Not sure if this is the best place to post but if not i am sure you will let me know.
My father-in-law opened up his email (earthlink) the other day to find his entire inbox deleted. He called the help desk and they told him his acct had been hijacked. but could not really give him any further info. He does not use any other email acct. The only one on his computer is Outlook and there is nothing there either. I have run AVG, ADAware, Spybot all in safe mode and found nothing. I also ran Hijackthis and here is the report. Can anyone see if there is anything odd: Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:57 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Nihil, I found another of your posts with a link to hijackthis.de
great website...everything came back as safe.
maybe he messed around with the settings and his email, or spyware, or etc. is set to delete all messages after being read. i will check that once i get home tonight.
February 1st, 2010, 07:15 PM
Go through the accounts and the policy editor then get rid of all those toolbars and antiviral software. Shesh... have some self respect, man.
February 1st, 2010, 07:48 PM
I love toolbars. Here is a screenshot of my browser. :D
February 2nd, 2010, 04:59 AM
How does earthlink know his account was "hijacked"? He told you that in those exact words? Maybe the earthlink tech was just lazy and didn't know what else to tell him when he found his inbox deleted but insisted that he didn't do it. Could he have let his password out? Has he changed it since? If not, have him do so.
Usually if you've hijacked someones email account you'd be looking for useful information or as a means of sending out phishing emails, etc. You would want to go undetected, not delete the inbox... Is there anything in his trash folder? It's very possible that he deleted his own stuff by accident. Was it anything important? I delete everything in my inbox on a regular basis - usually upon entry.
That's friggin' hilarious. Sadly, I've worked on some puters where the browser actually looked like that. Usually on the work order: "Help! Browser running slow! I think I got a virus!" Of course, the system tray goes all the way to the start button, the start menu takes up the whole screen and then some and the desktop is full of miscellaneous icons that came from god knows where. =|
February 2nd, 2010, 08:41 AM
I would get rid of AVG. Use some other AV. Get rid of all toolbars and if possible use alternative browser (anything but IE and if you *must* use IE please upgrade to version 8 with all patches). Update all your microsoft patches to latest level, ensure you have original copy of windows, firewall (get something [outpost is good]) and AV. If you are looking for *free* version of AV get - http://www.microsoft.com/Security_Essentials/ - Make sure you download from Microsoft.com only!
February 2nd, 2010, 03:14 PM
Thanks for the info. I have changed his password (his previous one was password if you can belive it.) He insists that he had not deleted anything. I checked his acct and nothing seems out of the ordinary. No new accts created, etc. nothing is the trash file.
that is the exact words that the nice lady in India told him. that his acct had prolly been hacked.
TeW...i will absolutely cleanse his system of AVG. thinking of putting in Avast. I have had good results from it.
It is kinda funny. He has been having these problems ever since Firefox was loaded onto his laptop. Which is even funnier, because i switched over to Firefox when IE was starting to run a little slow and now I have browser pages not loading issues.
I wonder if the two are related. not sure how but makes you wonder...
February 2nd, 2010, 08:06 PM
Don't go for Avast please. If you are willing to pay then choose Kaspersky or Symantec (i prefer Kaspersky). If you want something free please go for the microsoft AV, it better then AVG and avast.
Update, Update and Update - Everything on your machine and the OS itself.
Run a online scan at housecall.trendmicro.com once you're done with everything just to be sure.
February 4th, 2010, 09:19 PM
Just as an update ( i hate open ended posts)...
I changed his password, scoured his system, updated all his stuff, etc. It now seems to be working fine. He is now getting his emails and they are not going anywhere. I did turn off his empty trash bin automatically option in case he did deleted them by accident.
I did get a few spam email returns when his email came back up. Different names attached to his email address, that type of thing. All of them seemed to originate in Korea. I think all the blocks, etc were keeping that contained but i will continue to monitor it.
I got my system back up and running also. I had to reload IE (some websites in the house will not load on Opera, etc.). but all is working well now. No more issues with pages not loading etc.
thanks for all the help. :thumbsup
February 5th, 2010, 01:08 AM
I would assume, then, that his account was "hijacked" simply because his password was "password." Hopefully he's learned a lesson. If he has difficulty remembering passwords, it may be helpful to him to substitute numbers and symbols for letters, for example "password" may become "pa55w0rd" or "p@$$word" - just a thought.