Jump to content

Hornsj2

Members
  • Content Count

    14
  • Joined

  • Last visited

About Hornsj2

  • Rank
    New Member
  1. Hornsj2

    Blackmail email

    Forgot to mention that it is possible that if your email address and password were taken in a breach they CAN do bad things so as everyone is saying make sure you change your password. Also, it is a really bad idea to share passwords amongst different sites. It is a pain to do, but you should have a strong password that is unique to each account you have online. By the way, these people are stealing not only passwords and email but phone numbers, challenge question answers(think mother's maiden name etc), and other personal information. None of that is proof they have hacked your device.
  2. Hornsj2

    Blackmail email

    If you have the ability to open your SMTP header for the email you will most likely see (I would bet my house on it) that they are "spoofing" your email address. There are many different types of these email scams going around now. Some ask for bitcoin, some tell you to click on a link to see evidence. If you click on any links you WILL get malware. Report this to your email provider or buy a SPAM filter if you run your own server.
  3. Hornsj2

    W32.Extrat

    Oh all those files not quarantined are gone. I deleted that mail account from Mail and after backing up that account to PST (yes, need to be careful with this pst) I deleted that and 2 other mail accounts. Thank you again.
  4. Hornsj2

    W32.Extrat

    Thank you for your reply. I'm saying in this folder is where WIndows Mail stores all of the downloaded emails and attachments subfolder 3 for emails and subfolder 7 for attachments. C:\Users\Josh\AppData\Local\Comms\Unistore\data So Emails are in C:\Users\Josh\AppData\Local\Comms\Unistore\data\3\ Attachments are in C:\Users\Josh\AppData\Local\Comms\Unistore\data\7 The files in those folders are for Mail program's use and are hidden protected operating system files. The viruses were found in subfolder 7, which means some email had a virus attachment. Since I downloaded 10 years of emails via POP a few weeks ago, I'm guessing someone sent me viruses over the last 10 years and those were downladed to this folder (but maybe not executed?). Protection of Norton and Malwarebytes!
  5. Hornsj2

    W32.Extrat

    Nasdaq, I have a question. I just did more research on the location of this virus, as detected. It was in appdata/local/comms/unistore folder 7. Apparently that is where Microsoft Mail stores attachments when downloading POP. One file was MyDocs.SCR and another infected file was a .zip. I don't recall ever executing either. Is it possible this RAT was never active? I started using Windows Mail about 3 weeks ago (before I used thunderbird on my VM). I had about 7000 emails from over 10 years on the server when mail downloaded via POP. Nothing has found an active RAT process. Is it possible to have had the RAT running without MalwareBytes or Norton to be aware of it? Would I have had to execute the .SCR or unzip the .zip for it to infect me? Thank you for your help.
  6. Hornsj2

    W32.Extrat

    Fixlog.txt I have read this and I have no idea what it did. It looks like it removed some chrome stuff and maybe a spy that Microsoft installed (campainManager?). By the way, Norton REALLY hates FRST64.exe. First, it warned me to discard the download. Second, it warned me when I started the process that the process was reaching out over port 80 to bleepingcomputer. Thank you, I will contact you if I have further issues with the computer. I think I have further issues with my life after having a RAT for who knows how long... Time to call banks etc...
  7. Hornsj2

    W32.Extrat

    By the way, I'm not trying to insult Malwarebytes. I am somewhat shocked that I have let a trojan go for so long and am asking for help in making sure my system is clean. I used to do email and surf in a Linux VM, thinking that and Windows Defender were enough! Sadly, no.
  8. Hornsj2

    W32.Extrat

    adwcleaner fix report (1 failed to clean) # ------------------------------- # Malwarebytes AdwCleaner 7.2.5.0 # ------------------------------- # Build: 11-26-2018 # Database: 2018-11-30.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 12-01-2018 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 3 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\94a6df8a-d3f9-558d-bb04-097c192530b9 Deleted HKLM\SOFTWARE\81bfc699-f883-50c7-b674-2483b6baae23 ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1418 octets] - [01/12/2018 00:20:46] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  9. Hornsj2

    W32.Extrat

    Ran adwcleaner: # ------------------------------- # Malwarebytes AdwCleaner 7.2.5.0 # ------------------------------- # Build: 11-26-2018 # Database: 2018-11-30.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 12-01-2018 # Duration: 00:00:09 # OS: Windows 10 Pro # Scanned: 32290 # Detected: 4 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Adware.Heuristic HKLM\SOFTWARE\94a6df8a-d3f9-558d-bb04-097c192530b9 PUP.Adware.Heuristic HKLM\SOFTWARE\81bfc699-f883-50c7-b674-2483b6baae23 ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.Legacy Ask PUP.Optional.Legacy AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
  10. Hornsj2

    W32.Extrat

    FRST.txt Addition.txt
  11. Hornsj2

    W32.Extrat

    Let me just clarify my remarks. I run my own email domain. I don't expect Malwarebytes to stop SPAM. I have a SPAM filter for that on my server. I merely mention it for context. Oh WOW.... scan for rootkits is off by default?!?!?!
  12. Hornsj2

    W32.Extrat

    I first purchased Malwarebytes about 2 months ago after I started getting nasty emails. I know these are spam but I didn't have a malware solution so I chose Malwarebytes. For the last 2 months I have been running fine and only a couple of times has the program flagged a trojan or something on a website. Well I'm still getting spammed pretty hard on my email accounts (just actually deleted them), and my ISP provides Norton so I decided last night to install it. It claims it found 4 threats! One of which is W32.Extrat, which is a remote access virus (keylogger, etc). Has this been running the entire time I have thought I was clean? I know nothing is perfect but I bought Malwarebytes specifically to deal with these types of threats... Windows 10, latest update.
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.