Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Email Hijacking ...

    I am not sure if this belongs here or under Outlook but I am sure someone will let me know. When I came home today Outlook 2003 SP2 had sent out 3 emails to small but significant portion of my email list. It was an eBay come on for an unlocked iPhone. I have since run Spyware Doctor, Trend Micro PC-cillin Internet Security 2007, and Super AntiSpyware Free Edition and have only discovered a few tracking cookies. Is there anything else I should run, look for, or do ? I am running WinXP Pro SP2 and have a Linksys 802.11g Wireless Router. If you need more info please ask. Thanks on advance for any help !!!

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Email Hijacking ...

    Were the e-mails in your Sent Items folder, or did you only receive reactions to e-mails supposedly sent by you? I'm asking this because spammers often fake the sender of their messages.

  3. #3
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    The email were in the "Sent Items" folder, 3 of them sent to various people on my email lists ... probably about 30% of all the email addresses I have as I was able to see all the people that were copied on each email. That is what made me take notice as I have seen the "fake the sender" messages before and just ignored them. Any suggestions ?

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Email Hijacking ...

    Ow! That doesn't sound good!

    I'd download and install HiJackThis from Merijn.org (free).

    The result of running this program is a log that can be analyzed online, for example HijackThis Logfileauswertung or HiJackThis! Log auto analyzer V2, or by experts at the SWI Forums. (Don't post your HijackThis log here in Woody's Lounge)

    BTW, which firewall do you use?

  5. #5
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    I am using the the Trend Micro Firewall. I will go through the "Hijack This" process. Thanks.

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Email Hijacking ...

    Hmm, the Trend Micro firewall guards outgoing traffic, so it should catch suspect use of e-mail.
    I hope you'll be able to find the culprit using HijackThis.

  7. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    I submitted all the HijackThis info to SWI Forums along with Spybot S&D & AVG results that they ask for. I also ran the "automatic" analysis of the HijackThis file but decided to wait for the "human" response. But here is more info ...

    I just noticed in the file Cocments & Settings"My Name" there are 56 entries (which I have deleted and are sitting in the "Trash") that read Cocments & Settings"My Name"LocalSettZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZZZZ.ZZ and then each succesive entry has more "Z's" and ends in either .ZZZ or .ZZ While I am just guessing now because I deleted the the 3 offending outgoing emails, it seems like there were about that number (56) of random addresses that recieved this strange email from me. Any thoughts ??? Thanks, in advance, for your time !!!

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Email Hijacking ...

    They may be temporary files created by the malware that has infected your PC, that's all I can say about it.

  9. #9
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Email Hijacking ...

    Hmmm... When you ran Spybot did it not report any "intrusions" that were worthy of note? If you don't already do so, I would recommend also installing SpywareBlaster as well as Ad-Aware 2007 Free for it often helps to have more than one watchdog (not virus checking, of course).

  10. #10
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Email Hijacking ...

    Some malware has become quite good at hiding. If you want to try more <img src=/S/free.gif border=0 alt=free width=30 height=15> tools on your own have a look at AutoRuns for Windows, RootkitRevealer, AVG Free Advisor - AVG Anti-Rootkit Free or McAfee Threat Center. Sometimes an online scan can be better at finding malware - see Panda Security (bottom right), or TrendSecure | TrendSecure. BTW, Trend Micro now owns HijackThis.

    Joe
    Joe

  11. #11
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    I heven't used SpywareBlaster in a few years but will take another look at it. Spybot S&D reported "No immediate threats were found". I use Ad-Aware 2007 Paid Version that repoted "1 MRU Object" which I deleted but nothing else. Any other thoughts ?

  12. #12
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    I ran AVG Free Advisor and nothing was found. I ran AVG Anti-Rootkit Free and nothing was found. Trend Micro House found Adware_Bhot_IEhelper and 2 Cookies which I deleted. I ran RootkitRevealer but I do not understand the results ... I have attached a file of the results if someone has a comment. Let me know what you think or if you have any further suggestions,
    Attached Files Attached Files

  13. #13
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Email Hijacking ...

    The SYZ_DAT entries appear to be related to a program called Magic Folders. Do you have that? If so, they're OK.
    Most of the others are related to Windows itself and are harmless too.
    I don't know why there is a .tmp file in your Temp folder that is hidden from the system, but the name is usually associated with MS Word.

  14. #14
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Email Hijacking ...

    This certainly looks like a rootkit to me.

    I quick google suggests that the folder C:SYZ_DAT is created by one of these programs. Have you installed any of them? If not then I suspect you have probably been hacked!

    StuartR

  15. #15
    3 Star Lounger
    Join Date
    Jan 2001
    Posts
    297
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Email Hijacking ...

    I have Magic Folders. Should I do anything with "a .tmp file in your Temp folder that is hidden from the system, but the name is usually associated with MS Word" ? Thanks for all the help !!!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •