Solved I believe my Outlook 2007 Email has somehow been hacked, can you help?

Mike Lynch

New member
Pro User
VIP
Local time
12:56 PM
Messages
958
Location
Clearwater Florida
I use Windows-7 Pro, Office 2007, Outlook for Email.

About a month or two ago, I started getting Emails that I suspicioned were bogus.

Many of them have Attachments.

The Subject always has the same Special Character, in it somewhere.

I have been putting them in the Junk Email to be blocked but they not.

Now, they have porn pictures in the Body of the Email, NOT to be confused with the Attachment.

I'm receiving them on a daily basis.

I ran MRT /F:Y for almost 48 hours to search for and remove whatever it's suppose to.

I have and "had" MSE running for years.

I have and "had" WebRoot running for over a year.

What can "stop" these unwanted Emails and how can I "block" them?
 

My Computer My Computer

At a glance

Microsoft Windows 7 Professional 64-bit 7601 ...Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz8.00 GBIntel(R) HD Graphics 4000
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Two HP Desktops. One in the Laundry Room / Bed Room.
OS
Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Motherboard
Hewlett-Packard 3396
Memory
8.00 GB
Graphics Card(s)
Intel(R) HD Graphics 4000
Sound Card
(1) Realtek High Definition Audio (2) Intel(R) Display Aud
Monitor(s) Displays
Hanns-G
Screen Resolution
1440 x 900 x 32 bits (4294967296 colors) @ 59 Hz
Hard Drives
(1) ATA WDC WD40EZRX-00S SCSI Disk Device (2) HP Officejet Pro 86 USB Device (3) WD My Book 1230 USB Device
PSU
Whatever came with the CMT.
Case
HP CMT Black.
Cooling
Whatever came with the CMT.
Keyboard
Logitech K740.
Mouse
Microsoft Optical Mouse 1000.
Internet Speed
Spectrum 25Mbs.
Antivirus
WebRoot, Microsoft Security Essentials.
Browser
EDGE
Other Info
HP Officejet Pro 8600 Plus.
WD MyBook 4TB.
Rather than being hacked, I think your email address, through no fault of yours, got on some "buy-this" lists. I get scammer emails all the time. Are you using Google Chrome or Firefox browser? Often, they do lots of tracking, and attempt to send folks stuff related and unrelated to people searches and websites visited, youtube thingies searched for and watched, and the list is endless.

Concerning blocking emailers, addresses, there are some free and fee [often with 7-14 day trial periods] email blocker utilities, extensions, available. You can experiment with one or more, keep what works for you. Realize that rarely does any one utility, extension, or combo, block 100% everything.
 

My Computer My Computer

At a glance

Windows 7 Professional 64-bitDesktop i5; Acers i5 & i7desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Antec desktop; Acer Aspire laptops
OS
Windows 7 Professional 64-bit
CPU
Desktop i5; Acers i5 & i7
Memory
desktop 16GB; 1 Acer 8GB & 1 Acer 16GB
Hard Drives
1TB split into 2 equal partitions [OS and data] usable by RJS
Internet Speed
AT&T DSL
Browser
FF, GChrome, msIE
Other Info
Windows 7 Firewall, Emsisoft AM/AV, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
What can "stop" these unwanted Emails and how can I "block" them?


1) Stop using Outlook.

2) Try Thunderbird or an equivalent.

3) In Thunderbird or what ever disable the parsing of HTML in emails and don't load external content by default like images. Yes, emails will now look like crap, but you're far better off. If you use PGP (most don't) there's a CVE for PGP where parsing of HTML in emails can espouse your private key. PGP: '''Serious''' flaw found in secure email tech - BBC News

4) Utilize more than one email address. One for sign up crap, another for banks/finances, etc.

5) If an attachment is NOT a self executing script or something like that, download and scan at Virus Total. BUT! If you don't trust the recipient, NEVER download the attachment.

