My wife called me at work to say she received and opened an email that was supposedly sent from NACHA.ORG. The email was bogus of course. She clicked a link in the email (not good I know) and nothing happened. She got no “blocked” message and I fear the damage may have already been done. We’re runing the free version of Avast 6.0 with auto updated def’s, along with Spybot S&D.
I told her to shut down our modem, and walked her through how to do a boot scan. No results yet.
Anything else I can do other than to cut her arms off so she doesn’t click bogus links? I’ll run a Malware Bytes scan when I get home.
If all the scans come up with nothing, does that mean nothing happened and all is OK?
You guys and gals out there on this forum are awesome! Thanks much!
For fast free Scanning(Detection) but limited in Removal after the Trial period (which is not that much of a problem if you use another product for Removal and just use one or both of these for Detection Only), I would recommend:
Using a DNS service with Malware Blocking can also be helpful, one of these two DNS services would be my current recommendations:
ClearCloud DNS - Offers a Utility that easily allows you to Enable (The ClearCloud DNS) and/or Disable (The ClearCloud DNS & Return To Your Default DNS), and it offers the ability to report False Positives from the Block Page.
AVG LinkScanner seems to help with some of the fake URLs, but if you have Avast with the WebShield Enabled, that probably will not be necessary or recommended; but if not and/or if you want to experiment with using both of them:
Boot scan was negative.
Spybot scan found nothing other than the usual stuff this scan finds
Malware Bytes “Free” scan found nothing
Avast Free 6.0 Full scan found nothing
I should add that we were the victims of the situation where a company called Epsilon was hacked for email addresses. So this might be the first of many emails we get like this.
Somebody out here who reads this must have been in the same situation as we are? But you and your spouse knew better than to click on the link >:(
For some reason I’m still nervous…one of those virus’ planted that open themselves up after a week? Or am I being too paranoid?
You are welcome and remember to change your Passwords and never make your Security Questions something that is easy to Guess or that is a Direct Answer to the Questions (Example: Security Question: What is your first Name? Instead of me answering with John as the answer, I could answer BooHead123 or something :D).
Also warn all of your E-mail Contacts about not clicking on Unknown URLs and/or Suspicious URLs in Suspicious E-mails, even if they are from your E-mail Address, without having those URLs scanned with One or More of those URL Scanners I mentioned earlier; because sometimes these attacks include fake E-mails with fake URLs being sent from your E-mail Address to your Contacts, to attack/trick them too.
Also make sure to keep your Operating System Up-To-Date & Software Up-To-Date, Secunia PSI Free can help with that:
Use a Firewall (Windows XP & Vista & 7 have a software firewall available by Microsoft that is easy to use/free/& does not bother you much ) and some (probably most Routers have a hardware firewall, if I am not mistaken) so using as Router with built-in security features can help also.
If you are using Wireless Internet, make sure you use a Password & Encryption for your network.
If you think your Online Account(s) are under attack or compromised, besides trying some or all of my suggestions, be sure to report it to the Company over Your Online Account(s), because they can often help track down the Threat and/or Re-Gain Control of your account for you and/or Lock your account if necessary to protect you and/or others.
And to any other Anti-Malware Products/Companies that you are using at the time and/or Online Service(s) that is/are under attack.
No, I do not think that you are being overly paranoid.
I had a friend and a family member that both had an e-mail account compromised and fake E-mails with fake URLs were sent to all of their contacts, including me (since I was on their contact list), so I had to be the one to Report this issue/attack to them and to several Anti-Malware Companies.
I used all of the things I mentioned to help them and myself, and that combination fixed/stopped the problems/attacks for us all; so I hope they will work for you and anyone else that reads this as well.
The hackers who hacked into Epsilon and obtained people’s email addresses are now sending out phishing emails to people that contain malicious codes in them, and Epsilon is advising people to keep their antivirus and firewall up to date and to NOT open emails from anyone you do not know. Of course I pressed to get additional information, but they would not give it to me, but I got the impression that they knew more. I posted in the link the phone number if you wish to call them yourself.
Take a look at my Signature, as I also use Prevx with SafeOnline (paid/Resident) for a layer of security that is compatible with Avast as well as my firewall. Another option is to have MBAM Pro (resident) for extra protection. Use a strong firewall (FW) perhaps with HIPS feature, again for added protection. You may also want to reset your router. As mentioned earlier, it is a good idea to change your passwords periodically and make them strong. Other good suggestions have been mentioned, however WOT is not recommended here since it is very unreliable and community based (Avast’s rating system will have a site virus checker in the near future).
But more important is to educate anyone who will be using the PC about this issue and the importance of not opening up emails from people you do not know. This isn’t the first time this has happened with a company and I’m sure something like this will happen again.