• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

Hotmail/MSN virus?

so today at work when I logged into my hotmail, i got an intrusion. it made a fake virus program antivirus soft or soemthing like that. was a very long .exe name like mgcfpcwd.exe or something like that. now, on my home computer i logged into hotmail and it is super slow and lags my whole computer like it did at work and then norton finally tells me it blocked an intrusion.

 risk name: MSIE attribute handler code exec

attacker url: hXXp://sn103w.snt103.mail.live.com/default.aspx?wa=wsignin1.0

"network traffic was deteced that matches the signature of a known attack. the attack was resulted from c:\program files\internet explorer\ieplore.exe. to stop being notified...etc.'

sooo, is msn hacked? hotmail side only? anyone else have this problem?

my work computer is xp and home is vista...both IE8. i did not click a link to goto my email. i typed msn.com then clicked the msn link for hotmail. so unless the initial msn.com home page is hacked i dont know.

think this is a false alert? my home comptuer didnt get the fake antispyware thing becasue im assuming norton stopped it in time. any suggestions??

<<Edit: Disabled active link to potential attack URL>>

Replies

Kudos0

Re: Hotmail/MSN virus?

Hello freakishkittie

Welcome to the Norton Users Discussion Forum

What Norton product do you have? What is the year of the product and the version number please? Have you applied the latest Windows updates which just came out today?

Success always occurs in private and failure in full view.
Kudos0

Re: Hotmail/MSN virus?

Hello freakishkittie,

I had a similar experience today. I received the same alert from my Norton, that it blocked an intrusion.

Same

MSIE Attribute Handler Code Exec

hXXp:\\by121w.bay121.mail.live/default.aspx?wa=wsignin1.0

 was the attacker URL

I was in Hotmail and just had clicked to open an email from Hewlett Packard. Then, like your PC, Hotmail dogged and then I got the intrusion alert from my Norton.

I have a Vista laptop.

My hotmail seems to be fine now, so Norton must have stopped the attacker.

Wonder what's up too?!

<<Edit: Disabled active link to potential attack URL>>

Kudos0

Re: Hotmail/MSN virus?

I got a similar intrusion in Hotmail this afternoon.

Checked my NIS history.  It showed the following intrusion:

Risk :  MSIE Attribute Handler Code Exec

Attacker Url:  hXXp://sn130w.snt130.mail.live.com/default.aspx?n=1970042482&wa =wsignin1.0

Network traffic was detected that matches the signature of a known attack.  The attack was resulted from c:\Program Files\Internet Explorer\ieplore.exe. 

It also showed a virus that auto-protect caught at the same time as follows:

all[1}pdf. (Trojan.Pidef)

Activity:  c:\document and settings\XX_Administrator\local settings\temporary internet files\content ie.5\m19gzbdu\all[1].pdf

Fortunately, NIS was on the job and blocked them.   I was in Hotmail checking on my mail and was about to sign out and then my computer got attacked.  It happened so fast that I don't remember exactly everything that happened.  The first thing I did was turn off my DSL modem and rebooted.  But I remember seeing I think a java icon in the system bar, an adobe icon on the quick taskbar, and also a popup that Microsoft wanted to installed something, which I don't remember.

After I rebooted, I ran NIS Quick Scan and Malwarebytes and all clean.

I also wonder what's up.  Wondering if Hotmail is infected.

Windows XP, SP3

IE8

NIS 2010

Kudos0

Re: Hotmail/MSN virus?

Hello

I have a friend whose Hotmail email account was hijacked the other day and it sent out spam email to everyone in an old address book. My web based spam detector caught it and I deleted it without opening it. So it is possible that it could be infected. There was also a windows update that came out this week having to do with OE and live.email and windows live email. Please make sure you have applied the windows update and it would be a good idea to change your Hotmail password also.

Success always occurs in private and failure in full view.
Kudos0

Re: Hotmail/MSN virus?

