Email address book compromised?

  anskyber 10:15 20 Dec 2007

I received an email from my daughter today which was clearly spam. She has also received a range of "message no sent" or similar which relate to old email addresses that are no longer used by her contacts.

This has all the look of a compromised email address book which has been harvested or perhaps even her machine "controlled" from elsewhere. I have no experience of this problem so any thoughts would be most welcome.

She has a machine using XP, Comodo firewall and AVG free anti virus. She has used a POP email before but is currently using Hotmail. My initial thoughts are to ask her to run Superantispyware.

  Taff™ 11:56 20 Dec 2007

Definately not good. Download and install Superantispyware and possible Spybot S&D as well. Make sure AVG is up to date with definitions. Uninstall Comodo firewall, reboot and re-install - I would have thought the firewall would have prevented any unusual behaviour but she may have inadvertantly allowed something out. Re-installing it should reset everything and she will need to allow things manually for a while. Disconnect from the internet and run AVG first, followed by each of the other solutions.

It might also be an idea to run them in safe mode as well before reconnecting to the internet. If there are problems found and they appear in System Volume Information" there may be something lurking in a System Restore Point which means that every reboot of the computer it reinstalls itself. If this is suspected turn off system restore and run everything again. Reboot and turn on system restore and reboot again. Good Luck!

  anskyber 12:03 20 Dec 2007

Thanks, that's a good start. I think your point about system restore is well made so perhaps she should delete all restore points as well?

Should she delete the points reboot then turn on again?

  FreeCell 12:03 20 Dec 2007

Good advice from Taff. I would add A Squared Hijack free - click here

Bit complicated to interpret but if she uses the "Refresh Online data" button this gives a good indication of any problem entries.

  Taff™ 13:27 20 Dec 2007

Turning Off System Restore will erase ALL restore points. A reboot is automatically requested when she ticks the "Turn Off System Restore" box. I would make sure she has all her important documents backed up however the processes I described are not destructive.

Incidentally, A-Squared Anti-Malware was on the PCA DVD December issue (Two issues ago) and it was a full version with a 12 month license. I`d recommend it too.

  anskyber 13:29 20 Dec 2007

Thanks for the reminder, funny how the mind goes blank when it's a family member in need.

  VoG II 13:34 20 Dec 2007

Nasties hidden in system restore points cannot do any harm unless you restore to that point. The advice I've had from malware removal experts such as Nellie2 is to keep at least one restore point. That way, if things go pear-shaped when attempting to remove malware you will have a system restore point to go back to, even if it is infected.

  mfletch 13:37 20 Dec 2007

Hi, In my opinion turning off system restore is a bad idea,

1/ Any restore point is better than none even if infected,

2/ Anything that is in your system restore is locked in there unless you do a system restore,

Clean your computer first then when it is running OK turn off system restore then back on again,


  anskyber 13:41 20 Dec 2007

Any thoughts on the possible extent of an infection? I am in Cumbria and my daughter is in London, she will read all of this tonight as a link I have sent her.

She has asked, given that it is a Hotmail account and therefore a web based email account is the compromised account on her PC or with the account?

If that makes sense.

  FreeCell 16:09 20 Dec 2007

Just for point of clarification - A Squared Hijack free is a different program from A Squared AntiMalware . Hijack seeks out entries in registry and ports etc that can indicate possible hijack activity. (Like it says on the tin, I suppose) I use both and AVG.

  Taff™ 16:43 20 Dec 2007

FreeCell - acknowledged - you are quite correct! I suspect that these well respected companies are struggling to sell any of their products!

Vog™ - Hi mate but on this occassion I have to disagree. (Nellie2 might want to admonish me as well)

mfletch - I have to say that certain viruses etc... remain in the system restore files and from my experience turning off System restore, & rebooting gives the user a clean System Restore. I doubt if "Clean your computer first then when it is running OK turn off system restore then back on again" will work.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Galaxy Note 8 vs iPhone X

Awful clip art from 1994 is being tweeted every hour by a bot

iPhone X vs Samsung Galaxy Note 8

Les meilleurs navigateurs internet 2017