My acc has been infected. Changed password, anything else



  • Hello!

    Some weeks ago Panda Free AV found a lot of trojan horses in my emails. To check if my old browser Opera 12.1 is infected I installed Thunderbird. Settings; Don't download attachments. Still several trojan horses attached an email I got the 11th November - from my electricity supplier. One of them had this name:
    C\Users\myname\AppData\Roaming\Thunderbirds\Profiles\trxz6hh.default\mapMail\mail.vivaldi.net\Trash\office@vivaldi.net_20160902_083900.docm)(word/vbaProject.bin)

    Visually I can see that the invoice email has changed - compare to the one I get every month. In such case there is someone that has access to my account. As well as an account called office@vivaldi.net. Either them self or another they have infected. By the profile page I have changed my password. My previous was a simple female name - 7 characters. Too easy, yes. Now it is long and complicate.

    Are there anything else I can do, or should I make another account and tell all my contacts about this (by another account)? I look forward to good advices.


  • Moderator

    office@vivaldi.net may be a fake!

    Mail senders address can be easily faked.
    And malware and spam senders fake senders addresses.

    Currently such bad mails are have Word or Excel documents as attachment, dont open them. They will force you to enable word/excel macros and infect you.

    You can have a look in the mails source and headers.
    The mail header would be If mail coming from civaldi.com
    Received: from mail.vivaldi.com (mail.vivaldi.com [82.221.99.164])
    in it.

    And for vivaldi.net mails:
    Received: from mail.vivaldi.net (mail.vivaldi.net [82.221.99.162])

    I will ping a admin to check this.


  • Moderator

    Vivaldi's Admin Mr. Jóngeirsson checked it and said: the office @ vivaldi . net exists but never send a mail out!

    As i said: you get mails with faked adresses.

    Vivaldi mail servers do not send trojans.



  • Thank you very much for helping me!

    The 9th of november at 15:38 I got an email from scanner@vivaldi.net Title "KMBT_C220"
    When I rightclick and check this mails source and headers then yes, it's the same email address.

    I've noticed that by Thunderbird I discover 1-2 infected emails every week. But by my old Opera 12.1 I get 20-30... infected emails in 10 second if I press "Download the entire message" of an ordinary email I have got. As long as this happen in a few second I think Opera itself is infected - in one way or another. The email "KMBT_C220" is not in Thunderbird!

    As long as my account are "bombed" with infected mails, what shall I do? Just be patient and hope that the sender will "give up" sooner or later. Or establish a new account and inform all my 100-200-300 contacts about this. That will take a lot of effort and time....

    During the Christmas vacation I will try to uninstall and reinstall my old Opera 12.1 and see if that helps. By the email panel (F4) I noticed two suspicious points; An Email List with an unfamiliar name and a thread I "followed" automatic. These are now deleted and I hope this will help. Later on I will check the source and headers and give a feedback.

    Anyhow, thank you for helping me!



  • I just discover in the header this;

    Received: from localhost (localhost [127.0.0.1] by mail.vivaldi.net (Postfix)
    with ESMTP id 6F0FF505 for my_email@vivaldi.net Wed, 9 Nov 2016 14:38:52

    Received: from [197.250.99.70] (unknown [197.250.99.70]) by mail.vivaldi.net (Postfix)
    with ESMTP id A78894A8 FOR my_email@vivaldi.net Wed, 9 Nov 2016 14:38:52

    To: my_email@vivaldi.net
    Subject.....
    From scanner@vivaldi.net

    Doesn't this means that I get if from my own computer?
    In one of my partitions I have made a localhost (by XAMPP - www.apachefriends.org ).
    Perhaps this is the "source" of all the mails infected by trojan horses.
    I notice that it takes just 2-4 second to download 20 + + of these infected emails.
    By internet it would have taken minutes... because I am using a wireless connection.

    First of all I will remove Xampp and the files I have at my own localhost.
    I look forward to further advices. Anyhow, thanks for helping me!



  • Problem solved!

    My >localhost has been infected! And I've found it out thanks to your advice! Thank you very much!
    1-2 years ago I was responsible for a webpage - where we used php-files. To test these I used XAMPP
    to make a localhost (with php) on my computer.
    After copying a few personal files I have just deleted the whole (unzipped) folder, V:\xampp\
    Rebooted and tried to download new emails by Opera. This time, no infected mails to my inbox!

    When I wrote >127.0.0.1 or >localhost in the address field in Opera this file was opened:
    V:\xampp\ htdocs\index.html
    Here I also had a folder called V:\xampp\mail\ Most probably it's here the infected files has been stored.
    Fortunately the problem is solved! The whole Xampp-folder is deleted and next time I need >localhost
    I will focus on the security settings!

    From now on I will download new emails - without attachments!

    Finally; thank you very much for your free host service; vivaldi.net !
    And thank you for your help!



  • Problem solved!

    My >localhost has been infected! And I've found it out thanks to your advice!
    When I've checked vivaldi.net for new emails Opera has also gone to my own >localhost

    Thank you very much! 1-2 years ago I was responsible for a webpage - where we used php-files. To test these I used XAMPP
    to make a localhost (with php) on my computer.
    After copying a few personal files I have just deleted the whole (unzipped) folder, V:\xampp\
    Rebooted and tried to download new emails by Opera. This time, no infected mails ended up in my inbox!

    When I wrote >127.0.0.1 or >localhost in the address field in Opera this file was opened:
    V:\xampp\ htdocs\index.html
    Here I also had a folder called V:\xampp\mail\ Most probably it's here the infected files has been stored.
    Fortunately the problem is solved! The whole Xampp-folder is deleted and next time I need >localhost
    I will focus on the security settings!

    From now on I will download new emails - without attachments!

    Thank you very much for your free host service; vivaldi.net !
    And thank you for your help!


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.