This looks promising. I don't use it. Looks like it may be in German though, but could be coded in English as well. I have to test it. WarnAttachment :: Add-ons for Thunderbird

Edit-

Tried it. It works, is in English, but I can still save a potentially malicious attachment like a batch file. It's the opening of the file its self in Thunderbird that gets blocked.

There really needs to be an add-on that allows you to use a free Virus Total API key to scan an attachment before download. There is an add-on for Thunderbird that does this, but is outdated.


I'm receiving them on a daily basis.

Sign up at spamcop and report the email headers there. It may take some five reports, but it should eventually stop. At least it does in my case. Since I'm computer savvy I have reached out to the domain provider of the email domain, and other things. I also used to report spam to the FTC, but they don't do that now and run their own honeypot.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
It wouldn't be your client (ie outlook) that's hacked but it would be your email account itself that would be hacked. Receiving spam emails is by itself not necessarily an indication that's you've been hacked. As stated you are probably on some pirated list. If you are concerned that your email is hacked check your sent folder, your security settings, session history, change your password, and apply multifactor authentication. Do all this from the provider's website. Also I suggest that you have multiple accounts for different uses and link the accounts to each other in case you need to reset your password. Read this article: 5 Signs Your Email Was Hacked – and What to Do About It - The LastPass Blog That pretty much summarizes what I said.
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
The fact images are loaded by its self now means the person sending the email has the capability to see your external IP address. Now they have the potential to run a script to try and take over your router/modem and turn it into a zombie botnet.

Probably not necessarily something that would happen here in this case, but it reinforces what I already said above about NOT parsing HTML and loading external like images by default. Those two options need to be turned off. And as I said, emails will start to look like fud, but it's a way better way to roll from a security/privacy standpoint. If, and ONLY if you can't see the email and you trust the email sender, and can verify with 100% certainty the email sender is legit, you can temporally turn on the parsing of HTML and loading of external content like images. But after you view that one and only email you need to go back in and turn those two options back off BEFORE you load another email again.

I know this stuff very well. I could probably find your email right now with a little OSINT (Open Source Investigation) because you chose to use your first and last name as a username here on this forum.

In terms of 2FA (two factor Auth) and passwords. Go to the haveibeenpwned.com website and subscribe each email you own with their service. Now if your email ends up in a leaked database you'll get an alert. This WILL happen all the damn time. Databases are leaked and hacked like free Halloween candy. If you do as I said and control what services use such and such email address, if that email address appears to be on a leaked database, you can cross check it to all websites that you used it with that particular email, go to that website/s and change your password. Bear in mind if the password you used is pretty damn long and complex and IF the website is using at least Bcrypt or Argon hashing, it'll be next to impossible to know what your password is from the leaked database. Never the less, you may not be purvey to that information so change the password anyway. And Never use the same password twice.

With 2FA, I highly recommend Authy. It is available for Android, iOS and Windows. Install it on ALL devices. Don't ever forget your backups password for Authy. Use 2FA for all websites that offer it. You'll either scan their QR code with your phone or tablet, or if available, copy/paste the long sting of numbers to the Authy client on the computer. That'll add your 2FA account and will sync across all devices with Authy installed. Stay far, FAR away from SMS 2FA. That's rife with hack crap due to something called sim card swapping. If they don't offer real 2FA and just email or SMS, then use email. If they only offer SMS, then you have no choice. Certainly better than nothing I suppose. But not full proof at all. Not in the slightest. You realy don't want email or SMS 2FA at all. Yet JP Morgan Chase is using that. Pathetic. Would you believe their own damn TLS Cert. for their website is worse then mine for my website? LOL! Is good, but one grade lower. Mine's an A+, there's an A and yet they have the money to buy a decent Cert. and offer real 2FA Unreal.

