Solved

Email taken over by virus - Win7

Posted on 2013-12-15
7
305 Views
Last Modified: 2013-12-18
My friend lives several thousand miles away.  He got a virus that has taken over his email and is sending out spam.  He runs Win7 Premium 64 Bit on an Acer Aspire M3400 desktop computer.  We think he got the virus by opening an email and clicking on a link.  When I originally set up his computer (via Logmein), I set up two ids, one administrative and the other standard.  This is supposed to be more secure. He got the virus on the standard id.  I set up Thunderbird email for him and I can see the hundreds of emails that have been sent.  He has Avast Internet Security and Malwarebytes Anti-Malware Pro.

When he told me about this two days ago I got onto the Administrative id and ran an Avast scan.  It found nothing.  I ran a Malwarebytes scan.  That found a lot of stuff that I cleaned out.  I also ran Trend-Micros housecall and Kaspersky TDSSKiller. They found nothing. Today his ISP called and said his computer was still sending out hundreds of emails.

Even if he did click on a bad link, why didn't Avast Internet Security and Malwarebytes protect him? Why didn’t I find anything when I ran all those scans?  Do I have to run them from the same id that got the virus?  What can I do to find and eliminate the virus?

Thanks,
Al
0
Comment
Question by:alanlsilverman
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Accepted Solution

by:
Steven Harris earned 150 total points
ID: 39720342
Even if he did click on a bad link, why didn't Avast Internet Security and Malwarebytes protect him?

The reality is that no single program is available that can remove all threats from your computer while protecting you from new ones, and technically speaking, it is not recommended to have two antivirus programs running simultaneously. In most cases, it is impossible to run more than one software at a time due to conflicts that may lead to freezes and application failures, or that malware will get through the 'defenses' because the two programs are more worried about what each other are doing.

With that said, I would recommend running an 'arsenal-scan' (using multiple software scanners) from both Safe Mode and Normal Operations Mode (through both Profiles), using Malwarebytes, ADWCleaner, ComboFix, etc.

It is also very possible that the malware is infecting the single profile and the services running that threat are only started within that profile.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 39720362
alanlsilverman--
It may be best to create a new email user account and ditch the one that is send out the emails.  Back up your Contacts first.
0
 

Author Comment

by:alanlsilverman
ID: 39720364
Thanks.  I'm going to put this on hold for a bit.  I want to talk to my friend's ISP.  The email he opened might have been a red herring.   It might be that his email was hacked at the server level and they didn't get into his computer after all.  
Thanks,
Al
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 200 total points
ID: 39720387
alanlsilverman--
And sometimes a hacker does not send from the computer named as the sender, but uses that address to send from another PC. This happens when a friend's Contact list is stolen and the hacker uses the addresses in the list.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 150 total points
ID: 39720932
it can be a rootkit, so run roguekiller :  http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 

Author Closing Comment

by:alanlsilverman
ID: 39727066
I spoke with techies at my friend's ISP.  There's no way to know for sure but the spammers probably got into their servers because my friend didn't have a strong enough password for his email. He changed it.   nobus, I ran roguekiller along with everything else and didn't find anything.  That's the first time I heard of that utility.  Do you think it's better than TDSSKILLER for rootkits?
Thanks,
Al
0
 
LVL 91

Expert Comment

by:nobus
ID: 39727330
i don't know if it's better than any other; i only post the tools i use, and know they're ok
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Allowing a local account for incoming Rdp but not outgoing Rdp 15 109
adobe acrobat scaning 9 49
prezi for presentation 2 44
Undelete files from a formatted drive 28 52
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now