E-mail hi-jack thing and Chinese scam site???

Hey_Dude · 25 October 2008 at 9:57AM

Dudes,

Last night a friend of mine - a sensible Dude - sent me an email - the text follows, it was clearly not from her:

Heya, how are you doing recently ? I would like to introduce you a very good company which I knew. Their company homepage is www.eccvvw.com. They can offer you all kinds of electronical products which you need, such as motorcycles, laptops, mobile phones, digial cameras, TV LCD,xbox, ps3, gps, MP3/4, etc. Please take some time to have a look at it, there must be something you 'd like to purchase.

Their contact email: SNIPPED
MSN: SNIPPPED

Hope you have a good mood in shopping from their company!

Anyhow my friend tells me that this email has been sent to everyone in her address book without her consent - she is somewhat concerned to say the least.

Seems to be some form of e-mail hijack.

I found detail relating to 'eccvvw' here and it seems to be some sort of Chinese scam site.

Can anyone advise as to what has happened to my friend's computer and how she can prevent this from happening again?

Thanks.

Duder

espresso · 25 October 2008 at 1:21PM

Hey_Dude wrote: »

Can anyone advise as to what has happened to my friend's computer and how she can prevent this from happening again?

What protection does she have installed?

Hey_Dude · 25 October 2008 at 1:57PM

Sorry if this is the wrong board.....

I think she has Norton and Adaware - though I'm not 100%.

Duder

jo_b_2 · 27 October 2008 at 8:25PM

I've moved this thread over to the Techie board for you where you might get some more advice.

Martin’s asked me to post this in these circumstances: I’ve asked Board Guides to move threads if they’ll receive a better response elsewhere(please see this rule) so this post/thread has been moved to another board, where it should get more replies. If you have any questions about this policy please email [EMAIL="abuse@moneysavingexpert.com"]!!!!!![/EMAIL]

DCFC79 · 27 October 2008 at 8:50PM

Hey_Dude wrote: »

Sorry if this is the wrong board.....

I think she has Norton and Adaware - though I'm not 100%.

Duder

You would need to make sure norton and adaware are up to date and scan using malwarebytes

Hey_Dude · 27 October 2008 at 9:05PM

UPDATE

Someone on here recommended using Malwarebytes and asked me to the post the results - here they come below - grateful for any comments.

Duder

Malwarebytes' Anti-Malware 1.30
Database version: 1320
Windows 5.1.2600 Service Pack 3
25/10/2008 18:20:10
mbam-log-2008-10-25 (18-20-10).txt
Scan type: Quick Scan
Objects scanned: 70318
Time elapsed: 11 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\!!2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!4f912770-a045-4603-951e-9b8377084354} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\!!4f912770-a045-4603-951e-9b8377084354} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\!!6b361030-e034-46af-9509-e498e92e01cc} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!22e6acdc-b081-4713-9c92-20f3caab6dda} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9830066-9df0-4c38-9878-a9c034a6c2e7} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/r64loader.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\!!288c5f13-7e52-4ada-a32e-f5bf9d125b84} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\!!1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\!!7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00f7afa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\!!4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\r64loader.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\FAITH\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\FAITH\Application Data\Starware\Manager (Adware.Starware) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\cpbrukie2.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\r64loader.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\error_list.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Maximum Software\Bug Doctor\error_list(fixed).log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\FAITH\Application Data\Starware\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\FAITH\Application Data\Starware\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Reluctant_spender · 27 October 2008 at 9:46PM

run an online scan here;

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

E-mail hi-jack thing and Chinese scam site???

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free