Hi Blue 452

re > It also showed a virus that auto-protect caught at the same time as follows:

all[1}pdf. (Trojan.Pidef)

Activity:  c:\document and settings\XX_Administrator\local settings\temporary internet files\content ie.5\m19gzbdu\all[1].pdf

re > remember seeing I think a java icon in the system bar, an adobe icon on the quick taskbar

http://www.techpronetworks.com/adobe_zero_day_vulnerabilit.html

http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99

Have you confirmed your Adobe & Java apps are fully patched.

NIS21.6 | VistaSP2 FF33 IE9 Compaq A931NR | Sandboxie | VoodooShield
Kudos0

Re: Hotmail/MSN virus?

bjm_,

Yes, I checked and I have the latest update for Java (6 Update 20) and Adobe Reader (8.2.2).

I just finished reading the two links you provided.  Thank you for finding it and posting it.  Appreciate it. 

floplot,

My computer has the latest Windows update.  Your suggestion to change my Hotmail password is a good one.  I'll do that just in case.   Thank you.

Have a nice day/evening.

Blue452

Kudos0

Re: Hotmail/MSN virus?

Hello Blue452

Adobe Reader is up to version 9.3.2

Success always occurs in private and failure in full view.
Kudos0

Re: Hotmail/MSN virus?

Hi, All,

I'd be interested to know what Ports were involved in this.  Please list both what Port your computer was on as well as the Attacking Computer's Port Number.

Excellent advice from floplot to install all Windows' Updates released on May 2010 as there are Attacks In-The-WIld happening with Hotmail that were Patched with these Updates.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Hotmail/MSN virus?

hello someone with this mail FROM: YOUR MESSENGER (webmaster@genteya.com) sent me an e-mail with name whoblocksyou i didnt knew that this is virus and i open it i dont have prob with pc but with my msn/hotmail and my friend have too but they didnt open the mail why that hapens? Can norton delete that virus i update it today and i have auto update

Kudos0

Re: Hotmail/MSN virus?

Hello Blue452 et al

Dido > Excellent advice from floplot to install all Windows' Updates released on May 2010 as there are Attacks In-The-WIld happening with Hotmail that were Patched with these Updates.

http://www.microsoft.com/technet/security/bulletin/MS10-030.mspx

NIS21.6 | VistaSP2 FF33 IE9 Compaq A931NR | Sandboxie | VoodooShield
Kudos0

Re: Hotmail/MSN virus?

Hi,

Relating to Floating_Red's post on what are the port number and attacking IP number - checked the history log and they were not listed.

My computer is updated with the May Windows update.  Even though the Attacks-in-the Wild happening with Hotmail were patched, the attacks are still happening - on my computer at least.  Had another MSIE Attribute Handler Code Exec intrusion again last night, and again NIS blocked it. 

Relating to floplot's comment on the latest Adobe version.  At the time this version came out, I read somewhere that Adobe also downloaded some other programs with this release.  I did not want these programs on my computer, so I stayed with version 8 and kept it updated with latest version 8 updates.   I guess it's time to update to  version 9.

Thank you Floating_Red, bjm_, and floplot for your responses.

Kudos0

Re: Hotmail/MSN virus?

Hi Blue452,

Norton will block any exploit that it recognizes, even if your PC has been patched and is no longer vulnerable.  There are plenty of PCs out there that remain unpatched and the Intrusion Prevention signature for this exploit is all that protects them from infection.  So Norton will always respond to this threat when it is seen.

Adobe Reader 8.2.2 is fully supported and patched so there is no need to upgrade to version 9 at this point unless you want the added features.  As long as you continue to install the security updates for version 8 as they are released you will be safe using this software.

Kudos0

Re: Hotmail/MSN virus?

SendOfJive - Thank you for your response.  Relating to Adobe 8.2.2 - after reading your comment that it is fully supported, I decided to stick with this version for now.

I appreciate all of you who took the time to respond to my posts.  Many thanks.

Blue452

Kudos0

Re: Hotmail/MSN virus?

While a previous version of a product may be supported and patched against all Security Holes, I would always recommend using the highest-available version that is compatible with the O.S. you use.  This is because there will be greater security improvements as well as new and improved features compared with the older versions.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Hotmail/MSN virus?

Hello again guys i update it and i am ok!

Replies are locked for this thread.