my hotmail account might be hacked

[nickrock]

today i got 18 notifications of email delivery failure of emails i didnt send has my computer been hacked and how do i fix it they all had attachments (not opened them )

[Blackeye]

download and run Malwarebytes’ Anti-Malware see what it show ...........

[nickrock]

got it now just running it and will see what it says might have to run it on my other puters too

[nickrock]

that didnt fix it found no problems

[Edge]

Have you told everyone in your address book not to open attachments from your address?

 

I think you need to tell people here what anti-virus etc you're running. Did you d/l any progs or open any strange attachments which coincided. Been on ant dodgy sites etc.

Most free anti-virus progs should find a Trojan. I'm on Eset here but Avira was pretty good.

 

If you don't get it sorted I advise you go to MajorGeeks site - http://majorgeeks.com/

Follow their standard instructions, which may sort it and if not you'll get a dedicated geek to sort you.

 

Only thing is, they'll only help you once if it turns out you got it downloading pirated software etc..

My daughter got one of these from opening an MSN message attch once (said go look at my photo's or somat) and MG got us through it.

[cjtrader]

Same thing happened to me last year. There are several causes, but what happened to me was that I carelessly loaded a "fake" Yahoo site from the internet while trying to help a Thai girl locate a boyfriend's Yahoo account in the U.K. Anyway, I typed in my userid and password on this look-alike site and the phish scammer captured the information and started using my email account to send out viruses, spam, and fake shopping links to capture credit card ids.

 

I notified all the contacts in my email account and then, finally, got rid of the bastard by changing my email password. Good luck.

[nickrock]

no i havent told any one all the delivery failures were to mosty very strange email addresses all the email addresses are unknown to me im running avira came with the new computer only i have no downloaded software i am running office 2007 i got from phantip plaza a couple of years ago had no problems with it on old pc only thing i can think of is that my 14 year old grandson has his computer on this home network his connection is wifi this pc is cable connection directly to the router .will try changing the password

[barmatt]

Check that your windows firewall and defender are on.

 

I also use the free AVG anti virus software and have never had a problem with trojans or viruses getting through. I've been using it now for 18 months and I download heaps of stuff.

 

There have been warnings where the software has detected a potential problem but these are moved into the virus vault which you then delete.

 

http://free.avg.com/au-en/homepage

 

hope this helps

[nickrock]

firewall and defender were on

[Edge]

no i havent told any one all the delivery failures were to mosty very strange email addresses all the email addresses are unknown to me

 

Yes, sorry, on reflection it does sound more likely to be your MSN account than a problem in your PC.

Hpefully the password change will work, or report it to MSN?

[nickrock]

my knowledge of computers is limited i sort of lost interest/kept up after about win 95 lol apart from know what buttons i need to push to do the job im doing

already changed the password just reading the info on the geeks site

[knifepoint]

is it for a Chinese computer electronics store? easy way to check open hotmail go to sent items folder

 

changed the hotmail password to one with a combo of capitals/lowercase and numbers and special characters #$%!#%^$#$^

 

happened to lots of people I know, I think its to do with keylogging your email passes

 

install microsoft security essentials, its a free antivirus/antispyware/antimalware from MS and got 9.2/10 compared to other programs

[Noud]

I have had a similar experience, but in my case it wasn't with a hotmail account but my normal paid for address that I have at one of my webpages.

 

What you need to know is that even if you get an email about delivery failure, it doesn't mean that it came from you. =/

I'm going to be a bit technical here, but, it doesn't hurt to know this. Below is a part of the header from a spam mail I got some time ago. Lets have a look at it.

