My email account has been hacked.

Joined
Oct 12, 2010
Messages
13
Reaction score
0
Thanks. It was while I was visiting a forum. All I did was select the Yes button by checking it. I have MSE, updated. I ran a full scan with that and also with Malwarebytes Antimalware, SpyBot S&D, and Ad Aware. Perhaps it was only six seconds, not 15. Six sounds more like it. I will now also run Rkill..................................... aaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaa As you can see, my computer does not prevent doubling up on letters. I also held the Shift key for six seconds.
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
I ran rkill. It found two Plaxo's and a temporary internet file. I downloaded Plaxo on September 15 to download my contacts from my WLM email reader to the website Windows Live. The phishing occurred shortly thereafter. I doubt if Plaxo is the culprit since it apparently is a Windows Live tool.

Can you give more specific instructions on accessing the keyboard in Control Panel? I got to keyboard changes, but that had to do with language changes.
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,353
Reaction score
1,587
It doesn't prevent double letters, the purpose is to control how many milliseconds it waits before it creates a second, third etc because some people hold the keys down longer than others and "accidentally" get two letters when they only want one.
keyboard.jpg
I don't have multiple languages installed so I don't have a tab for that.

And if RKill found something it thinks is a virus then I would delete it, even if I thought it was from Microsoft. Plaxo is NOT a Microsoft product. It is very common for hackers to bundle there virus on a website pushing a real product or even modify an executable so that it installs their malware as well as the real product. You even indicated you got it about the same time as the Phishing occured; coincidence, not likely.

I would delete what RKill found and then make sure you get it from a reliable website. If this is a legitimate program, which it does appear to be, then get it from their own website www.plaxo.com
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
I uninstalled Praxo, and got a message that the download was not successfully completed. I canceled that message, downloaded Praxo through your link, and re-downloaded rkill. Rkill now did not shown Praxo as a malware. It only showed a temporary internet site which was successfully killed:C:\Users\Irving\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VA709UMC\rkill[1].com

Rkill completed on 10/14/2010 at 15:09:48.


This may or may not have anything to do with Praxo, but I had trouble communicating my modem with the computer. Comcast sent several refresh signals which were unsuccessful. However, I am now getting on the internet. This may just be coincidence.
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,353
Reaction score
1,587
I had trouble communicating my modem with the computer. Comcast sent several refresh signals which were unsuccessful. However, I am now getting on the internet.
It could be the signal was blocked by your Firewall, do you use Windows Firewall or third-party software?

Also your cable modem most likely connect via your LAN ethernet port so you might want to check with your computer manufacturers website and make sure you are using the latest LAN/Ethernet drivers for your computer.

And I'm glad RKill is OK with your new copy of PRAXO. Also, if you can get to that temporary file to delete it, I would.
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
I use the Windows firewall. I could not find that temporary IE on my computer. I note that it refers to IE5. I have IE8. I downloaded every driver I could find from Dell: a total of 30. I still have intermittent problems. Comcast is coming over Saturday. I hope I can send this before I lose my internet connection again.
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
Thanks again, Trainable Man. I canceled the Comcast appointment because I've been able to access the internet without interruption. I did download a slew of Dell drivers, but one, which had to do with visual effects, would not download.

I ran rkill again today. Again, it showed: "Users\Irving\AppData\Local\Microsoft\windows\Temporary Internet Files\content.IE5\5T3XUG" as malware. I could not find that in my computer. I ran a command prompt, but it said that "Users\Irving\AppData\Local\Microsoft\windows\Temporary" is not recognized as an internal or external program or batch file."

Should I just forget about it?
 
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
I ran rkill again today. Again, it showed: "Users\Irving\AppData\Local\Microsoft\windows\Temporary Internet Files\content.IE5\5T3XUG" as malware. I could not find that in my computer. I ran a command prompt, but it said that "Users\Irving\AppData\Local\Microsoft\windows\Temporary" is not recognized as an internal or external program or batch file."
Any file path that includes a space needs to be enclosed in quotes. If you don't use quotation marks, every space will break the text in to separate parameters. The fact that you can't find the path in your computer maybe due to hidden files and folders. However even if they are hidden you can still access them if you type the name correctly including the quotation marks when needed.
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
OK. I retyped using quotation marks with the same result. Note that the path refers to IE5, but I have IE8.
 
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
Note that the path refers to IE5, but I have IE8.
Thats is simply the default location that has not changed since the use of IE5.

Here is one of my files - "c:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MHYP49U\stats[1].gif"
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,353
Reaction score
1,587
I believe APPDATA is a protected system area so unless you have UAC turned off and have run the TakeOwnership script then it may be hard to get there. And Temporary Internet Files is a hidden system folder so unless you have that enabled you won't see it.

First in Windows explorer go to Organize ... Folder and Search Options ... View Tab ... 1) Select View hidden files/folder/drives, 2) Uncheck Hide extensions for known file types and 3) uncheck Hide Protected Operating System Files. Click Apply and OK. Then in the path type:
%LOCALAPPDATA%\Microsoft\Windows\
and from there go down the folder tree to Temporary Internet Files and delete every folder under it. Then go back into Folder and Search Options and change back any of the 3 items above that had to be modified.
 
Last edited:
Joined
Oct 12, 2010
Messages
13
Reaction score
0
I did what you directed and typed in the command prompt exactly as you said (ending with "Windows\") and pressed Enter, but I again got the response that it is not recognized, etc.

I then went into the control panel, network and internet, internet options, general, and deleted a few items which I thought I could delete.
 

TrainableMan

^ The World's First ^
Moderator
Joined
May 10, 2010
Messages
9,353
Reaction score
1,587
Command Prompt? After you change all the settings as indicated then you type it right in the address line of Windows Explorer ...
winexplor.jpg
 
Joined
Oct 19, 2010
Messages
1
Reaction score
0
Hacked by Canadian drug company selling Viagra

Jessie, I have exactly the same problem. Emails arrived in my two yahoo eamile accounts and 75 Demon mailers arrived at the same time and were in my Spam. Then I changed my password complicating it for the hacker by including capital letters in one half and undercase in the second half and adding three numbers at the end. I then physically copied my 250 email addresses into a large address book. Then in that particular yahoo email addresses I completely deleted all email addresses in the Yahoo contact list. in Tools I clicked the box to delete all cookies, and clicked on another box to delete all cookie history when closing down the computer. So far, only a couple have got through, but I think that might be from ones the hacker had already stored. I am going to do the same with my second yahoo email address. Ill keep you posted
 

Nibiru2012

Quick Scotty, beam me up!
Joined
Oct 27, 2009
Messages
4,955
Reaction score
1,302
I have been having the same problem with my Gmail account. I had to change the passwords also. It all goes to the spam folder but it's still a P.I.T.A and such.

I setup a second Gmail account to see how it goes... I may have to change it to my main account if this crap continues.
 

Fire cat

Established Member
Joined
Mar 7, 2010
Messages
1,157
Reaction score
191
Well, I know this is not often an option, but I manage all my email myself. Helps a lot. I usually have two emails. One redirecting to the other. So that nobody knows what your real email is, and if ever you get spammde, you can just change the second.
 
Joined
Oct 12, 2010
Messages
13
Reaction score
0
I ran rkill after first booting up this afternoon,and c:\Program Files (x86)\Googles\Update\Googleupdate.exe was included. Google updates malware? I note that every time I run rkill a different number following IE5 appears; e.g., GOB2614, EGCJ5, 492VTO,etc.

Anyway, I deleted all the temporary files except for the cookies I need. I ran rkill again, and again I got the same message, with a different IE5 number.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top