Solved Received Security code for unknown email address.

Custom / Gigabyte p35-ds3r desktop...
May 21, 2014 at 04:58:31
Specs: Win 8 Home, 3770k / 16GB
Hi guys, not sure where to post this so thought here will do.

I just received an email about a security code for a random e-mail account I have never heard of.
I'm trying to figure out how I could have ended up getting this e-mail and if this means I need to change my passwords. I got the below e-mail (Redacted some details)

"Thanks for helping us verify the Microsoft account XXXXXXX@hotmail.com.
Here is your code: XXXXX
This is a verification code, not a password. If you didn't request this code, someone else may know the password for XXXXXXXX@hotmail.com and have access to that account. Click here to change your password.

Thanks,
The Microsoft account team"

The thing is, I don't recognize the email address its talking about and I'm worried if there is a possibility that someone is perhaps trying some kind of back door to get into my account. Given my hotmail account now ties in with my computer(On Win8), there is the potential someone could lock me out of my computers.

Strangely, today I also received a notification from Steam to verify what e-mail account I use.
So a little bit concerned at the moment. I moved my steam account to G-mail which I have already set up with 2 factor authentication, so that is nice and secure. But still worried about this email.

Do I need to worry about this, Any advice as to what I could do to improve security for my Microsoft account?

Mattwizz3


See More: Received Security code for unknown email address.

Report •

✔ Best Answer
May 21, 2014 at 16:16:54
"Pretty sure my system should be clean"
Not quite Matt.

Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw



#1
May 21, 2014 at 05:49:56
It's a scam. Stick to Gmail.

the microsoft account team
http://to.ly/y3NV

I can check your comp for you.

Download OTL, save & run from your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://oldtimer.geekstogo.com/OTL.exe
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
1: When the window appears, underneath Output at the top, make sure Standard output is selected.
2: Select Scan all users
3: Change Drivers to All
4: Under the Extra Registry section, check Use SafeList
5: In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
6: Click Run Scan and let the program run uninterrupted.
Screenshots ( SS ) of 1 - 6
http://i.imgur.com/rvTDUlL.gif
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the links please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

Free file sharing sites come & go, if Imgur.com & load.to are too busy ( or not working ) here are others to try.
free file upload no account needed
http://is.gd/ije9W6
http://www.zippyshare.com/
http://www.speedyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#2
May 21, 2014 at 06:34:53
Cheers John,

Pretty sure my system should be clean.

Extras: http://www.load.to/OyQGpSBNeZ/Extra...
OTL: http://www.load.to/EvkHGXSLOa/OTL.Txt

Thanks for your help.

Mattwizz3


Report •

#3
May 21, 2014 at 16:09:13
I would just run Malwarebytes to be sure and possibly change password for any hotmail accounts you have to be sure.

You have to be a little bit crazy to keep you from going insane.


Report •

Related Solutions

#4
May 21, 2014 at 16:16:54
✔ Best Answer
"Pretty sure my system should be clean"
Not quite Matt.

Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#5
May 21, 2014 at 16:29:56
"OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthew\Downloads"
Matt, please note, a lot of these programs are designed to be run from the Desktop to get an accurate result.

As per my previous info.
If your default download location is not the Desktop, drag it out of it's location onto the Desktop.

I am here.
http://www.timeanddate.com/worldclo...

message edited by Johnw


Report •

#6
May 21, 2014 at 16:54:15
A short kangaroo hop into the Arctic...

Report •

#7
May 21, 2014 at 17:01:37
"A short kangaroo hop into the Arctic..."

Yep & Matt may be even closer if he is in Tasmania. His logs show he is in Australia.


Report •

#8
May 22, 2014 at 03:57:48
Oops sorry John, didn't realize it would make a difference where I would run it.

You seem to have this all down to a fine art! You haven't been through this much by any chance? :P

Cheers Fingers... I'll likely go through and change my passwords again to make sure everything is secure.

I Just read last night before I went to bed that e-bay had a massive security breach and encrypted passwords were taken. So maby I'll go through and do a refresh with all of my accounts now I'm at it. I haven't changed passwords since the whole Open SSL thing anyway so probably not a bad idea.

I'll be back with the New Logs in a bit.

Mattwizz3


Report •

#9
May 22, 2014 at 05:07:56
Take 2:

Extras.txt: http://www.load.to/Q66ARKSa5M/Extra...

