IMPORTANT! Have you received an email to your forum username?

joe134

StumpyPumpy wrote: »

Whilst Malwarebytes is generally very good, when I tested with the latest version (on 21/11/10) it did not detect and clean up this specific infection. I was surprised it didn't, but it didn't.
I don't think it is a good idea to recommend it in these circumstances, unless you have evidence that it has now started working here. The same goes with several anti-virus packages I tested: all detected the bad link in the email, none could either detect or clean an infected machine. Of course, make sure your anti-virus is up-to-date and running properly, but don't expect much help from it if your machine has become infected.
In my research, I found Hitmanpro to be the most consistent performer for detection and removal, with the easiest interface for novices to use. It is free, quick and easy. I don't recommend it for anything other than this specific issue. Not necessarily because I don't like it, but because I have not tested it for any other issue.
In all likelihood if Hitmanpro does not detect this infection, you do not have it (I will never say 100% certain, life is not like that) Easy steps to download and using it are in my previous post to this thread: http://forums.moneysavingexpert.com/showpost.php?p=38683690&postcount=822

SP

Hi, as I did not open my e-mail, because I do not use my g-mail address for MSE, I obviously cannot say what does or does not detect or remove the Trojan.I reccommended Malwarebytes as that is the most reccommended Anti=malware when I have had Trojans on the Techie site.If it does not detect it, and you say certain Av,s don,t, then how do you know what Trojan is on the machine? It must be a good one to bypass both.I didn,t even know of the Trojan until today, and I am on techie site every day.It cannot be solely linked to forum users as I stated, my g-mail is not on the forum site and never has been.If it,s as bad as you say, I,m supprised anyone who is infected can get to this site to take any advice.Does this Trojan have a name?

Penipincher

I only received the bogus email this evening when I opened MSE's weekly newsletter. I know I joined the forum in December 2009, because I have an email from MSE, dated 02/12/10 welcoming me.

MissLead

joe134 wrote: »

Hi, as I did not open my e-mail, because I do not use my g-mail address for MSE, I obviously cannot say what does or does not detect or remove the Trojan.I reccommended Malwarebytes as that is the most reccommended Anti=malware when I have had Trojans on the Techie site.If it does not detect it, and you say certain Av,s don,t, then how do you know what Trojan is on the machine? It must be a good one to bypass both.I didn,t even know of the Trojan until today, and I am on techie site every day.It cannot be solely linked to forum users as I stated, my g-mail is not on the forum site and never has been.If it,s as bad as you say, I,m supprised anyone who is infected can get to this site to take any advice.Does this Trojan have a name?

What you have written really concerns me! It seems to me you are something of a Techie so I assume you know what you are talking about. As a non techie I am naturally concerned that ANY information at all has been stolen from MSE (not moaning about MSE, it can happen to any website!) but you say that the offending email was addressed to your Gmail address which is NOT registered with MSE. Can you or any other knowledgeable person please tell me how this could happen and what it all means?

Incidentally, it may be entirely coincidental but I have noticed a marked rise in spam mail since last week. Nothing awful, just a wretched nuisance! Is anyone else experiencing this?

StumpyPumpy

joe134 wrote: »

Hi, as I did not open my e-mail, because I do not use my g-mail address for MSE, I obviously cannot say what does or does not detect or remove the Trojan.I reccommended Malwarebytes as that is the most reccommended Anti=malware when I have had Trojans on the Techie site.If it does not detect it, and you say certain Av,s don,t, then how do you know what Trojan is on the machine? It must be a good one to bypass both.I didn,t even know of the Trojan until today, and I am on techie site every day.It cannot be solely linked to forum users as I stated, my g-mail is not on the forum site and never has been.If it,s as bad as you say, I,m supprised anyone who is infected can get to this site to take any advice.Does this Trojan have a name?

See my previous post for details of what this infection is:
http://forums.moneysavingexpert.com/showpost.php?p=38571018&postcount=473
I know because I have worked in the field. Although I do not work any more, I still have the resources in place to debug and safely infect and then clean a machine with this Trojan. And I did so many, many times on Sunday, before coming to my conclusions. The way the current payload acts is to redirect some internet searches and spoofing "pay-for-click" ads as well as occasionally popping up virus warnings, prompting the user to download fake AV software. It does not block all access, so getting to this site is not a problem (unless done through a search page such as Google) Malwarebytes is a very good tool, but it doesn't catch everything, nothing does.
It might help the investigation if you realise that you did use the address for a limited period of time, say for the first weeks of your membership and then changed it as this would help narrow down the period any breach occured in. Otherwise your email may be completely different. If you are sure you have never used the address it was sent to on MSE then, unless you have email redirects set up, it is from a different source. It might be the same group who did the MSE one or it could be something completely different. Experiencing a different attack vector means that you should pay no attention to anything said in this thread (beside my comments, of course;)) because they may not apply to you. You might want to look around and find where the leaking of your address came from, because MSE can't magically link your user name to an email you have never divulged to them.