The most common password length people use today is a lousy 9 characters. Don't do that. And don't use freaking "love" in the password either. I don't know why people do that. Use a good, reputable password manager. If you're not tech savvy, Dashlane looks promising, but it's only free for one device and limited to 50 entries. LastPass has been hacked so many times it's not even funny. Look them up on Wikipedia. 1password is cheaper, but they are partners with Venture Capital. I'm just not that fond of paying for something I can use free and not from a major company. In my case I use the free Keepass password manager. But you have to backup its database yourself. And do so every time you add crap, and back it up all over hell least you lose it. For Android there's Keepass2Android which will work with Keepass database's. There's one for iOS, but I don't remember its name off hand. I like this method because I alone control where my database sits and how I use it. I encrypt it again with a cascade of ciphers and it's backed up to many locations; hard drives, computers, a thumb drive, and three cloud providers.

If you use Keepass, do EXACTLY what I'm about to say here. I know how, and have cracked a Keepass database that was meant to be cracked offered from an ethical hacking website. Nothing was found in the database of course.

Use Argon2 hashing. Use ChaCha20 for the password. Up the number of iterations to at least 100. Memory to 10 MB, and Parallelism to 1. All this is found under File | Database Settings. Again, Keepass is more for computer guys like me.

Now of course since you'll have all passwords, backup 2FA codes and God knows what else in your password manager, you'll of course want to use a good quality password for this password manager. Preferably one that is NEVER written down somewhere and only easily memorized. So how do you accomplish that? Very easily. It should be at least 15 characters long with numbers and symbols. Many say just length matters, but as a hobbyist/dork/computer nerd/password cracker for fun, I can tell you length * character type makes all the difference in entropy. So an easy way to do this is to just think of a sentence that only you'll remember. It can be very odd or what ever. It's not completely ideal to use real dictionary words, I'd at least opt for some three letter acronyms as well as part of the password. Maybe think of your own acronym.

So a good password may look like this: the Zebra is a fat red house 453 * & Now combine it all or leave the spaces. Your choice. Notice how I capitalize the Z? You'll want at least one capital letter. Refrain from capitalizing the first letter. Password masks used in password cracking focus on that. And that goes without saying not to cap the last letter either. HAHAHA. Using an acronym as part of the password to thwart a dictionary word password mask may look like this: the Zebra is a fat red house TSA 453 * &. See the acronym TSA that's been added? Now I'm sure there are massive lists of acronyms for password breaking, but it would help to thwart against a known dictionary word brute force. By and large, and as of right now, no one can crack a password like that at home or using an AWS server instance and crap. Maybe the NSA. Speaking of, have a gander at my post here about that. It's straight up hypothetical, but I find it interesting none the less. Read my opinion on Edward Snowden here, too. LOL It might enlighten you to a different viewpoint beyond the media and the populace's group think brain on what they want you to believe.

Anyway... You asked if someone can help. I fulfilled my free duty.
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
Thank you friends!

Your suggestions / feedback are greatly appreciated.

I will work on implementing them.

Best regards,

Mike Lynch
 

My Computer My Computer

At a glance

Microsoft Windows 7 Professional 64-bit 7601 ...Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz8.00 GBIntel(R) HD Graphics 4000
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Two HP Desktops. One in the Laundry Room / Bed Room.
OS
Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Motherboard
Hewlett-Packard 3396
Memory
8.00 GB
Graphics Card(s)
Intel(R) HD Graphics 4000
Sound Card
(1) Realtek High Definition Audio (2) Intel(R) Display Aud
Monitor(s) Displays
Hanns-G
Screen Resolution
1440 x 900 x 32 bits (4294967296 colors) @ 59 Hz
Hard Drives
(1) ATA WDC WD40EZRX-00S SCSI Disk Device (2) HP Officejet Pro 86 USB Device (3) WD My Book 1230 USB Device
PSU
Whatever came with the CMT.
Case
HP CMT Black.
Cooling
Whatever came with the CMT.
Keyboard
Logitech K740.
Mouse
Microsoft Optical Mouse 1000.
Internet Speed
Spectrum 25Mbs.
Antivirus
WebRoot, Microsoft Security Essentials.
Browser
EDGE
Other Info
HP Officejet Pro 8600 Plus.
WD MyBook 4TB.
wow, those are professional engineers, I did learn something news. thanks for sharing!
 

My Computer My Computer

At a glance

-
Computer type
PC/Desktop
OS
-
Back
Top