Jump to content


Photo

Someone is using my email address w/o permission


  • This topic is locked This topic is locked
8 replies to this topic

#1 lil_dragon

lil_dragon

    Smoking Spyware since 2004!!!

  • Helper Trainee
  • Pip
  • 40 posts

Posted 26 June 2004 - 02:56 PM

Hello,

This is my 1st post...so forgive me 'cause I didn't know where to post this. Anyways, here's my question...my email is being used by someone to send out emails ( I'm assuming to send out spam or as a mask to spread viruses), what can I do??? I use Outlook to download my emails from my ISP. I've changed my email login password 2x already but it's still happeneing. Is it something that's happening on the web or could it be something on my computer. I'm at a loss. I have ran the updated versions of adaware6.0 and spybot. I might note that after I had read a post on advanced features of aaw6.0, I changed some settings and found 2 dialers that did not show up on my previous scannings. The following is a snippett of my aaw log:

Warning!
Bad hosts file entry:127.0.0.1:connect.online-dialer.com


Redirected hostfile entry Object recognized!
Type : Hosts file
Data : 127.0.0.1
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 127.0.0.1:connect.online-dialer.com

Warning!
Bad hosts file entry:127.0.0.1:www.0190-dialer.com


Redirected hostfile entry Object recognized!
Type : Hosts file
Data : 127.0.0.1
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 127.0.0.1:www.0190-dialer.com

I removed these files. I was also having a problem connecting to aol, I beleive that these may have been the cause for that problem. I also might mention that I am on dial-up, but had dsl for over a 2 years up until about the beginning of this year. I can post my hijackthis log file, as I re-ran it after I ran the spyware programs, if that will help. Any help will be greatly appreciated. Thanks in advance.

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,757 posts

Posted 27 June 2004 - 02:34 AM

Mods, please move this thread to Malware Removal or something.

Please click the link in my signature marked "HijackThis." Make a new folder for it on the Desktop, save it there, and run it. Click "Scan," then "Save Log," and copy and paste the _entire_ log into a reply to this thread.

Edited by Tuxedo Jack, 27 June 2004 - 02:34 AM.

Signature file is under revision. This will be back shortly.

#3 lil_dragon

lil_dragon

    Smoking Spyware since 2004!!!

  • Helper Trainee
  • Pip
  • 40 posts

Posted 29 June 2004 - 12:37 AM

Hey Tuxedo Jack...thanks for your reply. Here is my HTJ log:

Logfile of HijackThis v1.97.7
Scan saved at 10:53:53 AM, on 6/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Compaq A3000\CPQA3000.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.1.5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Compaq A3000 Settings Utility.lnk = C:\Program Files\Compaq A3000\CPQA3000.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: Yahoo! Backgammon - http://download.game...nts/y/at0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.game...ts/y/cct0_x.cab
O16 - DPF: Yahoo! Go - http://download.game...nts/y/gt2_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://download.game...nts/y/ft3_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...swdir8d196a.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7977.4448958333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#4 lil_dragon

lil_dragon

    Smoking Spyware since 2004!!!

  • Helper Trainee
  • Pip
  • 40 posts

Posted 07 July 2004 - 11:41 PM

Just to follow up on this post, I beleive that my problem was that when I viewed my Outlook properties, somehow "Remeber Password" was clicked. I unclicked the box and haven't had a reoccurence since. This has been just a little over a week ago. Hopefully this cures this problem.

#5 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 08 July 2004 - 11:04 AM

Hi there!

I'm looking over your log to see if there's anything that needs to be removed.

As for this:

I might note that after I had read a post on advanced features of aaw6.0, I changed some settings and found 2 dialers that did not show up on my previous scannings. The following is a snippett of my aaw log:

Warning!
Bad hosts file entry:127.0.0.1:connect.online-dialer.com


Redirected hostfile entry Object recognized!
Type : Hosts file
Data : 127.0.0.1
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 127.0.0.1:connect.online-dialer.com

Warning!
Bad hosts file entry:127.0.0.1:www.0190-dialer.com


Redirected hostfile entry Object recognized!
Type : Hosts file
Data : 127.0.0.1
Category : Misc
Comment : Possible CoolWebSearch Hijack
Bad Hostfile entry : 127.0.0.1:www.0190-dialer.com


those are actually legit host hile entries. What those do is redirect any attempts to contact those sites to your computer (127.0.0.1). You'll need to replace your host file.

If you haven't done so, you might want to do a full virus scan.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#6 lil_dragon

lil_dragon

    Smoking Spyware since 2004!!!

  • Helper Trainee
  • Pip
  • 40 posts

Posted 10 July 2004 - 01:27 AM

Hey VashonDude,

Thanks for the reply. I had already taken care of those dialers by using adaware. The above HJT log was ran after I had deleted those entries. As far as I can tell, I don't see them in the HJT log above. If I'm wrong and you see something that I should take care of, then please let me know. Thanks again for your help.

#7 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 10 July 2004 - 01:52 AM

Your log looks clean :)

I recommend downloading the following programs:

SpywareBlaster

IE-Spyad

MVPS Hosts

These will prevent much of the bad stuff from getting on your computer. They're all free.

For IE-Spyad and MVPS Hosts, check either at their respective web sites or the Software Update forum here for update announcements.

Here's some recommended changes in IE settings that will help protect you.

Go to the Tools menu, then choose Internet Options.

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK

Go to the Security tab & click the Custom Level button.

The following ActiveX section settings should be changed as follows:
  • Download signed ActiveX controls: Prompt
  • Download unsigned ActiveX controls: Prompt
  • Initialize and script ActiveX controls not marked as safe: Disable
In the Microsoft VM section, set Java Permissions to "High Safety"

In the Miscellaneous section, set Installations of desktop items to "Prompt"

Click on the Advanced tab and uncheck both Install on demand items.

Click on Apply, then OK

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#8 lil_dragon

lil_dragon

    Smoking Spyware since 2004!!!

  • Helper Trainee
  • Pip
  • 40 posts

Posted 14 July 2004 - 04:30 PM

VashonDude,

Thanks for all of your help. I already had all the programs installed that you have mentioned, but your recommendations on the IE settings is very much appreciated. I made the updates to IE but I have also switched to Firefox as well to help prevent any baddies getting into my system. Again, thanks for your help.

#9 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 14 July 2004 - 05:47 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button