Not what you were looking for? Ask our experts!
Reply
Newbie
freakishkittie
Posts: 1
Registered: ‎05-11-2010

Hotmail/MSN virus?

[ Edited ]

so today at work when I logged into my hotmail, i got an intrusion. it made a fake virus program antivirus soft or soemthing like that. was a very long .exe name like mgcfpcwd.exe or something like that. now, on my home computer i logged into hotmail and it is super slow and lags my whole computer like it did at work and then norton finally tells me it blocked an intrusion.

 

 risk name: MSIE attribute handler code exec

attacker url: hXXp://sn103w.snt103.mail.live.com/default.aspx?wa=wsignin1.0

"network traffic was deteced that matches the signature of a known attack. the attack was resulted from c:\program files\internet explorer\ieplore.exe. to stop being notified...etc.'

 

sooo, is msn hacked? hotmail side only? anyone else have this problem?

 

my work computer is xp and home is vista...both IE8. i did not click a link to goto my email. i typed msn.com then clicked the msn link for hotmail. so unless the initial msn.com home page is hacked i dont know.

 

think this is a false alert? my home comptuer didnt get the fake antispyware thing becasue im assuming norton stopped it in time. any suggestions??

 

<<Edit: Disabled active link to potential attack URL>>

floplot
Posts: 10,608
Topics: 218
Kudos: 2,054
Solutions: 367
Registered: ‎04-11-2009

Re: Hotmail/MSN virus?

Hello freakishkittie

 

Welcome to the Norton Users Discussion Forum

 

What Norton product do you have? What is the year of the product and the version number please? Have you applied the latest Windows updates which just came out today?

Success always occurs in private and failure in full view.




Newbie
seifelj
Posts: 1
Registered: ‎05-13-2010

Re: Hotmail/MSN virus?

[ Edited ]

Hello freakishkittie,

 

I had a similar experience today. I received the same alert from my Norton, that it blocked an intrusion.

 

Same

MSIE Attribute Handler Code Exec

hXXp:\\by121w.bay121.mail.live/default.aspx?wa=wsignin1.0

 was the attacker URL

 

I was in Hotmail and just had clicked to open an email from Hewlett Packard. Then, like your PC, Hotmail dogged and then I got the intrusion alert from my Norton.

 

I have a Vista laptop.

 

My hotmail seems to be fine now, so Norton must have stopped the attacker.

 

Wonder what's up too?!

 

<<Edit: Disabled active link to potential attack URL>>

 

Regular Contributor
Blue452
Posts: 73
Registered: ‎08-10-2008

Re: Hotmail/MSN virus?

[ Edited ]

I got a similar intrusion in Hotmail this afternoon.

 

 

Checked my NIS history.  It showed the following intrusion:

 

Risk :  MSIE Attribute Handler Code Exec

 

Attacker Url:  hXXp://sn130w.snt130.mail.live.com/default.aspx?n=1970042482&wa =wsignin1.0

 

Network traffic was detected that matches the signature of a known attack.  The attack was resulted from c:\Program Files\Internet Explorer\ieplore.exe. 

 

 

It also showed a virus that auto-protect caught at the same time as follows:

 

all[1}pdf. (Trojan.Pidef)

 

Activity:  c:\document and settings\XX_Administrator\local settings\temporary internet files\content ie.5\m19gzbdu\all[1].pdf

 

 

Fortunately, NIS was on the job and blocked them.   I was in Hotmail checking on my mail and was about to sign out and then my computer got attacked.  It happened so fast that I don't remember exactly everything that happened.  The first thing I did was turn off my DSL modem and rebooted.  But I remember seeing I think a java icon in the system bar, an adobe icon on the quick taskbar, and also a popup that Microsoft wanted to installed something, which I don't remember.

 

After I rebooted, I ran NIS Quick Scan and Malwarebytes and all clean.

 

I also wonder what's up.  Wondering if Hotmail is infected.

 

 

Windows XP, SP3

IE8

NIS 2010

 

 

 

floplot
Posts: 10,608
Topics: 218
Kudos: 2,054
Solutions: 367
Registered: ‎04-11-2009

Re: Hotmail/MSN virus?

Hello

 

I have a friend whose Hotmail email account was hijacked the other day and it sent out spam email to everyone in an old address book. My web based spam detector caught it and I deleted it without opening it. So it is possible that it could be infected. There was also a windows update that came out this week having to do with OE and live.email and windows live email. Please make sure you have applied the windows update and it would be a good idea to change your Hotmail password also.

Success always occurs in private and failure in full view.




Bot Obliterator
bjm_
Posts: 2,502
Registered: ‎09-07-2008

Re: Hotmail/MSN virus?

[ Edited ]

Hi Blue 452

re > It also showed a virus that auto-protect caught at the same time as follows:

all[1}pdf. (Trojan.Pidef)

Activity:  c:\document and settings\XX_Administrator\local settings\temporary internet files\content ie.5\m19gzbdu\all[1].pdf

re > remember seeing I think a java icon in the system bar, an adobe icon on the quick taskbar

http://www.techpronetworks.com/adobe_zero_day_vulnerabilit.html

http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99

 

Have you confirmed your Adobe & Java apps are fully patched.

 

 

 Product Update Announcements  NIS21.5 VistaSP2 FF31 IE9 Compaq A931NR

Regular Contributor
Blue452
Posts: 73
Registered: ‎08-10-2008

Re: Hotmail/MSN virus?

bjm_,

 

Yes, I checked and I have the latest update for Java (6 Update 20) and Adobe Reader (8.2.2).

 

I just finished reading the two links you provided.  Thank you for finding it and posting it.  Appreciate it. 

 

 

floplot,

 

My computer has the latest Windows update.  Your suggestion to change my Hotmail password is a good one.  I'll do that just in case.   Thank you.

 

 

Have a nice day/evening.

Blue452

floplot
Posts: 10,608
Topics: 218
Kudos: 2,054
Solutions: 367
Registered: ‎04-11-2009

Re: Hotmail/MSN virus?

Hello Blue452

 

Adobe Reader is up to version 9.3.2

Success always occurs in private and failure in full view.




Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Hotmail/MSN virus?

Hi, All,

 

I'd be interested to know what Ports were involved in this.  Please list both what Port your computer was on as well as the Attacking Computer's Port Number.

 

Excellent advice from floplot to install all Windows' Updates released on May 2010 as there are Attacks In-The-WIld happening with Hotmail that were Patched with these Updates.

 

 

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Visitor
ThanosKadoglou
Posts: 2
Registered: ‎05-15-2010

Re: Hotmail/MSN virus?

hello someone with this mail FROM: YOUR MESSENGER (webmaster@genteya.com) sent me an e-mail with name whoblocksyou i didnt knew that this is virus and i open it i dont have prob with pc but with my msn/hotmail and my friend have too but they didnt open the mail why that hapens? Can norton delete that virus i update it today and i have auto update