Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hotmail Accct hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hotmail Accct hijacked

Unread postby francis327 » September 23rd, 2009, 2:03 am

Hi,

Let me ask you a question. You stated that I appear to be clean. What has been changed or deleted since we started this? You have had me run numerous programs (some several times) and I don't see where anything has been changed or deleted. I'm not very computer savy, so can you please explain this to me. And again, the hijacking is continuing, so what's next??


Very good question, to your understanding, before i cleanse your system up, it has actually being infected. Your system is somehow infected with a Vundo trojan. Read more about it below:
http://en.wikipedia.org/wiki/Vundo

Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.


Further detail you should have read the Infection part and Symptom part of the article.

I can explain to you that what i have did to your system is that i have cleanse it from the Vundo infection. Your system is not heavily infected and another thing is that, this infection does not leads to your hotmail issue.

2. The problem is only with one Hotmail e-mail. Other people use this computer and have their own e-mail on hotmail and yahoo, but their email accounts are not affected.

If, other user use that computer and their own hotmail account are not affected, this means that your hotmail account has been compromised and hijacked, but the hijacking is not done through this computer that you are currently using.Hotmail is a webmail based email and it has its own server. If your account is being hijacked by another person, through hacking the hotmail server, then there is not way i can help you on your issue, UNLESS you changed your email password.

1. I did not change my password because it's still happening. I've read in numerous places that there is no since in changing the password if my account is still being hijacked. If it was being hacked, then that is a different story.

Any reason you don't want to change your password? You still insist that your hotmail account is being hijacked through the computer you are using? What i can tell you is that it is not. You should have change your email account password once it is being compromised. I see no different between an account being hijacked and being hacked. For my understanding is that it is being hacked therefore it can only be hijacked

I've read in numerous places that there is no since in changing the password if my account is still being hijacked. If it was being hacked, then that is a different story

Justified your statement by giving me some sharp evidance that there is no need a change of password after it is being compromised.

Please have some read below:
WHAT SHOULD I DO IF MY HOTMAIL ACCOUNT GOT HACKED?
Go through the following steps, one by one:

1. Before you do anything else, change your Hotmail account password to something very safe. Not a dictionary word or name, or even a word and numbers. Use symbols such as $ and & in your password, and make it long. I know it is difficult to remember, but if you don’t want to be hacked, you’ll have to start using strong passwords.

2. Now check that your autoresponse and email signature on Hotmail do not have any spam text added to them, as this would go out to your contacts automatically.

3. Then check that your computer does not have spyware or viruses, by following the instructions here.

4. From now on keep your passwords safe, and be extra careful when using public computers (such as those in Internet cafes). If in doubt – change your passwords.

5. You may want to alert Hotmail support to the problem. It seems to be happening all over the place, and the more they know about it, the better it is for their efforts to address it.

And please note: if for some strange foolish reason you decide to go to the site advertised by the spammers, and you are even more foolish and decide to buy something on it, don’t be surprised if it never arrives. This is a well known scam, and you will never get your goods, you muppet.


what-to-do-if-your-windows-live-account-has-been-stolen
Now if you still have access to your account, then change your password immediately. Also change your Secret Answer & alternate email id if any.


With the above two strong points, i see no reason for you not to change your password.
My personal advice is go ahead, change the password and come back to us if you still have problems.
I also suggested that you locate and contact Microsoft Live Team HERE or HERE where you can reset and validate your hotmail account again.

Hope all the above points clarifies you well.

francis327
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)
Advertisement
Register to Remove

Re: Hotmail Accct hijacked

Unread postby francis327 » September 25th, 2009, 11:20 pm

Hi,
Do you still need help?
It has been 3 days since your last reply.
If you haven't reply me in the next 24 hour, this topic will be closed
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Hotmail Accct hijacked

Unread postby Drewson » September 25th, 2009, 11:36 pm

Hello,
I'll give it a try and get back to you. I still need help with getting rid of the P2P programs that you previously said you could help me with.

thanks
Drewson
Regular Member
 
Posts: 20
Joined: August 23rd, 2009, 11:12 pm

Re: Hotmail Accct hijacked

Unread postby francis327 » September 25th, 2009, 11:47 pm

Hi Drewson,
Proceed with the hotmail change password,
I will prepare a fix for you to remove your P2P application.
Sorry that i overlook the issue. I will get back to you once i am ready.

Thanks
francis
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Hotmail Accct hijacked

Unread postby francis327 » September 26th, 2009, 10:10 am

Hi Drewson, this fix shall attempt to remove the P2P application. Please follow accordingly.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.


Backing Up Your Registry
  1. Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE


1 - OTM
Please download the OTM by OldTimer
  • Save it to your Desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    Code: Select all
    :processes
    explorer.exe
    
    :files
    C:\Program Files\LimeWire
    C:\Program Files\BearShare
    C:\Program Files\Kazaa
    C:\Program Files\uTorrent
    
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe"=-
    "C:\Program Files\BearShare\BearShare.exe"=-
    "C:\Program Files\Kazaa\kazaa.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    :commands
    [emptytemp]
    [start explorer]
    [reboot]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



2 - Status Check
To post in next reply:

  • OTM log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Hotmail Accct hijacked

Unread postby Drewson » September 28th, 2009, 8:17 pm

Hello,

Attached is the OTM log. The way I read it, it could not find any p2p files.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Program Files\BearShare not found.
File/Folder C:\Program Files\Kazaa not found.
File/Folder C:\Program Files\uTorrent not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BearShare\BearShare.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Kazaa\kazaa.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DREW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Drew1
->Temp folder emptied: 56615 bytes
->Temporary Internet Files folder emptied: 103601367 bytes
->Java cache emptied: 25493474 bytes
->FireFox cache emptied: 11409807 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 624292 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 134.77 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09282009_190304

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_5a4.dat not found!

Registry entries deleted on Reboot...
Drewson
Regular Member
 
Posts: 20
Joined: August 23rd, 2009, 11:12 pm

Re: Hotmail Accct hijacked

Unread postby francis327 » September 28th, 2009, 9:06 pm

Hi Drewson,
It is fine, I reviewed your last log again and realize the P2P application are all gone since.

How is your hotmail behaving now?
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Hotmail Accct hijacked

Unread postby Drewson » September 29th, 2009, 10:22 pm

Hello,

I have't received any non-deliverable mail for the last several days. In the past, sometimes several days went by before it started again. Hope it's all over this time. We'll see in a couple more days. Can you keep this open for several more days, just in case?

thanks
Drewson
Regular Member
 
Posts: 20
Joined: August 23rd, 2009, 11:12 pm

Re: Hotmail Accct hijacked

Unread postby francis327 » September 30th, 2009, 2:53 am

Hi Drewson,
Thanks for informing.
I will leave this thread open for another two to three days.
So please let me have a reply after two or three days.

If everything goes well, we shall close this one.

Thanks
francis327
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Hotmail Accct hijacked

Unread postby Carolyn » October 1st, 2009, 5:15 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware