Jump to content

Recommended Posts

Posted

I clicked on a link in an email saying someone in hong kong bought something off our apple account on iTunes said and to press it if it wasn't us, so stupidly did. By the way there were 2 purchases we did not make.

 

The email contained about four lines yet the size was 1,591 kb with 455 pages found in the message source file.

 

I had to enter the password for the account but only got a picture of the page which was not operational. I looked at the email and all the misspellings so tried to find the message source on google - eservicesuport@acountinclogin.onmicrosoft.com

didn't find it.

 

looked at location of the link I pressed - "already-inclink.com/conect.php" - didn't come up on google and no longer functioning.

 

I searched my computer for today's date to look for evidence and found 12.4 MB folder named "eav_logs" hidden in documents with matching time.

 

It contains folders on windows, eset, configuration and more files, e.g. metadata, info.xml, much much more

 

There are three computers on the network and all have the same relevant HIPS log under 2000 pages. 

 

I don't know what has been done or what info they have besides apple password for iTunes. I found purchases we did not make on iTunes.

 

I don't know if they can follow our keystrokes.

 

i'm trying to put all computer files on external hard drive before using fixes.

 

can I shut down computer pressing start button to avoid further problems?? can I use restore to previous date to remedy?

 

I deleted the "eav_logs" folder and put it on a zip drive for reference and sent the email to spam server, deleted emails off computers and server but kept a copy of eml file for referenceYour Apple ID has been used to buy '' black gold ''‏‏‏.emlYour Apple ID has been used to buy '' black gold ''‏‏‏.eml.

 

did deep scan of one computer so far and no threats found.

 

I need to know how to proceed or where to post this or who to contact at ESET.

 
  • Administrators
Posted

The phishing domain doesn't resolve any more. It was blocked on July 14.

Posted

Yes the "Apple" fraud/scams are back in full force (not that they ever totally left). Two e-mails in the past two days. So if it smells like fraud/malware it most likely is. :angry:

Posted

The phishing domain doesn't resolve any more. It was blocked on July 14.

I don't know what "resolve" means in your quote.

 

I called my server company immediately to get the email address to forward the spam/ransomware, or whatever it was.

 

The message source information on the malicious email showed that it was sent from through same server company but from a different city. I didn't discover any other obvious servers in the header.

 

I wanted to get a picture of the site or any other info I didn't have, so I tried to go the site again about 1/2 hr. after I reported it and the link was no longer valid at that point.

 

I think that is why the website was no longer available to you by the time I wrote the complaint in this forum which was much later.

 

I did a full deep scan using ESET Safe Security but I still don't know if my private info was already taken or if it left something that was not identified.

 

I don't know what kind of malicious software it was but it was huge and it would be nice to know what kind of malware it is.

 

Is there a way to find out if I should do more checking with other software that identifies changes or harm done.

 

I tried to compare system inspector snapshots from before and after the event but they just kept going and going and never ended to get any results.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...