Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Hijack this log - should be clean ... ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 8th, 2008, 4:19 am

Try this:

First, open Thunderbird.

1. Click View Menu
2. Select Layout
3. make sure that 'Message pane' does not have a marker against it - if it has click 'Message pane' to remove it.

Then go to Inbox and delete the mail by betty.hall@megaman.com

Let me know if that worked or not.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Re: New Hijack this log - should be clean ... ?

Unread postby ice-9 » March 10th, 2008, 12:37 pm

Boy, I'm sorry, but still nothing. Was the implication that it was hiding behind the message pane?

I don't think I can paste screen shots here, but if I could I'd send you one of that in-box, with the messages arranged by sender - this e-mail doesn't appear, and in fact I've used ctrl+A to empty the whole inbox a few times since we first identified this e-mail. I'd also send you a screen shot of the window for C:\Documents and Settings\Rob - Admin\Application Data\Thunderbird\Profiles\3hqe9v10.default\Mail\mail.marketequip.com\Inbox.sbd, which is empty, even with hidden files showing.

Any other ideas? Seems strange - is it there, but not showing for some reason, or were we falsely led to believe that it's there when actually it's not...? Does the file pose a potential threat?

Thanks very much for your persistence - let me know if there's anything else I can do.
ice-9
Regular Member
 
Posts: 30
Joined: February 20th, 2008, 1:50 am

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 10th, 2008, 3:44 pm

Kaspersky detected the e-mail being infected by Email-Worm.Win32.Warezov.gen

http://research.sunbelt-software.com/th ... atid=70645

Email-Worm.Win32.Warezov.gen is a mass mailing worm that carries an infected attachment and spreads by sending a copy of itself to every email address in the victim's computer.


I think the sooner we get rid of this the better, so no one on in your address book will be infected, if the e-mail is indeed still there.

Let me ask around some more to see if anyone else has some more ideas, as I'm not familiar with Thunderbird, I've never used it before.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby ice-9 » March 10th, 2008, 4:56 pm

Yeah, I'm still doing the mail browser thing, as opposed to internet based e-mail, and I downloaded Thunderbird after I tried and loved Mozilla. It's good, but no huge advantage over, say, Outlook.

Let me know what you find out...
ice-9
Regular Member
 
Posts: 30
Joined: February 20th, 2008, 1:50 am

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 11th, 2008, 2:25 am

Thanks to ndmmxiaomayi for the suggestion. :)

Let's try this:

Log onto marketequip.com and see if you can delete the [From betty hall <betty.hall@megaman.com>][Date Mon, 2 Oct 2006 07:22:24 -0600] e-mail from your Inbox.

Let me know how it goes.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby ice-9 » March 11th, 2008, 2:08 pm

marketequip.com is simply the company website for my employer. If you're requesting that I actually log into our mail server somehow, I'm sure I don't know how...? Even at work, I use outlook (and the e-mail is not in that in-box either).

It's probably worth noting - would it have helped to mention it before? - that the mail browser on this computer is set not to remove messages from the server. Only the browser at work does that. Basically I've just set up Thunderbird to monitor my work e-mail from home when I'm not at work.
ice-9
Regular Member
 
Posts: 30
Joined: February 20th, 2008, 1:50 am

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 11th, 2008, 4:51 pm

Thanks to Beynac for this. :)

Open up Thunderbird on your computer and then click File---->Compact Folders


From "ThunderBird" help:

When you delete or move a message most e-mail clients simply hide the message and mark it as ready for physical deletion later on. These hidden messages still remain in the folder. Even emptying the Trash does not physically delete them. These hidden messages are not physically removed until the folder is compacted. If you don't compact your mail folders periodically, they can grow very large, and erratic program behavior may occur.


By clicking Compact Folders, that should get rid of that stubborn e-mail.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby ice-9 » March 12th, 2008, 12:05 am

Okay - that's done. How can we tell if this did the trick? I don't remember what we originally looked at that alerted us to this file...? New HJT log?
ice-9
Regular Member
 
Posts: 30
Joined: February 20th, 2008, 1:50 am

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 12th, 2008, 2:39 am

It was the results from the Kaspersky scan that showed you had those two infected e-mails.

Go ahead and run another Kaspersky scan and post the results.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 14th, 2008, 2:34 pm

ice-9? How's it coming along?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby ice-9 » March 14th, 2008, 3:03 pm

So sorry - sat down last night to do this and was pulled away by other obligations. I'm crazy busy lately. I know it would only have taken a few minutes but then I forgot to get back to it. Now I'm at a work computer and I won't get back to my house until Wednesday (traveling to Dallas). Hope it's okay to wait until then...? I'm eager to call it all good too.

Thanks for persisiting - I will do it immediately once I'm back at that computer.

Have a great weekend.
ice-9
Regular Member
 
Posts: 30
Joined: February 20th, 2008, 1:50 am

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 14th, 2008, 3:44 pm

Ok, thanks for letting me know. :)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby km2357 » March 21st, 2008, 2:53 pm

Hi ice-9.

Had a chance yet to run that Kaspersky scan?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: New Hijack this log - should be clean ... ?

Unread postby Elrond » March 24th, 2008, 2:08 am

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware