Jump to content

Recommended Posts

My mother somehow managed to let jhoos (supposedly an online dating website) get a hold of her e-mail address book, and so now jhoos is sending invitations supposedly from her to everyone and their dogs.

 

I'm trying to get rid of it for her, but my searches on the internet haven't told me what I need to know. I'm mostly getting results telling me to avoid registering for the site, but not how to un-register for the site.

 

Here's what I've done--I've put her on the unsubscribe list for jhoos mailings--was that a mistake? It only asked for her e-mail address, not her password, so I assumed I wasn't giving them access to her account anymore.

 

I ran Ad-Aware--it found win32.trojandropper.delf and deleted it. A subsequent scan showed no trace of it. Is win32.trojandropper.delf related to jhoos at all? I didn't find anything in my search relating the two, but I'm hoping cleaning it out of the system might affect jhoos' ability to access her info (I know they already have it, but I hope I'm at least preventing further access).

 

I ran a Norton scan. Nothing showed up. There were several trojans in quarantine from the past (the most recent was caught in 2009), but nothing new. Interestingly, despite being recently updated and scanned, Norton did not catch win32.trojandropper.delf.

 

I checked add/delete programs and there are no programs related to jhoos that I can delete (as far as I could tell).

 

I don't know what else to do. Any advice?

 

In the meantime she's sending mass-emails (bcc, of course) to everyone in her address book, telling them not to register for jhoos and that "invitations" from her were not actually sent by her. But she's not so good at that stuff, which means I'll end up having to do it for her, and she has so many useless e-mail addresses in her address book (she has hoarder tendencies) that it will take me a lifetime to finish. And I've already spent a few hours on this.

 

Very annoyed, I am.

  • Like 1
Link to post
Share on other sites
I ran Ad-Aware--it found win32.trojandropper.delf and deleted it....

 

I ran a Norton scan. Nothing showed up. There were several trojans in quarantine from the past (the most recent was caught in 2009), but nothing new. Interestingly, despite being recently updated and scanned, Norton did not catch win32.trojandropper.delf.

I have no advice for you, I'm not that savvy, but this is another excellent illustration of the point SRD had made in another thread, that a single AV/anti-malware program may not catch everything.

 

Last week I had AVG catch a piece of trojan malware that AdAware had missed. It's a tricky business.

  • Like 1
Link to post
Share on other sites

It doesn't sound like a result of anything on her computer causing the problem. The problem is that this website has her email address and entire list of contacts. They can make emails to her friends that look exactly like they come from her, and there is nothing technological she can do to stop it. This sounds like a scummy company using information she gave them for the purpose of impersonating her for their commercial gain.

 

An interesting thought to consider might be to write a nasty note to them threatening them with a lawsuit for misappropriation of her name and false endorsement. In the USA at least, there are the fee shifting provisions of the trademark and unfair competition laws that can make such lawsuits cost free to the plaintiff if the case is a winner, so threats of this sort are taken somewhat seriously, particularly by scumbags who know they've been caught red handed. Dunno about Canada. Consult with a local lawyer, not legal advice, etc.

Link to post
Share on other sites

Thanks for the advice!

 

I've told her to change her password asap, so hopefully that will get done tonight (she hasn't used her computer at all today).

 

And I contacted jhoos on her behalf (using their online "contact us" form) telling them to remove her name and address as well as any data they mined from her from their database. I made it very clear that they accessed her information without proper consent from her, and that we will take action should they not grant the request. That probably doesn't mean anything to them, especially since it may just be an empty threat, but it sounded good at the time!

 

I had just removed Malwarebytes from her computer. I might download it again just to run an additional scan, but I know I can't have both Norton and Malwarebytes operating at the same time. Right now she has Norton and Ad-Aware, and she has the standard Microsoft Firewall.

 

But yes! It's definitely helpful to have more than one AV/anti-malware program. I've always had at least AVG Free and Ad-Aware, and I update them frequently (both the definitions, and the programs, themselves), and I've not had any problems with that stuff. My mother is not so computer savvy, though, and despite repeated warnings from both my brother and me, she keeps letting her virus stuff go out-of-date, and she keeps opening e-mails and going to websites she shouldn't. It's very frustrating, because I think sometimes she doesn't follow-through with our advice just because she doesn't like being told what to do.

 

It's very annoying!

 

 

Link to post
Share on other sites

A couple of things you can do: Set her AV stuff to update automatically on start up, that will make start up slower (so no doubt you'll get comments from her like "It takes an age to get running nowadays and it's very slow." Just ride them out.) but will keep her stuff up-to-date, and you should only run extra AV for occasional scans, not allow it to run in real time. You may still get false positives (or even false negatives) but a visit to the AV's website should be able to provide that kind of info and you can get your AV and occasional scans to ignore the files that report false positives.

The second is rather radical, contact her email supplier, explain the circumstances, and get them to change her email address. She will have to mail everyone with her new address but they can then block her old address.

You might be able to work out the dating site's ISP and report them to it for spamming, chances are it's offshore but it might work.

 

Changing her passwords etc. will only help to contain damage already done by the dropper. It will make no difference to the spamming as the company already have her address lists. If they have actually comandeered her machine to send spam (rather than just using her address in the 'from' box) that's a subject I know nothing about.

 

Googling the name of the dropper gives quite a bit of info, check out the Norton response: http://community.norton.com/t5/Norton-Inte...9CC9F7C0BB3C0C0

 

And the Lavasoft (suppliers of adaware) response: http://www.lavasoftsupport.com/index.php?showtopic=19457

 

Kaspersky give a fuller explanation: http://www.securelist.com/en/descriptions/old110262

 

If you think you've got problems try reading this: http://forums.spybot.info/archive/index.php/t-35736.html, amongst other things it does show the dangers of not updating software. I wonder if the 'victim' got so fed up that he finally trashed the machine or whether he discovered that it was a router/line problem after all and didn't have the courage to come back and say so.

 

I wouldn't follow any of the advice given without being confident about my ability to carry out the work, rather I would contact one of the help sites and get them to walk through the steps involved, I know I've plugged them before, and they do have their downside being in a different time zone, but I've found them to be very good. http://www.karlsforums.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...