Solved

Outlook login dialog box pops up on one particular email

Posted on 2009-07-14
7
381 Views
Last Modified: 2013-11-22
the workstation is part of a windows 2003 domain and is located locally to the server. Last week, when the user tried to open an email, she receive a login popup diaglog box asking her to input her login credentials. thinking that it was just a different application so she didnt bother contacting the IT people until today when she opened the email related to the one of last week. The weird thing is that it only pops up on this email. We are suspecting of malware. Can anybody enlighten me on how will i detect/remove this? i tried running Malwarebytes and it found a few and cleaned it. but still the same situation is happening when she opens the message. I appreciate the help. thanks.
0
Comment
Question by:amcurso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 250 total points
ID: 24853737
Hi,

Since this is the only e-mail which causes a pop-up asking credentials I guess it is the malware asking for credentials ant then it must be sending these credentials and her a-mail info to somewhere. I'll suggest you to save the contents and get it scanned by a malware scanner. You'd better delete it after saving too.

You can use A2 Malware Scanner Free version. It is one of the best available on the market.

http://www.emsisoft.com/en/software/free/

Cheers,
K.
0
 

Author Comment

by:amcurso
ID: 24853782
is possible to trace the where is it sending to? i tried viewing the source but its not giving me much to work on. Also, i think the main cause of this on the message is one image (i cant open because outlook is preventing it), when i try to download the image, it prompts and i'll just hit cancel and nothing happens, as if it didnt pop up. in other words, it can be ignored.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24853808
Hi, more than likely there is an attachment from either another email or a forward from another email from a file server share that she doesn't have access to.  Temporarily remove the attachment and try again.  Also check the properties of the attachment.

HTH
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 20

Expert Comment

by:MightySW
ID: 24853819
find out where the email is from.  More than likely it is from a resource that doesn't exist or, again, she doesn't have permission for.
0
 

Author Comment

by:amcurso
ID: 24853854
thanks btw, for all the response. there is one attachment - A pdf - and its fine. i already tried removing it. its just probably this part of the message when one of the recipient add a link or an image (i doesnt show up) to some internet image that is causing the issue.  

We can Delete this message and forget about it but the sad thing is that we had an issue a month ago where a forwarded message will attach an image of child porn when the recipient in turn forward it to someone. So they will not allow us to go without investigating it fully. hopefully i can give them more assurance/solution to this issue. thanks.
0
 
LVL 20

Assisted Solution

by:MightySW
MightySW earned 250 total points
ID: 24854006
So you are saying that there is embedded HTML in the message?

This could definitely be the cause.  Can you see the picture?  Be default, Outlook will not download pictures from external content, but if they are embedded then you could have a problem.  You can right click on the picture and try to save it.  If you forward it to an external account you could accomplish the same thing and not have to render the HTML through your domain restrictions.  

Screen shots always work well if you can see the image.  If you are really talking about a true forensic case then I would leave it alone and not even touch it.  This is something that someone who is specialized in forensics should deal with and the police should be contacted if need be.  Once you tamper with it then the evidence (if you need it to be evidence) is then inadmissible as forensic evidence.  Google special masters, or Kenneth Star when you get a chance.  This is of course if this is a forensic case.  

Honestly in this case, without deleting the message then there is absolutely nothing that you can do unless a special master forensic specialist comes in and investigates the image(s) and where they came from.

Sorry to be such a bummer, but that is absolutely the way it goes.
0
 

Author Comment

by:amcurso
ID: 24854030
Thanks. i do agree with you.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question