Jump to content

All emails compromised within 24 hours of creation


Recommended Posts

Hello, and happy holidays. I recently created an email address so I could email support for something unrelated to this topic, and it generally takes 24 hours to receive a response, when I signed in the next day to check for a response I was prompted that my account had likely been compromised and used to spam, or I broke the terms of service (I did not). This happened again when I created another email, almost 24 hours on the dot, I was prompted that I was spamming again. I found information for old email addresses for multiple different email services and all of them had a similar message, accounts that I had not signed into for a long time, so the problem has been around. I've done multiple scans and found nothing. 

I haven't had many other signs of infection, but I assume it's automated for email addresses because it is was the same amount of time to start spamming both times. I generally use 10 minute mail for accounts and there are accounts I sign into on my computer that have seemingly not been compromised. I thought it could be spoofing at first but I don't understand how newly created email accounts and old ones could all be used to spam without it being some kind of persistent problem on my end. I also attempted to use keyscrambler to create an email address to encrypt keystrokes in hopes that would stop a simple keylogger, but the same spamming suspension prompt was displayed when I tried to sign in.

Thank you for your time, and I greatly appreciate any kind of response. 

mwb.txt

FRST.txt

Addition.txt

Edited by infectedemail
Link to post
Share on other sites

  • Root Admin

Hello @infectedemail and :welcome:

 

Please download and run the following Kaspersky antivirus tool to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything. You will need to fully disable your Commodo antivirus and other security software to run this scanner.

Thanks

Ron

 

Link to post
Share on other sites

5 hours ago, AdvancedSetup said:

Hello @infectedemail and :welcome:

 

Please download and run the following Kaspersky antivirus tool to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything. You will need to fully disable your Commodo antivirus and other security software to run this scanner.

Thanks

Ron

Thanks again for the assistance, the scan took a few hours, it just finished up and it did not find any threats. And just to confirm, everything was disabled and all objects were selected for scan (as they were not all initially selected by default). 

Link to post
Share on other sites

  • Root Admin

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

4 hours ago, AdvancedSetup said:

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

AdwCleaner seemed to have found something, I will post the results below along with the requested attachments. I'd love to hear your insight on what this PUP.Optional.Legacy detection is.

Thanks. 

 

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 30 09:49:01 2017
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1089 B] - [2017/12/30 9:46:59]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

mwb3.txt

FRST.txt

Addition.txt

Edited by infectedemail
Link to post
Share on other sites

  • Root Admin

I don't think that was much of anything. That's just some minor entry stuff probably from an old infection.

Let's try resetting your router to factory defaults.

 

Please reveiw the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

Thanks

Ron

 

Link to post
Share on other sites

16 hours ago, AdvancedSetup said:

I don't think that was much of anything. That's just some minor entry stuff probably from an old infection.

Let's try resetting your router to factory defaults.

 

Please reveiw the following website and read it before continuing and then do a Hard Reset back to Factory Defaults for your router.
This information is only for resetting the router DO NOT erase, install, or update the firmware, just reset your router to factory defaults.

Reset And Reboot

Hard reset or 30/30/30

 

Thanks

Ron

 

Sorry for the delay, I have hard reset the router. Do you think a virus changed the DNS or is that just precautionary? I don't believe anybody else connected to the network has had issues. 

Thanks for the assisstance. 

Link to post
Share on other sites

  • Root Admin

The logs are not showing any real infection that your ISP would contact you about so a router reset was to ensure nothing odd going on there.

When you say " I don't believe anybody else connected to the network has had issues. "  If there are other users in the home with other computer devices using the same router, if one of them are infected that could certainly be an issue.

Please change your passwords from a known clean computer. Then create a new email account from Gmail or Outlook and see if you have any issues.

Ron

 

Link to post
Share on other sites

1 hour ago, AdvancedSetup said:

The logs are not showing any real infection that your ISP would contact you about so a router reset was to ensure nothing odd going on there.

When you say " I don't believe anybody else connected to the network has had issues. "  If there are other users in the home with other computer devices using the same router, if one of them are infected that could certainly be an issue.

Please change your passwords from a known clean computer. Then create a new email account from Gmail or Outlook and see if you have any issues.

Ron

 

Sorry if I misunderstood, or if my original post was not worded correctly, but it is my email provider, like outlook, not my internet service provider that suspends me because of spamming. And I will change my passwords on a different computer and create a new email and see what happens. I was also considering creating an email on a VPN to see if it is somehow related to another infected machine packet sniffing possibly? 

And just hypothetically, if spamming continues in all instances, is it possible there is an infection that is not detectable? In which case, is reformatting the only option or what would you suggest, if the problem persists? 

I will report back in a little over 24 hours because that is generally when the spamming suspension is issued. Thank you for your time and assistance. 

Edited by infectedemail
Link to post
Share on other sites

  • Root Admin

Okay sounds good. Let me know. Yes, sorry about the ISP comment. Had another topic with an ISP issue I was looking at.

Your computer shows no signs of an infection. Would take a lot of dedicated work to do man in the middle attacks. Check all your wires and cables going in and out of the computer. There are in-line USB key loggers that would not be detected.

 

Link to post
Share on other sites

7 hours ago, AdvancedSetup said:

Okay sounds good. Let me know. Yes, sorry about the ISP comment. Had another topic with an ISP issue I was looking at.

Your computer shows no signs of an infection. Would take a lot of dedicated work to do man in the middle attacks. Check all your wires and cables going in and out of the computer. There are in-line USB key loggers that would not be detected.

 

No problem, I understand completely, it's amazing how many people receive assistance here, and I appreciate you taking your time to help me individually.

Last night I made another email address on the computer I've been having issues with and this morning I received the same suspension for spamming. I just created another email from a different device on the same network, awaiting the results, but I thought I should mention I am still having issues. In a few hours I will be able to create an email on the device in question on another network. I will report back.

This is regarding my laptop, which is always in my possession and all other computers connected to the network are never taken out anywhere where they could be exposed to a USB keylogger, but I did examine them and found nothing. 

With no signs of infection, what do you think could be causing this kind of thing? Or is it too early, or impossible to tell at this point? And sorry if this is a stupid question, partially out of my curiosity and interest on the subject; if hypothetically an infection were causing something like this, and it was undetectable, would you still expect there to be something pointing to the fact that there is an infection and just not be able to locate where or what it is? Or would something that cannot detected through logs also have absolutely no indication that the problem is an infection? Or does there being no signs of infection mean there is very little chance that something conventionally undetectable is present? 

Link to post
Share on other sites

18 hours ago, AdvancedSetup said:

I would look at using a VPN as you suggested earlier. I'd have to think something is possibly going on with your IP

 

Gotcha, and that makes sense because I just checked and the email I made on another device but on the same network also was suspended for spamming. I am making an email via VPN now. 

Sorry for asking so many questions, but any ideas on what kind of issue this is? As in, you said it's something going on with my IP, I don't fully understand what kind of thing could be going on. Thanks. 

Edited by infectedemail
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.