Urgent: Remedy needed for google app "check doc" virus

gplea · 29 Aug 2014

So, a couple of weeks ago someone sent me a strange email. I wouldn't have opened it, but I was expecting a response from this person, along with an attachment re: a group email I had sent to them. I couldn't open the stinking thing, and I knew I was going to see them this holiday weekend, and I was going to ask them about it then. Anyhow, just a few hours ago my gmail inbox starts exploding with people from my Contact list asking if I sent them this e-mail.

Here is what the e-mail read:

"Kindly view the document I uploaded for you using Google Apps . VIEW DOC HERE with your personal email to view the document it's good and very important.

Thanks,
George"

Does anyone here have a remedy?

GPL

Gator · 29 Aug 2014

What symptoms are you experiencing?

gplea · 29 Aug 2014

I'm just having a bunch of my Contacts asking me if I sent them this e-mail. All but one of them has been patient and tolerant. Of course, the nasty, intolerant one I could care less about. Apparently, it started sending out auto emails about 3:PM EST today. That's all I know to tell you right now.

Thanks,
GPL

Gator · 29 Aug 2014

Here is a link that may help you proceed if your email has been compromised.

My Email has Been Hacked - What Do I Do?

I would run a scan with Malwarebytes to see if you downloaded a piece of malware that might have compromised your system.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Select Quarantine All
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

MoxieMomma · 30 Aug 2014

Hi, @Gator:

>>Those instructions you posted are actually for an older version of MBAM (version 1.x) -- there is no "Quick Scan" in version 2, as it has been replaced by "Threat Scan".
Here are updated instructions for version 2.x, the current version, including the direct download link for the setup file at malwarebytes.org:

Scan with Malwarebytes Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

First, click the Update Now link in the main dashboard.
Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan, and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

I hope this helps.

Cheers,

gplea · 31 Aug 2014

Thanks guys. Sorry in getting back to you this late, since it WAS urgent. I ran the free version of Super AntiSpyware twice. It found about 115 threats, and I fixed those. Didn't find anything on 2nd pass. Also, I haven't rec'd anymore e-mails from anyone on my Contacts list. However, there's a couple of strange, and concerning issues. One, I don't know how to verify that I killed/fixed/whatever the virus. Two, I checked my Contacts list against some of the people that emailed me Friday night and a couple of those that emailed me saying they had rec'd the mysterious email weren't even on my Contacts list. So, I'm not sure where the virus got these email addresses. I know I'm not the first, because yesterday I spoke to the person who I rec'd it from, and asked how they got rid of it. Granted, they're not PC-literate, but they said it appeared to have "gone away". One other thing, a couple of people (who weren't on my Contacts list) told me they had rec'd the e-mail from me on their phones. Now, I'm told that there are no truly effective anti-virus apps for cell phones, and for that matter, some do more harm than good. Am I correct on that point?

So, again, my concern is where did this virus look to get the email addresses that it used, and how do I verify that it's gone?

Thanks,
GPL

Callender · 31 Aug 2014

Suggestion: Add your own email address to your contact list then if any suspicious emails get sent you should also receive a copy.

How did it happen?

It's hard to say. Think about anything that has access to your contacts list. If you shared your contact list with any Facebook apps or other apps from other sites - revoke access.

You could try running a few tests to see if any issues get flagged up:

PC Flank: Make sure you're protected on all sides. - try these

Also did you open any dodgy email attachments lately?

Configure your AV to scan email attachments and also configure Windows 7 to block attachments from opening if the AV scan of the attachment fails. (This isn't enabled by default and it's a pretty big security hole).

Notify Antivirus Programs when Opening Attachments ? MAXIMUMpcguides ? Windows 7 tips, tricks, help, and how-to guides

Gator · 31 Aug 2014

What threats were found by SuperAntispyware? These could be simply "Tracking Cookies" and you might not have taken anything off your computer at all. Did you by chance save the log?