 

 

 

 

Return-Path: <[email protected]>

Delivered-To: stan-somewhere:[email protected]

X-Envelope-To: [email protected]

Received: from ads-3914830ebea (unknown [117.196.33.96])
by mailwash27.pair.com (Postfix) with SMTP id 9995926132
for <[email protected]>; Sat, 24 Apr 2010 20:45:01 -0400 (EDT)

Date: Sun, 25 Apr 2010 04:41:17 +0400

Message-ID: <20100425061519.2840.qmail@ads-3914830ebea>

To: [email protected]

Subject: 25.4.2010 SALE -53%

From: US VIAGRA ® <[email protected]>

Reply-To: [email protected]

 

It is somewhat edited, my address is replaced with "[email protected]", allot of lines are removed as they doesn't have anything to do with the issue at hand here.

 

The first line we look at is the one starting with To: this line tells the mail server where to send this email, works about the same as a street address. As you can see It has been sent to "[email protected]" which incidently is make my address.

 

The next line we look at is From:. That is supposed to be the address to the person that send it. However that is also set to "US <Viagra [email protected]>" As I am not going to send myself spam about viagra and does not do so, we suspect this could be fake. In this case it is. Be aware that this doesn't have to be an email address, it could just be a name, in this case it is both.

 

The next interesting line is Reply-To: This is where the sender wants you to send your replys. Yet again it says "[email protected]". So if I reply to this email, I will simply send myself an email. This is fake to as I did not send it to start with.

 

These are the most interesting parts of the headers, now take a look at what would happen if the email address "[email protected]" did not exist? well an email would be sent to "[email protected]" saying that it did not work, wich in turn will generate another email saying it did not work, and so on. Luckily there are filters in place to prevent this to happen and messages like that will just deleted.

 

Now some mail host are getting smart, If the sender is the same the recepient some server might flag this mail as suspicious and class it as spam right away. A way around that is to make sure that the sender address is not the same as the recepient. And what is better to use than an address that works? Nothing.

 

This means that when these guys sends out spam about Viagra, the got a huge list of addresses to send to, they send the same mail to everyone and only change the To: address and since they don't want any replys they pick a random address from the list and puts that as Reply-To:

 

Now they got a huge list of addresses and in order to not get caught by filters they have to rotate the Reply-To address too, but before they do, they could have sent 10000 emails with your address in it. A few of these addresses will not work, and when they don't the email server will send a message to the Reply-To: address that there was a delivery failure. The longer time they use your address as the reply-to: address the more delivery failure notices you will get.

 

I once opened my email to see that I had 1600 delivery failure notices. >.<

 

So in order to know if you really have been hacked you need to look into one of those Delivery failure notices, but as you now know, you can not look at the line from: you have to dig deeper into the headers.

 

There are two parts that will give you a good clue as to where it came from, the Message-ID: and Received: lines. There can be more than one Received lines and the one to look at is the oldest one, they should all be timestamped.

 

So what do we do with these? well there should be similarities in them, in my case it is "ads-3914830ebea" and on the received line it say this "117.169.33.96" That is the IP adress of the email server it was first posted on, not the same as who wrote it.

 

Best thing you can do is look at how these headers look when you send an email, if they are the same, or at least looks like they come from the same company then it's time to change password, if they appear to be vastly different, odds are that they just used your address. This can only be seen on an email that has been sent. You can always try and send one to yourself, but as filters sometimes thinks that is spam it might not work and it might not take the correct route, so send it to another email address, if you have one yourself perfect. If not ask someone that knows how this work to help you extract the headers from an email you sent. It does not work to have your friend reply to your email and look at the headers, in that case the will be the headers of the one that replied and not yours.

 

I don't use hotmail, but I am sure there is some way to look up headers there.

 

But most essentially, If in doubt, Change your password.

[nickrock]

thanks noud i have allready changed password and had no more incidents

[Highlander]

there was a hotmail virus lat year that send out spam and to get rid of it all you had to do was change your password.

 

Seemingly it knows your email password

 

I hope this helps

[ritch]

actually same thing happend to me

 

BIGGAY LADYBOYSRUS>COM??????

 

nah just kidding althought it did happen to me recently

 

upload the text of the email anmd the address that sent it and il do the same when i get time

could be a coincedence iunno

 

told me to go to a google webpage to buy some cheap stuff i think