OTL.txt: http://www.load.to/CK4cJknsAX/OTL.Txt

EDIT:
So it looks like I did have "Serch Protect by Conduit"
I never saw it pop up its ugly head so was suprised to know it was on my PC. I've had the displeasure of trying to rid some of my family's PC's of it before.

AdwCleaner Log:
# AdwCleaner v3.210 - Report created 22/05/2014 at 22:21:57
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Matthew - MATTSRIG
# Running from : C:\Users\Matthew\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
[#] Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Matthew\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Matthew\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matthew\AppData\Roaming\OpenCandy
File Deleted : C:\END
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : kdfbddbdpnahdahmamlolacimfdbeckk

*************************

AdwCleaner[R0].txt - [2238 octets] - [22/05/2014 22:18:31]
AdwCleaner[S0].txt - [2123 octets] - [22/05/2014 22:21:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2183 octets] ##########

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Matthew on Thu 22/05/2014 at 22:30:43.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 22/05/2014 at 22:32:55.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cheers John

Mattwizz3

message edited by mattwizz3


Report •

#10
May 22, 2014 at 07:02:16
I'm traveling at the moment Matt, will keep an eye on your post.

Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log, in your reply please.

http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#11
May 23, 2014 at 03:31:23
Holy Crap.... I am very surprised to see this software keeps finding stuff.. To think I thought my pc was clean :(

Log File:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/05/2014
Scan Time: 8:23:44 PM
Logfile: MBlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.23.06
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matthew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279999
Time Elapsed: 3 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675, , [17bbe86ca3d8f640f3d3294c0ff355ab],

Files: 10
PUP.Optional.OpenCandy, C:\Users\Matthew\AppData\Local\Temp\uttAFB9.tmp, , [d8fa5df7304bed493e964434dc289f61],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\nsl69E3.exe, , [983a7fd533489a9c42658c92808144bc],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\nsp5B88.exe, , [27ab6fe5ee8ddc5a8225a579699804fc],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\chLogic.exe, , [dff363f12d4e8da930b3f4282dd4966a],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\ctbe.exe, , [dcf69eb6aecda096e5a064ba8f71a15f],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\spch.exe, , [f8da1e360b7074c2727142daaf522bd5],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\statisticsStub.exe, , [5e74e86c8fecc4722741c5429f622fd1],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\stub.exe, , [369cd77de794e056f3e943db90707f81],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\chromeid.txt, , [17bbe86ca3d8f640f3d3294c0ff355ab],
PUP.Optional.Conduit.A, C:\Users\Matthew\AppData\Local\Temp\ct3281675\setup.ini.txt, , [17bbe86ca3d8f640f3d3294c0ff355ab],

Physical Sectors: 0
(No malicious items detected)


(end)

Mattwizz3


Report •

#12
May 23, 2014 at 04:17:43
"To think I thought my pc was clean"
You did delete those files Malwarebytes found?
A new scan, should show a clean log.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

message edited by Johnw


Report •

#13
May 23, 2014 at 05:04:24
As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#14
May 23, 2014 at 05:18:06
Cheers for all your help John, very straight forward and no fuss! Youre a legend.

I didn't know of any of these programs before to be honest, they are all very straight forward and seem to just work which is nice!

I have a few computers I will give this treatment now.

TFC cleared about 3.5GB of crap off of my PC, and Yes I let malwarebytes quarantine all the stuff it found.

Will be running cleaner systems from now on I think!

Mattwizz3


Report •

#15
May 23, 2014 at 06:36:01
"very straight forward and no fuss! Youre a legend"
Thank you Matt.

If you don't need Java ( most people don't ) I would uninstall it. It is a haven for the hackers.
I use this uninstaller.
IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif

If you really need Java, go into the options/settings & set the Cache to between 100MB and 200MB


Report •

#16
November 3, 2014 at 09:00:04
Hello John,

I received the same email as Matt, but instead of a PC I have a Mac. After reading your replies I am afraid my system is not clean! Do you have any suggestions on how I could check it that?

Thanks!
Joanne


Report •

#17
November 3, 2014 at 14:12:30
Hi Joanne.

I have never worked on a Mac.

I can help steer you through what I found.

Lets start with an online scan.

Run Dr.Web CureIt!® (no need to install it) to quickly scan your computer and cure it of any malicious objects.
http://www.freedrweb.com/cureit/?ln...

Copy & Paste the contents of the log please.


Report •

Ask Question