Dodgy e-mail. advice pls

[hamster]

Hi,

I received an e-mail from my Dad the other day, I opened it as it clearly was from his account. It didn't sound as though he had written it and after checking with him, he has confirmed that he did not send it PLUS other people have contacted him with the same story.

 

He's run some anti-virus scans but nothing showed up, he's now worried it will happen again. btw it was sent a time when his laptop was on but he was not using it.

 

Any help with how it is happening and how to remove it from his system greatly appreciated please?

 

Here's the content, with links edited:

 

*margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Verdana } "Hey

How is going now !

It is amazed.I got a great website,that guys sell electronics,the price is cheapest and quality is nice.Fast service to receive the products from them.

Go and check it : www(dot)fastnewbuy(dot)com

 

Email:info@fastnewbuy.com

MSN: fastnewbuy(at)hotmail(dot)com

[RedAndWhite91]

A similar thing happened on msn (instant messaging for all you old people) a while back, it was some sort of virus. What would happen is there would be a link with some text saying something along the lines of "zomg cant beleeve u took these photos lol" and if you clicked the link, your msn would then send that same link to all your contacts over and over again, without you even knowing ( until someone tells you). I'm not sure exactly what it did to your computer, as I didn't click it, but it was more of a nuisance than anything. This sounds similar...

[Al de Man]

Malwarebyte's Anti Malware seems pretty effective these days.

 

Install, do an update, then run a quick scan.

 

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentBody;mostPopTwoColWrap

 

It painlessly cleared the Personal Antivirus doing the rounds on Facebook a couple of months ago.

[hamster]

/\

Thanks fellas,

He has quite a few free security progs but I suspect too many to update and run effectively.

I'll recommend the Malawarebytes dl, and get back to you, in the meantime if anyone recognises the source I'd appreciate it as I can let him know where and how he probably got it.

 

This is the properties of said message if that helps with Dad's (*'s) and my Auntie's (X's) names blanked:

 

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtTQ0w9Mw==

X-Message-Status: n:0

X-SID-PRA: **** *******

X-Message-Info: JGTYoYF78jGRQ8lYqu8YN8Kv+I7U5JO52gKjd5jmLfVe7fouQ9gUrriyT+2SC5Bu1FmGXpRVkcrNxHL43LAT/H9MhviJBUZZ

Received: from col0-omc3-s10.col0.hotmail.com ([65.55.34.148]) by col0-hmmc2-f14.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

Fri, 28 Aug 2009 00:32:41 -0700

Received: from COL112-W9 ([65.55.34.137]) by col0-omc3-s10.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

Fri, 28 Aug 2009 00:31:00 -0700

Message-ID:

Return-Path: ************@hotmail.co.uk

Content-Type: multipart/alternative;

boundary="_b056257c-d975-4f4a-9aff-4cf174c45c50_"

X-Originating-IP: [60.10.208.129]

From: **** ********

To:

Subject: Give your new letterQ

Date: Fri, 28 Aug 2009 07:31:00 +0000

Importance: Normal

MIME-Version: 1.0

X-OriginalArrivalTime: 28 Aug 2009 07:31:00.0072 (UTC) FILETIME=[7D70CE80:01CA27B1]

 

[TUS]

Definite SPAMMERS ... http://www.hotukdeals.com/item/432492/just-a-word-of-warning/

[hamster]

Cheers people, Dad ran Malawarebytes last night, so hopefully it got found.

 

Well worth the £5 subscription.

[Smirking_Saint]

I had a problem like this mate,

 

Every month it would send messages to my whole inbox offering deals, most of them were about diamonds or something.

 

Virus checkers and adware removers failed to find anything, i got intouch with Microsoft and they said that Spammers may have gained access to my account, i changed my passwords, and security questions etc and have had no problems since.

 

Hope this helps.

[hamster]

Need advice again please, as this problem has escaletd.

 

I had a friend tell me that they have had an e-mail from ME this time, and now my mrs has just got one from one of her friends saying the same thing. I am gatting really worried and am at a loss.

I've run a couple of scans, but this seems to be hidden really well.

 

 

Can I add that all the e-mails seem appear to come from (for example) my e-mail address, but whe they are opened my auntie's e-mail appeasr in the 'from' line!

 

Note:

My Dad uses his browser to e-mail, I use the windows live app, my wife uses both web and windows live app.

