infected drive(s) in it from a Live CD and copy them all to storage or burn them off.

Vundo can be a fairly nasty bastard to get rid of - relying on off-the-shelf virus scanners isn't the way to go with dealing with it and ones like it - a lot of things have to be done manually - to prevent the 'monitoring' daemons that replace each other if they detect that one has died/been deleted, for example.

You may have caught that Vundo infection via an IM message, but the main vector for Vundo infections is old out-of-date versions of Sun Java - it's important to keep your Java current.

Just wanted to let you know that I have no problems with my Hotmail account now, a change of password and a good clean up of the pc using Trend Housecall from the link scribble provided did the job for me. The second trend scan took bloody ages to complete and found some other nasties that McAfee didn't pick up on.



Scribble you were so right about that, am well pissed off having paid for McAfee.

movin on to AVG, my free version hasnt updated for 2 weeks - anybody else having this problem?