# Hotmail has been hacked - sending spam



## slyguy10000 (May 7, 2010)

Hello,

I'm having the same problem as another user. I have just had my Hotmail send out a mass amount of spam emails, with a link to a webpage that I assume will lead to more viruses. I ran the OTS scanner and I have attached the log file. If someone could advise what to do next, I'd really appreciate it. Thanks.

Steve


----------



## NeonFx (Oct 22, 2008)

Hi there. Welcome to TSG.

*STEP 1*

The most important thing to do right now is to change your password and secret questions.

See HERE

*STEP 2*

Run OTS


Under the *Paste Fix Here* box on the right, paste in the contents of following code box


```
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  28 C:\Documents and Settings\Stephen\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Stephen\Local Settings\Temp\*.tmp
NY ->  2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in *C:\_OTS\MovedFiles\<date>_.log* where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally. 
If it seems to get stuck, give it some time. It's probably still working.

*STEP 3*








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

*STEP 3*

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review: 

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download. 

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
Click the *Save report...* button.









Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply


----------



## slyguy10000 (May 7, 2010)

I've run the scans and attached the reports. Hopefully this fixes the problem. Thanks for your help!

Steve


----------



## NeonFx (Oct 22, 2008)

As I suspected, there's nothing malicious on your system. Your password was either stolen at a different machine or it was bruteforced. Make sure you use a more complex password this time and be careful where you use it. 


Have you changed the password? Has the spam stopped?


----------



## slyguy10000 (May 7, 2010)

I have changed my password and there has been no new spamming since, although this has only all happened within the last 18 hours, so we'll see if this is a permanent fix. Thanks again.


----------



## NeonFx (Oct 22, 2008)

Excellent. Let's cleanup.

*STEP 1*

To clean up OldTimer's tools, along with a few others, do the following:


Run OTS.exe by double clicking on it
Click on the *"CleanUp"* button on the top.
You will be asked if you wish to reboot your system, select *"Yes"*

*STEP 2*

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the *Shift* key, and select *"Delete"* by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine  Make sure you update it before you run the scans in the future.

*All Clean*

Congratulations!,







, *your system is now clean*. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

*Microsoft Windows Update*
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to *(Start) > (All) Programs > Windows Update*
To update Office
Open up any Office program.
Go to *Help > Check for Updates*

*Install WinPatrol*
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

*Setting up Automatic Updates*
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

*Read further information* HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.

Please mark this thread as Solved when you're ready. Let me know if you need anything else.


----------

