Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

At the end of my rope.

malware spyware email darth vader

  • Please log in to reply

#1
BrickInTheWall

BrickInTheWall

    New Member

  • Member
  • Pip
  • 1 posts

Hey, long story short:

 

A few days ago i received a mail from my dads email account containing a link ending in php.

This was sent to a multitude of his contacts.

This process has been repeating a few days now and we have been unable to stop it.

 

We have tried scanning the computer in safemode with: bitdefender, Superantispyware, spybot S&D, malwarebytes.

But scans came out clean apart from a few tracking cookies that have now been removed.

Obviously we have changed the password of the mailbox, but no luck so far.

 

 

More details:

-The mail was mostly sent to his contacts, but interestingly enough about 50% of the people that received the mail were also recepients of a mail sent by my grandfather some time ago. (Still unsure if this is related but it sure is weird) This mail was sent out cause he changed email adress, but weirdly enough was sent out twice in the time of an hour, one time containing a .eml file.  It might have been harmless, but I felt its worth mentioning.

 

-My mother's email is also mentioned as a contact but the mail won't show up in her inbox. Nor will a copy of this mail end up in my fathers inbox when I send it to him -> mother's pc also infected, auto remove?

 

-As I'm writing this my dad noticed some changes were made to a couple of files the past week, with some named after amd directories. Which seems strange as my dads laptop doesn't contain any amd hardware. He's going to do a system restore to a few weeks ago. But if my mothers pc is infected I doubt anything would be solved.

 

I'm willing to give header information and such to check if my dad's being spoofed (which would surprise me heavily considering the evidence), but I prefer to do this through another medium such as skype rather than post something like that on a forum.

 

Thanks in advance. 

 

Update: Definitely something fishy in the amd64 files: found some manifest files spread out through the pc, going to google some more.


Edited by BrickInTheWall, 21 August 2015 - 02:04 PM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi,

:welcome:


As I'm writing this my dad noticed some changes were made to a couple of files the past week, with some named after amd directories. Which seems strange as my dads laptop doesn't contain any amd hardware.

They are part of 64-bit updates. This includes the .manisfest, .mum, and ,.cat files.
 

I prefer to do this through another medium such as skype rather than post something like that on a forum.

Forums posts are only medium of help here.

Regards,
Valinorum
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, spyware, email, darth vader

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP