Jump to content

Search the Community

Showing results for tags 'email virus'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. Hello, today I got a very suspicious email containing a HTML file This is what is contained in HTML file <body onload="document.location.href=window.atob('aHR0cHM6Ly9tdXNrLmJpdGNvaW5kb25hdGV1cy5zaXRlLz8zMTQzMzI1MjEg');" /> which has decoded as I did open the HTML file in the browser but the tab just opened and didn't redirected me to this site. But I suspect that virus has infected my system. I have followed the steps from other forums i.e have installed the malware bytes, adwcleaner and FRST. I have attached the log files from all the programs. Please look into this and help me remove the malware. Thank You! FRST.txt Addition.txt AdwCleaner[C04].txt MalwareBytes_report.txt
  2. This event suggests to me that something sinister has got fingers somewhere in the email chain. But can I determine exactly who has the problem? (Names have been made generic for privacy.) The players: Me: 001@earthlink.net Friend1: 002@ComercialDomain.com Friend2: 003@gmail.com So I sent an email to: Friend1, with a cc: to Friend2. And I almost immediately got back an error from "Mail Administrator" with subject "Mail System Error - Returned Mail". The text: The attached "details.txt" file said: This indicated to me that something in the email chain was forwarding the email I sent to a mysterious box in .ru (Russia!). Or that was what it tried to do, except the destination box either didn't exist or had fallen off line, resulting in a bounce back to the "sender" name, which is me. If the email had gone through successfully, then I would never have known about it. My immediate sense is this indicates sinister activity somewhere along the line. Or am I panicked over nothing, and there's a perfectly reasonable explanation for a reference to .ru in a bounced email? (We are in the U.S. If our email is being processed by a Russian server, even "legitimately", I want to know about it!) Assuming it's not benign, what could cause this? The general possibilities that come to mind: 1) A virus on my own PC, which surreptitiously sends my emails to the bad guy. 2) A virus on my outgoing email server. This is smtp.charter.net, which I would expect to be secure. Charter is my ISP, and it's a huge company. 3) A virus on the pop email receiver at CommercialDomain.com (this is a small company, and thus presumably less secure than Charter). 4) A virus on the receiving computer of Friend1 5) I think we can assume the pop email receiver at gmail.com is secure 6) A virus on the receiving computer of Friend2 Do I know enough to determine which system has been compromised? I'm speculating... Case (1): I *think* my own PC is secure. I run Microsoft Security Essentials. After this incident, I ran MalwareBytes, and caught several Internet adware and PUP cases, but nothing flagged as serious. My email program is Microsoft Outlook. In looking at my "Sent" email, I don't see any additional addresses being visibly tacked on to the email I sent that triggered this response. I haven't had any security violations on my system that I know of. I'm a tech guy, although not an expert in security, but I've got understanding and general instincts. Case (3): This struck me as the most likely possibility; that the pop server on this private company has been compromised, and was forwarding incoming email to a Russian drop. Forwarding emails to another address is a normal pop feature, so this isn't even necessarily a sophisticated hack; something like this could happen if anyone with access to the server just entered a forwarding address. Case (4): This is Friend1, the recipient, and the error text specifically indicates the email to him went to Russia. Could a virus on his personal PC have quietly forwarded it, spoofing my return address? Case (6): The other friend, Friend2, who was cc:'d, is not named in the error report. I suppose it's possible that a virus on his PC could have quietly forwarded the original email, spoofing my return address? I would think Friend2 is unlikely to be the source of the forward, but he did mention having had a virus (presumably removed) in recent memory. I asked Friend1 to run this by the tech contact for the CommercialDomain.com website, and he was told the pop server was fine and the problem must be in my own PC, and he should delete all future emails from me. I don't know the quality of this tech contact, but that response -- or at least the part that I'm reporting here, and which is all I know -- either doesn't make much sense or isn't useful. Part of my mind wonders if his tech support is covering its fault by telling him not to listen to the guy who noticed their problem. Sorry for the verbosity; I'm just trying to set down what I know. Is there a smoking gun anywhere in this morass?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.