Hi all I’ve had this what I believe is a virus on my computer for some time. I use it for gaming, surfing the web, and streaming videos from the web. I think I must have picked it up from one of the streaming videos, and I need some help.
Symptoms:
1 - Randomly will open IE 8 even if I’m playing a game on the computer and disrupts the game or whatever application I’m using. (this has gone on for a while and comes and goes…no consistent behavior)
2 - Now someone has used it to hack into one of my email accounts and have been spamming people on my contact list. I use this email for internet purchases, but don’t have any accounts tied to it just as a contact.
My OS is Windows XP (fully updated with all Service paks and upgrades)
The internet browser I use is IE 8, haven’t felt like upgrading to 9 yet.
I have scanned my computer with Avast full scan and Boot-time scan, Malwarebytes, and SuperAntiSpyware. Yet none of these have found anything. If anyone can give me a hand at trying to solve this finally and kill the dang thing once and for all that would be great. Also since whoever it is hacked my email should I just delete the email or once the virus is gone I will be safe. As I said it isn’t a critical email and I could get rid of it just as easy.
They hacked one of my hotmail accounts that I access through an internet browser. I’m accessing their servers. They had me change my password on the account and sent a security code to my phone. I guess should I just contact hotmail directly to deal with the issue?
I did change it from a machine I know isn’t infected. Should that clear up that end of the problem, I didn’t even know someone hacked it until I logged into it today on another computer that isn’t infected.
Sorry it took so long to get these logs on here but this is a computer that I don’t get on daily since I don’t play games everyday. Here are the OTL and aswMBR log files. Any help with this problem would be awesome. ;D
Not a great deal on their that is apparent so I will need to look at the drivers
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
While this computer is running it will randomly open up Internet Explorer 8 to my homepage, Google. Which will in turn override whatever program I am running, I think that is just what windows does. Same as if I hit Alt + Tab while in a program. Plus one of my email accounts was hacked and it sent messages to everyone in the contacts list. Hotmail sent me a code and I changed the password on a computer that wasn’t infected.
I do use a wireless keyboard, but I wouldn’t think that would just do something random like that, oh and it will open up another window if I’m already using IE.
Maybe I’m just overracting but I’ve let it go for some time now and just the fact that it seemed to escalate to hacking one of my hotmail accounts. At least I think the two symptoms are connected, but once again maybe I’m wrong.
The e-mail hack was probably done online rather than through your computer
Lets have a look at all the start items
Please RIGHT-CLICK HERE and Save As (in IE it’s “Save Target As”, in FF it’s “Save Link As”) to download Silent Runners.
[*]Save it to the desktop.
[*]Run Silent Runner’s by doubleclicking the “Silent Runners” icon on your desktop.
[*]You will receive a prompt: Do you want to skip supplementary searches?
click NO
[*]If you receive an error just click OK and double-click it to run it again - sometimes it won’t run as it’s supposed to the first time but will in subsequent runs.
[*]You will see a text file appear on the desktop - it’s not done, let it run (it won’t appear to be doing anything!)
[*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and attach it here. NOTE If you receive any warning message about scripts, please choose to allow the script to run.
I’ve never had Windows messenger on the computer to the best of my knowledge. I have no use for it and it really has always been a hassle for me in the past when I used. Plus it always appears to slow down the windows start up process.
I can use a deeper scan but it may take several hours, although I am more interested in the analysis portion so if you wish you can jump straight to that part. The zip folder will need to be uploaded to an online file sharing site like mediafire as you will be unable to attach it here
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
Ok said there were no threats found…getting a tad frustrated at this point so had to walk away from the computer for a bit to cool off. The log of the scan is too large to post and the forum won’t let me upload zip files onto this post. I know this seems really dumb but is there any way around this so you can see the zip file?
At the moment I can find no apparent reason as to why IE is openening on its own… There is no known malware nor any unknown files/drivers/services running
Do you have a hotkey set up for explorer on your keyboard ?