An Odd Type Of Virus

[Latindancer]

My Yahoo mail has been compromised. A couple of friends received blank emails with a link (which led to a work at home scam).

Previously I have had a handful of these from other people, and as soon as I saw only a link, I deleted the email as it's obviously spam, but I was never sure how their computers or email accounts were compromised.

This time, I even received one myself, in my second email account.....sent from my first email account. And upon opening the primary account, I saw MAILER DAEMON messages due to 4 emails being returned. And my Yahoo account had been changed from Classic view to the "new Yahoo".

So it looks like some program got right into my account......perhaps a keylogger ?

This concerns me as I sometimes view my bank account from my computer, but a scan with AVG revealed nothing, a scan with Malwarebytes revealed "Pup.forceinstaller" (which I had once before and which was quarantined by Malwarebytes), and nothing else.

The odd thing is that (apart from myself), the other people who I saw in the message headers receiving the spam, were people I had not emailed for quite some time. One was a person I only emailed two or three times.

Can anyone shed some light on this, please ?

[Mrjlh]

It's one of many "Mal-ware' programs that is even showing up on several group sites. All that is needed is for someone to open a message from someone they know without realizing there is a malware program attached. you need to scan with both antivirus and a malware programs. And then change all your passwords.

[Latindancer]

ALL my passwords....for EVERYTHING ?

I also just downloaded and scanned with Microsoft Security Essentials, but it detected nothing.

Also used Advanced System Care, which does a virus scan while it's doing it's other stuff but doesn't tell you what it's found....just repairs it.

[transam]

Try SuperAntiSpyare (you must update manually both) and Malwarebytes.

[jbrain]

I had something similar happening some time ago with a hotmail address which I hadn't used or logged in for almost a year.

[thaimite]

Don't forget that Yahoo was hacked in July last year and over 400,000 passwords were stolen so if you have not updated your password since then, that could be the culprit.

It is also not very difficult to send out an email that APPEARS to come from any yahoo, Gmail etc account although in reality it does not, so even if friends are receiving emails that supposedly came from your account, they may not have done. However in your case as your settings have been changed maybe your account has been hacked.

[pattayadingo]

I had this happen last week. Opened my mail as usual, found one with only a link in it. I did not follow the link yet the people in my mail box all got a copy including myself in a linked e-mail. This was using yahoo. Yahoo insisted I change the password before being able to use the account again.

Luckily my friends know not to click links, but this one was different as I did not click the link.

Mailer demon did return a few of the outgoing mails too.

No spyware, malaware or virus was found after scanning for all three. I deleted the mails in question and no problem since. As a safeguard I changed all my passwords. Better safe than sorry.

[JetsetBkk]

ALL my passwords....for EVERYTHING ?

I also just downloaded and scanned with Microsoft Security Essentials, but it detected nothing.

Also used Advanced System Care, which does a virus scan while it's doing it's other stuff but doesn't tell you what it's found....just repairs it.

Try the Offline version of MSE. They now call it Windows Defender Offline. You have to burn it to a CD or to a thumb drive and boot from that. Then it can access everything on your C: drive without worrying about Windows having files open.

Get it here: http://windows.microsoft.com/is-is/windows/what-is-windows-defender-offline

[55Jay]

I got whacked on my Yahoo last year too, changed password and let all my contacts know I was not operating a penis enlargement advert scam

Odd/unrelated - Googled for Patts U-tapao airport, clicked on the top result and my Panda zapped a trojan. Eventually got to the website by chosing search result 2nd or 3rd down.

Virus detected: Trj/Genetic.gen Panda Antivirus protection 3/14/2013 4:44:21 PM Deleted Path:

Led to a website called wf (dot) brycedeals(dot) com / with a " private_tool.exe" tagged on the end of it.

[Latindancer]

Thanks for your replies, folks.

What I found odd was that I have never created a contacts list, in my Yahoo mail account ......and a the few people I know who got spammed were people I very rarely send emails to.

Why or how the virus did this, I'll never know.

[55Jay]

That is odd.

I never set out to create a contacts list, but for years whenever sending first time emails, I think I had an option box ticked to automatically add to my contacts, or I hit save (don't remember) so after many years, my list of email contacts was quite long.

Same as you, I started getting Failure to Deliver notices for those email contacts in my list which were apparently not in use anymore.

I just changed my Yahoo login password, which you ought to do anyway for that and any other login sites.

I did a full, indepth system scan after this event as well.

[happynthailand]

try "dr.web cureit" free program. it finds all kind of thing others miss

[Mrjlh]

It is not only happening to Yahoo but to Gmail, Hotmail and AOl accounts. All the different mail accounts are being hit. Even Mac's are not immune. Now cell phones! So switching accounts is not a sure fire way to prevent it. I don't open any email link that that just shows up with out a statement from people I know. Usually some will write something about the link first. Even that can be dangerous.

[thrilled]

Many of these things anti virus programs aren't picking them up.They seem to be flying under the radar.I have seen this before.I imagine it's going to get worse over time.

[bunnaag]

since a few days Ads from COUPON DROP DOWN are appearing all over the place.Defender andSecurity Essentials report all is clear.Do I need to buy some serious software from Norton or similiar companies for scanning and erasing?

[55Jay]

since a few days Ads from COUPON DROP DOWN are appearing all over the place.Defender andSecurity Essentials report all is clear.Do I need to buy some serious software from Norton or similiar companies for scanning and erasing?

Do you mean popups? Turn on your popup blocker and/or don't click on the ads.

Do you mean email? Do not click on links or attachments in spam or otherwise dodgy looking emails.

Lots here seem to use various freeware, sometimes more than 1 for different purposes. I'm still on payware myself.

[Mrjlh]

Are you using Fire Fox? If so install "Adblock plus". It's free and works very well.

[bunnaag]

Are you using Fire Fox? If so install "Adblock plus". It's free and works very well.

I did yesterday evening by chance.Lets see if it works

[Familyonthemove]

I had the same problem with my webmail account - and the odd thing was that there was nothing in my Sent mail folder, but I had lots of Mailerdemon Failure Notices. It was sending out links to business websites (site designers, wholesalers etc).

A virus scan found nothing.

Changing my password fixed the problem. I have also deleted all my contacts and stopped the feature that creates new contacts for all received and sent mails.

I think it's either a password hacker program or the stolen passwords mentioned in the mail above. It seems to be an automated system that sends out business links - possibly to boost the Google ranking of the relevant business sites. I guess the businesses that are having their links spammed are paying for this service - so we know what businesses to avoid. An embarrassing nuisance that is illegal in some countries - but the culprit could be based anywhere I guess.