SP

MrRedundant

I think MSE are hoping everyone just forgets about it and they dont need to account for it.

I wonder if its a coincidence that the website has been struggling at points over the last few days with load times.

Fruit_and_Nut_Case

Penipincher wrote: »

I only received the bogus email this evening when I opened MSE's weekly newsletter. I know I joined the forum in December 2009, because I have an email from MSE, dated 02/12/10 welcoming me.

<

---

And every time you post, your "Join Date" is displayed.

ABe

This email was in my junk mail folder on the 17.11.10 and it was addressed using my forum user name after looking at it I did not click on link I nearly did as i thought it was genuine from mse because i had just used the forum but then i had second thoughts and I deleted it because it looked suspicious

ploddingalong_2

MissLead wrote: »

What you have written really concerns me! It seems to me you are something of a Techie so I assume you know what you are talking about. As a non techie I am naturally concerned that ANY information at all has been stolen from MSE (not moaning about MSE, it can happen to any website!) but you say that the offending email was addressed to your Gmail address which is NOT registered with MSE. Can you or any other knowledgeable person please tell me how this could happen and what it all means?

Incidentally, it may be entirely coincidental but I have noticed a marked rise in spam mail since last week. Nothing awful, just a wretched nuisance! Is anyone else experiencing this?

Yep my spam mail has increased quite a lot this past week. Of course it could be coincidental. If the addresses were only lost in the breech one year ago, it's unusual that the bother has just started. But then again the email using my username only arrived in the past week too............

joe134

StumpyPumpy wrote: »

See my previous post for details of what this infection is:
http://forums.moneysavingexpert.com/showpost.php?p=38571018&postcount=473
I know because I have worked in the field. Although I do not work any more, I still have the resources in place to debug and safely infect and then clean a machine with this Trojan. And I did so many, many times on Sunday, before coming to my conclusions. The way the current payload acts is to redirect some internet searches and spoofing "pay-for-click" ads as well as occasionally popping up virus warnings, prompting the user to download fake AV software. It does not block all access, so getting to this site is not a problem (unless done through a search page such as Google) Malwarebytes is a very good tool, but it doesn't catch everything, nothing does.
It might help the investigation if you realise that you did use the address for a limited period of time, say for the first weeks of your membership and then changed it as this would help narrow down the period any breach occured in. Otherwise your email may be completely different. If you are sure you have never used the address it was sent to on MSE then, unless you have email redirects set up, it is from a different source. It might be the same group who did the MSE one or it could be something completely different. Experiencing a different attack vector means that you should pay no attention to anything said in this thread (beside my comments, of course;)) because they may not apply to you. You might want to look around and find where the leaking of your address came from, because MSE can't magically link your user name to an email you have never divulged to them.

SP

Hi, Again I reitterate, I have never used my g-mail on this site.I set my g-mail up to enable me to use 1899.com, as aol, do not allow it through, the link to 1899 was "perhap" via a link from this site?That was 4 years ago.I never use it for anything else, I even have difficullty remembering my password.I used it yesterday to view my 1899 invoice, and MSE e-mail was there.I immediatly deleted it, and as you know, usually, bogus e-mails tend to be un-retrievable, as this one was. I have had severaral bogus HSBC ones lately,requesting details of A/C, deleted, and they dissappear.This e-mail was definitely MSE related, only MSE know what they do with e-mails submmitted to them.I do not believe in coincidences, and MSE are on top of it, but I think they could have Highlighted it as urgent on the home page, nobody uses all sites, ie. feedback site, this is my first time in 5 years.I never noticed it discussed on Techie site, doesn,t mean it,s not there;To me there seems to be a third party link here, something does not add up.

joe134

ploddingalong wrote: »

Yep my spam mail has increased quite a lot this past week. Of course it could be coincidental. If the addresses were only lost in the breech one year ago, it's unusual that the bother has just started. But then again the email using my username only arrived in the past week too............

Hi, I wish I could answer your concern, because I am also concerned.It cannot be coincidence that so many forumites are getting this e-mail to unregistered addresses.I have not had one via MSE,s official e-mail.There,s only MSE who can answer our concerns, the 3rd party e-mail is more of a threat than the Trojan, because you don't know how your details have gone astray.only time will tell if MSE find out why, because WE cannot.No site is totally secure, but, forewarned is forearmed.Best of luck.