 

This is the header from the one that was sent from mrs h's account:

.hmmessage P { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px } BODY.hmmessage { FONT-SIZE: 10pt; FONT-FAMILY: Verdana }

From: my wife's name [mailto:my wifes addy]

Sent: 22 September 2009 06:02

To: alchemist68(at)hotmail(dot)co(dot)uk (no idea who this is)

Subject: dont forget

 

I just want to say, a best gift place for Christmas,it is www(dot)popone(dot)info-,it is gorgeous and cheap price,go to look,honey!!!

 

*bits in blue edited by me

Edited 27 September, 2009 by hamster

[saint_stevo]

do as Smirking_Saint mentioned and change your credentials, and im guessing your aunties e-mail address is in your address book?

[Weston Saint]

Looks like someone has an infected computer/lap top and you are in their address book. The virus goes into their address book and sends spam pretending to be from you and your wife.

 

You may need to write to everyone in your address book to ask them to scan their system with good anti virus software as mentioned above.

[hamster]

do as Smirking_Saint mentioned and change your credentials, and im guessing your aunties e-mail address is in your address book?

 

It appears on the top line of most of the messages going out though, and she is none the wiser. Could id be that these messages ore actually originating from her computer.

 

btw I changed my log in p/w the other week as suggested.

[hamster]

Looks like someone has an infected computer/lap top and you are in their address book. The virus goes into their address book and sends spam pretending to be from you and your wife.

 

You may need to write to everyone in your address book to ask them to scan their system with good anti virus software as mentioned above.

 

I was going to do that, but wondered if the said virus could attach itself to the mailout?

[Weston Saint]

I was going to do that, but wondered if the said virus could attach itself to the mailout?

 

If you have good anti virus and using windows mail (outlook express) it should scan the outgoing and make sure no virus attached.

[sotonjoe]

Cheers people, Dad ran Malawarebytes last night, so hopefully it got found.

 

Well worth the £5 subscription.

 

they do a free version that does exactly the same scans for you.

[hamster]

they do a free version that does exactly the same scans for you.

 

Sorry sj, I meant the subscription to SaintsWeb, I haven't paid for real software for some years now.

[badgerx16]

Hamster,

as Weston has said above, this is almost certainly NOT on either your or your relatives' PCs; it is most likely that somebody that you have at some point sent an e-mail to, either an individual or a website that you posted your address on, has been compromised instead. It is one of the easiest things in the world to 'spoof' the address in an e-mail, and there are websites from which you can buy lists of e-mail addresses, some of them are actually legit and used for marketing, others are garnered from compromised machines and hawked around the black market.

 

A few months ago at work I received 50 e-mails from my own address, and I am the IT Security Manager !!!

[hamster]

Hamster,

as Weston has said above, this is almost certainly NOT on either your or your relatives' PCs; it is most likely that somebody that you have at some point sent an e-mail to, either an individual or a website that you posted your address on, has been compromised instead. It is one of the easiest things in the world to 'spoof' the address in an e-mail, and there are websites from which you can buy lists of e-mail addresses, some of them are actually legit and used for marketing, others are garnered from compromised machines and hawked around the black market.

 

A few months ago at work I received 50 e-mails from my own address, and I am the IT Security Manager !!!

 

The penny has dropped, cheers.

 

I reckon it's been 'garnered' (?) from an e-mail my Auntie sent out then, as she regularly sends the whole family those cuddly pussy ones that I delete without opening (no offence Auntie Alicia). There are always dozens of other 'cc' addies on them.

 

From what you are saying, every time they get forwarded the list of e-mail addies grows as more and more people 'cc' people from their own contact list, hence the whole family getting them. I shall just shoot her at the next family get together as punishment.

 

I will stop worrying for now.

 

thanks all

 

hamster

xx

[Rory]

Something like this royally f*cked me over on Facebook yesterday. A message was sent to most people on my friends list asking them to click a link and Facebook got wind of it and disabled my account.

 

Have I lost my account forever?

[Crab Lungs]

Something like this royally f*cked me over on Facebook yesterday. A message was sent to most people on my friends list asking them to click a link and Facebook got wind of it and disabled my account.

 

Have I lost my account forever?

 

Nope, but you are in for a fookin' long wait to get it back. Write to them and keep doing so, they will eventually give you it back and respond to you... Eventually.

[hamster]

Something like this royally f*cked me over on Facebook yesterday. A message was sent to most people on my friends list asking them to click a link and Facebook got wind of it and disabled my account.

 

Have I lost my account forever?

Is your profile still viewable to your friends? If so, then you could quite easily set up a new account and add one of them, then view their friends to add all of your other mates.

 

Just an idea.