Email account hacked - spam sent - cannot change any user information

My email account on outlook express was apparently hacked yesterday, resulting in a great deal of spammail being sent from my account. Aside from the nasty messages I got back from a lot of people who received the email, I can no longer change my email password, delete my user, export my messages, or anything relating to modifying any account or options.

Can someone help me get outlook express straightened out? I have run a number of online and offline spyware scanners and they have not found any spyware.

This morning an email went out to an email account with my userid and password. Outlook express will not allow me to change my password.


The messages I am getting are from Mail Xplosive:

>>From: "davyk" <>
>>Subject: Congratulations!!! ( Reply to: )
>>Date: Tue, 30 Sep 2008 12:23:58 -0400
>>MAIL Xplosive !                  P.I.D.N:(mx/1.08/pd)
>>You have every reason to be happy, because you are the selected winner of
>>the first ever MAIL Xplosive ! promotion. Your email address has won you a
>>prize money of £1000,000.00 GBP. Do note that this was done randomly, and
>>you emerged as the first ever winner, congrats ! Do not be confused you
>>are the rightfull winner.
>>For further information on how to collect your prize money, do send an
>>email containing your;
>>Full name................
>>Contact Address..........
>>Telephone Number.........
>>NAME: Frank Hillsborough
>>or call ; +447031980597
>>NOTE: Make sure you add your P.I.D.N (personal identification number) to
>>your reply email. ( You can find your personal identification number at
>>the top right corner of this email )
>>The MAIL XPLOSIVES ! team wishes to congratulate you.
>>MAIL XPLOSIVES,  making the world a wealthy place.

Who is Participating?
ElrondCTConnect With a Mentor Commented:
OK, if they're in the Sent folder of your webmail and not in OE, that means that your online access, not OE, was hacked. There is nothing on your computer to find.

Once the password has been changed (and hopefully to something non-trivial--not a single English word, for instance), you should be protected from a repeat.
try and log in to hotmail directly at and if you can log in to your account change your password.  If you can not log in then go to the forgot password link, you may have a chance of resetting it if your questions/answers haven't been changed.  Otherwise try and let everyone know that someone "hacked" your email account and to block you email address.
mvssysprogAuthor Commented:
Thanks for responding.. Unfortunately, my email account is with (small local ISP).
I have a call into Hargray to change that password, but the problem is that I am still hacked. I need to be able to get the hacked software off my system.


Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

While sometimes email is sent with your return address even when someone doesn't actually have control of your account, your statement that you couldn't change your email password indicates something else is going on. (I presume from your second message that you now have control of your password.) If there's a program on your system, what you need to do is find that and remove it. I'd suggest a couple of things:

1) Get a two-way firewall, which tells you whenever a new program is trying to access the Internet from your computer. I use and recommend ZoneAlarm (, which offers both a free and a paid version; for home users, the free version is fine. (You should turn off the Windows firewall in Control Panel if you're using that, as the firewalls can compete with each other.) This will prevent a program on your computer from sending email without your knowledge.

2) Run a complete antivirus scan with a fully up-to-date AV program. (If you don't have one, go to or for free AV programs.)

Are you seeing copies of the messages that people are receiving in your Sent folder of OE? If you are, then somehow OE itself has been hijacked, which is quite unusual; more often, rogue email is sent directly by the malware. The way to deal with that is going to be a bit different.
mvssysprogAuthor Commented:
Thank you very much for responding. This really is very curious though.
I am not seeing the sent emails in my outlook express sent folder. Rather when I go into webmail, all of the spam messages are there in the sent folder. They are not in my sent folder in outlook express.

I have run Nortons antivirus full scan, trendmicro housecall online scan, and Panda's online scan as well as a number of spyware scans (spyware doctor, spybot search and destroy, superantispyware, Anti-malware and a couple of others) and none of them found anything.

It is very frustrating. I have sygates firewall up and running that I got years ago. Would that suffice still? It has protected me just fine until this attack.

I appreciate any suggestions you can offer.

mvssysprogAuthor Commented:
Thank you... I changed the password to hopefully something much more difficult to figure out....I really appreciate it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.