What email virus causes these symptoms?

Discussion in 'malware problems & news' started by google88, Jul 2, 2012.

Thread Status:
Not open for further replies.
  1. google88

    google88 Registered Member

    Joined:
    Dec 15, 2009
    Posts:
    135
    My friend sent me 2 emails with .php attachments

    I clicked them and kaspersky said they were bad webpages

    ScreenShot791.jpg ScreenShot792.jpg

    I contacted my friend he said his email had sent to everyone these bad links

    and i suggested doing a full scan etc

    so far he has found nothing wrong with his PC other than he now has "odd bits on the icons for his computer - on the bottom left"

    ScreenShot794.jpg
    ScreenShot795 edit.JPG
    icons with odd bits [640x480].jpg

    Q1 What would cause this behaviour (emails sent and icons changed)?
    Q2 Why wasn't it detected or removed by a scan?
    Q3 is it at risk of reoccurring?

    His explanation
    :doubt: :doubt: :doubt: :doubt:

    Any help or Advice welcome

    Many Thanks
     
  2. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Check the URLs with Virus Total. ;)
     
  3. google88

    google88 Registered Member

    Joined:
    Dec 15, 2009
    Posts:
    135
    virus total says they are safe -- so much for virus total

    but they are dodgy

    i tried the link again and Kaspesky blocks it

    Any ideas anyone?
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    It could be false positives you know. ;)
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,938
    Location:
    U.S.A.
  6. google88

    google88 Registered Member

    Joined:
    Dec 15, 2009
    Posts:
    135
    he ran MBAM and Norton scan but got no results

    but it had done something bad (ie it mailed everyone and changed icons on his computer?)


    i dont think the links that were produced and spammed out are false positives. i think the "site mentioned" in the first post is bad in some way.
    ScreenShot798.jpg

    also how does anyone explain the changed icons?
    icons with bits on the bottom left corner


    ScreenShot794 [640x480].jpg

    View attachment 233599

    View attachment 233600

    View attachment 233601
     
    Last edited: Jul 2, 2012
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Have you done any scans with bootable Antivirus Rescue CD's such as?:

    1. Dr.Web LiveCD
    2. Avira Rescue System CD
    3. Kaspersky Rescue Disk 10
    4. Bitdefender Rescue CD

    I have been told that some malware may be easier to detect when Windows is not running.
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Excellent idea kid. @google I think you could ask your friend to try to follow what kid said. I'm sure if the pc is infected(probably it is with all those weird changes to icons) it would be detected and removed by all those live cds.
     
  9. google88

    google88 Registered Member

    Joined:
    Dec 15, 2009
    Posts:
    135
    I suggest this was on one of things he might try

    But i wasn't sure if he had to own the full version to get the disk or USB version.

    Thanks for the list. i'll get him to try this

    Its a bit of a baffling problem.
     
  10. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    The DLLs relate to Outlook Express, wab32.dll in particular relates to the address book.

    No idea about the icon, google images and tineye claim not to have seen it before.

    Simplest idea would be for your friend to backup anything important, and reinstall Windows. That would generally be my response if it was my computer (I'd restore an image.)

    Next simplest idea would be to make a free Dr Web rescue disc from a non-infected PC (http://www.freedrweb.com/livecd) and scan his computer with that. Kaspersky, Panda, Avira, F-Secure, etc, all have similar free discs.

    Alternatively you could go to one of the malware forums like majorgeeks, bleeding computer, etc, and carefully read the instructions on what logs to provide - then hopefully someone will give further instructions on how to help. It can take a long time to get a reply since they are all volunteers - and it's not uncommon to see topics ignored entirely, particularly if people don't follow their often tedious rules to the letter.

    There's loads of free malware scanners available such as HitmanPro, DrWeb CureIt, etc... Search the forums. Someone will be along to tell me off for mentioning Combofix.
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Times like this is when a image replacement is a mans best friend.To many things go undetected by scanners and in the end formats or image restores prove to be vital.
     
  12. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hi all.

    Around 6 months ago my dads Hotmail account started to send out emails to everyone in his adressbok (including me) about viagra etc etc...

    So I strongly suspected that he's email account had been hacked so I reported it to Microsoft via the (I think my friends Hotmail/WindowsLive account has been hacked (or similar wording) ) From within my Hotmail account, and after a few days he's account got shutdown.

    We found out that the next time we tried to login into he's account it showed a message that Microsoft had shutdown the account because it had been hacked etc etc....
    And all we needed to do to open the HM account again, was simply to create a new (Stronger I said) password. And since then he haven't had any problems with he's account sending out emails to all his contacts. :thumb:

    So that's what I would do. Report the account to Microsoft so they can shut it down. Perhaps he could just change he's password, but I would report it anyway. :)

    Edit: I just logged into Hotmail to check how to do it......

    First open the email that your friend sent to you, (don't click or download anything of course)
    Then once you have the email open, look in the upper menu bar where it says (Mark as) and then choose (My friend has been hacked) and follow the instructions.

    Though I am uncertain about the exact wordings because I don't use the English version of Hotmail :)
     
    Last edited: Jul 3, 2012
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    All very true and good advice, but in the OPs friends case I would think its more to it then that because of additional icons added to there documents,photos and spreadsheets.IMO thats a tell tale sign something was droped on the system as well.
     
  14. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Please have him follow the methodology I advise in How to Know If Your Computer Is Infected to see if there is anything nefarious running on the system.

    Let us know what he finds, if anything.

    Thanks.
     
Loading...
Thread Status:
Not open for further replies.