Having issues with Hackers getting into my e-mail, yet scans are clean?

[discodadee]

Hello! A big thank you in advance to whoever can help me figure out the spamming problems I've been having. I've been repeatedly hacked over the last few years and finally my ISP got tired of it and suspended my account. It seems that no matter how many times I change my password, and/or scan my machine, I still am having issues. I've attached copies of my most recent scan via MBytes and the FRS tool. Please review and let me know what I need to do to try to get my machine working properly again. 

 

Thank You!

MBytes Scan.txt FRST.txt Addition.txt

[Maurice Naggar]

Hi,  

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

 

spam email is the bane of existence on the web.
Spam emails ( & phishing emails) are an unfortunate everyday occurrence. But their presence does not mean that your machine has any infection.

My suggestion is to delete spam outright. And to NOT use the "unsubscribe" link which would be another scam.

The fact is that email spammers can manufacture emails on their own and without anything to do with your machine.


If you ever left your email address out on a public venue – that is one way for your addy to have been lifted.
More likely, it may have been from any one of many data breaches

See https://blog.malwarebytes.com/cybercrime/2018/12/data-scraping-treasure/

If needed, you could look into using something like Mailwasher.
Mailwasher is owned by Firetrust. They have some free & some paid products.
The main website is this http://www.mailwasher.net

They also indicate they have a free spam blocker
http://www.mailwasher.net/free-spam-blocker

 

I am unsure as to just how you determined that some hacker actually "got into" your Email account.

But I can understand that spam emails are annoying.

 

Is there any specific email that you have in mind that you believe is significant ?

 

Either change your Email account to use a very STRONG password,   OR , change to a whole new Email account like Outlook.com.

Get a STRONG password     https://www.lastpass.com/password-generator

[discodadee]

Thank you for your response Maurice! I only thought it was a local issue due to my ISP/Hosting provider suspending my work e-mail address due to their server being overloaded. I also have a script set-up that notifies me every time someone logs into my e-mail account. That script was going crazy and was sending me notifications from various IP addresses all over the world. I assume that the IP's are actually fakes, but it still looked like someone was logging in. There was also some fraudulent credit card activity at the same time, that originated at the same date. I did do a little digging through my e-mail inbox and found a spam or phishing e-mail that I had clicked on for a bogus attorney in the UK named Appletons Solicitors LTD. At least, I think that was the one that got me...

 

Please let me know how to confirm that my machine is clean. My ISP is holding my work e-mail address hostage until I can show them a clean bill of health. 

 

Thank You!!!!

[Maurice Naggar]

Be very very sure you have changed the password on your Email account.

You also should do the same for your Windows account.

.

On a S C A M phishing email  / and especially if your password might have been lifted.

The intent of this  is to provide common sense advice on what to do after receiving one.


1 - Change any password that was mentioned in the email
If you still use the password cited in the Email, change that password to something else. ( Your password may have leaked out of your browser in the long ago past, Or it is possible some other info like email address was leaked in a data breach ( like a data breach at a credit bureau , or Facebook breach, Yahoo breach, or some other social site ).
Change your passwords. Do not use the same password on social media sites. Consider not using single sign-on across sites like with Facebook credentials. ( recall the number of recent & past Facebook site compromises).
That is to say, tighten on on passwords and on browser program security.
Use strong passwords.
See this article on creating strong passwords https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

2 - beef up each web browser

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

I suggest you install the Malwarebytes Browser guard on to Chrome browser.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

 

To get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

You have already provided a Copy of a Malwarebytes for Windows scan showing no malware.

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Edited October 25, 2019 by Maurice Naggar

[discodadee]

Maurice! Thank you so much for all of your help!! I have been following all of your instructions and am initiating the ESET scan right now. I was also able to confirm that I was indicated in a number of different data breaches according to Google. Chrome advised they found 17 of my login ID's and passwords included in various breaches over the past few years. 

[Maurice Naggar]

Hi.  How is it going ?

What is the result of the ESET scan ?

[discodadee]

Sorry I disappeared Maurice, having my work e-mail back meant I had to get back to work! LOL

Anyways, I've attached the results of the scan and it did find one sneaky trojan hiding on my machine. The scanner took care of it as far as I can tell and everything seems to be running fine...for now. 

I've also gone through and changed all passwords and followed these same steps on my wife's computer. Fortunately, hers seems to have fared better than my own and no harmful data has been found. 

eset scan log.txt

[Maurice Naggar]

Thanks for the update & the report.

Kaspersky antivirus scanner

See about  downloading and running the Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

 

There is a guide on how to run KVRT Kaspersky tool    https://support.kaspersky.com/8528

 

[Maurice Naggar]

Hello.   How is it going ?

[Maurice Naggar]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks