I got a suspicious email yesterday, the name of the email was AUTOCAD 2016 products ( I am selling CAD/CAM )PTC ,Solidworks & Bentley Products ,PCB ,ADOBE ,CORLE ,Electronic ,Architecture. I have never used Autocad, so it looks suspicious to me. The email hadn’t gone into trash, so it got opened automatically when i opened the Windows 8.1 outlook. When the email opened my hard drive activated for two seconds. I think i might maybe infected. I ran a startup scan, but avast found nothing.
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0
Hello, here are the logs you asked for.
OK, now you’ve to wait a bit…
Could you let me know of any problems you are experiencing
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: 2015-07-24 19:00 - 2014-11-22 14:29 - 00000000 __SHD C:\Users\joonas\AppData\Local\EmieBrowserModeList 2015-07-24 19:00 - 2014-09-14 18:39 - 00000000 __SHD C:\Users\joonas\AppData\Local\EmieUserList 2015-07-24 19:00 - 2014-09-14 18:39 - 00000000 __SHD C:\Users\joonas\AppData\Local\EmieSiteList 2015-07-04 09:34 - 2014-09-24 15:38 - 00000000 ____D C:\ProgramData\boost_interprocess AppInit_DLLs-x32: �ȃ睁摎ԃ㶹库圗ﮘﺧ�뉰ﺨ�놀ﺨ�direȃ睁摎Փ㶹库圗Default Rule => "�ȃ睁摎ԃ㶹库圗ﮘﺧ�뉰ﺨ�놀ﺨ�direȃ睁摎Փ㶹库圗Default Rule" File not found IFEO\SppExtComObj.exe: [Debugger] C:\Windows\SECOH-QAD.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
I have not been experiencing anything yet. I thought i might be infected. Is it possible to forward the email to some avast scanning lab, so they could check it for viruses?
Here is the fixlog:
Did it come with a attachment?
If so you can save attachment (dont open it) and upload here www.virustotal.com / www.metascan-online.com
If tested before, click rescan for a fresh result
If detected, delete mail and attachment … if suspicious and from somone you dont know, delete even if not detected
You can test mail here http://info.contactology.com/check-mqs
No, the message was completely empty… No text or aything. Maybe code can’t be seen.
Nothing evident that I could see
Maybe it’s a new type of virus… But i swear, that when it opened something copied on to my computer.
Based on time stamps nothing unknown was installed or copied to the computer
Ok, turns out i had a virus… I kept an encrypted file with the passwords of my website on it, and my website just got hacked…
If the key was encrypted then the only way it can be copied is when you decrypt it… Are you sure the website was not hacked in another way ?
Is your website security stronger than this http://www.bbc.co.uk/news/uk-33837040
I i am the creator of a cooperative called Dynavio, and someone accessed the domain hosting control panel. I have my site hosted at shellit, and the guy changed the nameservers from shellit to domaincontrol.com
maybe you should consider help from these guys https://sucuri.net
it is not free https://sucuri.net/website-antivirus/signup