i think my e-mail account is hacked--help

This account has been disabled because it has exceeded sending thresholds. The message that you've just tried to send through webmail has been rejected.)  this is what i get when i try to send an e-mail, i can receive them, using thunder bird.ran malware bytes but it came up with nothing
thanks

Last edited by prairiedog on 19th July 2013, 4:39 am; edited 1 time in total (Reason for editing : added more info)

What type of email account do you have?

sasktel, i never come close to exceeding my limit, called saasktel and they figured my account has been hacked

prairiedog wrote:

sasktel, i never come close to exceeding my limit, called saasktel and they figured my account has been hacked

sasktel would be your IS provider but I would like to know what you're using for your e-mail; Outlook, Yahoo mail, AOL??

mozilla thunderbird

When your e-mail account has been hacked it is usually locked by the provider. You will need to get in touch with them and reset your password.

i did get a hold of them, they told me to get rid of the virus first, i ran my scanner and mal ware bytes but nothing showed up

Ok, we'll run some scans but I'm quite sure your computer is clean.

Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*****************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 20:40:46
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Boyd - BOYD-PC
# Boot Mode : Normal
# Running from : C:\Users\Boyd\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Boyd\AppData\Local\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Boyd\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\Boyd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3290229
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN36034886262435820&UM=2&ctid=CT3290229 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\prefs.js

C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN17700663809544121");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.installDate", "6/4/2013 20:08:06");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN177006638[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

*************************

AdwCleaner[S1].txt - [5070 octets] - [21/07/2013 20:40:46]

########## EOF - C:\AdwCleaner[S1].txt - [5130 octets] ##########

I'm waiting for the Junkware Removal Tool log.

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 20:40:46
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Boyd - BOYD-PC
# Boot Mode : Normal
# Running from : C:\Users\Boyd\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Boyd\AppData\Local\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Boyd\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Boyd\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\Boyd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3290229
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN36034886262435820&UM=2&ctid=CT3290229 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\prefs.js

C:\Users\Boyd\AppData\Roaming\Mozilla\Firefox\Profiles\6zgcfiat.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN17700663809544121");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.installDate", "6/4/2013 20:08:06");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN177006638[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

*************************

AdwCleaner[S1].txt - [5070 octets] - [21/07/2013 20:40:46]

########## EOF - C:\AdwCleaner[S1].txt - [5130 octets] ##########

thats the only log file i could find, Adware Cleaner [SI]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

C:\$Recycle.Bin\S-1-5-21-776468156-1697017053-570795564-1000\$RJ1H3MX.exe Win32/Adware.1ClickDownload.W application cleaned by deleting - quarantined
C:\Atemega for Dish\wicked loader 5\WickedAtmegaLoaderV5.0.rar a variant of Win32/Packed.MultiPacked.K trojan deleted - quarantined
C:\Atemega for Dish\wicked loader 5\Wicked 3m V5.0\Wicked_Atmega_Loader_v5.1a.zip a variant of Win32/Packed.MultiPacked.K trojan deleted - quarantined
C:\Users\Boyd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P1ILTGR\yontoosetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Boyd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\216bd74a-2deebf09 Java/Exploit.Agent.NEF trojan cleaned by deleting - quarantined
C:\Users\Boyd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\b405839-15719d0b Java/Agent.FI trojan cleaned by deleting - quarantined

Your computer is clean. E-mail hackers don't infect your computer. They work at the site where you have your e-mail and hack your password.

thanks for the help Dave