Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Ebay/hotmail Accounts Compromised


  • This topic is locked This topic is locked
No replies to this topic

#1 ekon

ekon

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 06 April 2007 - 10:41 AM

Tried to log on to my hotmail account on Tuesday a.m..password was kicked back!???..been using it daily for a while now so was really surprised. Tried to get a password reset email sent..but I think my alternative email addy was at work that I left 2 years ago!..H 'mail said (automated) they sent one..but I couldnt pick it up on any of the email addys I use nowadays. I've never had a moments trouble in 8 years with that H'mail addy.. so I hadn't been vigilant and checked/changed the alternative email addy when I left work. I tried the other route of secret question with location... the answer to my H'mail secret question is locked in my organiser so I know it was "correct"..but that was knocked back too?? so I was stuffed..not a nice feeling actually...I thought initially this might be a Hotmail problem.

I emailed H'mail support & 23 hrs and a few mins late (next morning ie yesterday a.m.) I received a reply asking for loads of details..fair enough..contacts recent emails sent/received etc etc. ..did that..waited again another 24 hrs..then got a password reset email this am ..I went in ....& saw the problem/mess. Someone had requested an ebay i.d. reminder late on Monday night when the fun obviously started..(H'mail is my ebay email addy so I get an email stating this)..a few mins later I (now) see there's another email from ebay re change of password..it goes on!!...but basically my ebay account got hijacked and loads of emails were sent to ebayers from "me"!..some of the replies werent over polite!..but I wasn't even on ebay on Monday!! Another person's name is still in my ebay profile though the buy/sell/email function is frozen & ebay know there's a problem!?. Ebay had yesterday (while I was still locked out of my H'mail account so couldn't see it!) sent me an email saying they thought there was a problem:


Dear *****************

It appears that a third party gained access to your e b a y account and used it to send emails to other ebay members without your authorisation. The email address on your account may have been changed, so you may not have received any emails regarding this activity.

To protect your account, we have restored your email address and changed your e b a y password and Secret Question (password hint question) to something random. As a result, you won't be able to sign into your e b a y account with your old password. We assure you that your credit card and bank details are stored on a secure server and cannot be viewed by anyone.


I even have a screenshot of an ip address of the person who presumably requested the ebay id reminder.. and changed the password??...which ebay emails quoted..& it aint mine!
How the hell did that happen???..no paypal monies gone west ..yet!!......and every password related to this account changed plus secret questions etc! Anyone care to comment?..or ever had the same/similar experience?. Todays hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 17:19:05, on 06/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\program files\umsd tools\umsd.exe
D:\SYSTEM~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ph\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ph\Application Data\Mozilla\Profiles\default\u9fjhgrv.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Core Browser Helper Object - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - C:\PROGRA~1\ANONYM~1\Core\ANONYM~1.DLL
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: OrbiscomROTBho2 Class - {D81AB57B-7327-4347-B7C7-9EF7CA87CE09} - C:\WINDOWS\System32\SlimBho2.dll
O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} - C:\PROGRA~1\ANONYM~1\Toolbar\ANONYM~1.DLL
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd tools\umsd.exe sys_auto_run C:\Program Files\UMSD Tools
O4 - HKLM\..\Run: [WFXSwtch] D:\SYSTEM~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server...tivePreQual.cab
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

big thanks

Edited by ekon, 06 April 2007 - 10:44 AM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users