1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Scary tenacious unwanted email

Discussion in 'Virus & Other Malware Removal' started by Harry32, Aug 25, 2019.

Advertisement
  1. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    On 8/20/19 I tried to delete a suspicious-looking email by selecting it & clicking Delete on the Ribbon, but as soon as it was selected a Script Error msg popped up and could not be closed. To un-freeze things, I had to close Windows Live Mail via the Task Manager.


    For several days the problem repeated itself whenever I retrieved email. The sender was always "omegaHelthTRICK" (spelled as shown and including quotes, but each time, different letters were capitalized.) After several days, "omegaHelthTRICK" was replaced by "wArrentyChoicE" as sender, and by expanding the sender column of my inbox list, I saw that the full name included <[email protected]>. Today "wArrentyChoicE" was replaced by "DEstroyTinnitus" <[email protected]>.


    To compound the problem, an additional quirk has accompanied the above. Now when I retrieve email, names of several formerly deleted emails reappear in the inbox along with the new.


    If anyone can tell me what's going on and how to fix it, I'll be very grateful.




    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: Intel(R) Core(TM) i5-4690T CPU @ 2.50GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 8082 Mb
    Graphics Card: Intel(R) HD Graphics 4600, 1024 Mb
    Hard Drives: C: 915 GB (807 GB Free); D: 15 GB (1 GB Free); E: 0 GB (0 GB Free);
    Motherboard: Hewlett-Packard, 2B0D
    Antivirus: Norton Internet Security, Enabled and Updated
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    Sorry for the delay. Please let me know if you still need assistance.
     
  3. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Thanks, iMacg3, for replying. Yes, I still need assistance.
     
  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.
    ---------------------------------------------------

    Those sound like spam emails. However, we can check your computer for malware. Please do this:

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Right-click FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  5. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Thanks, iMacg3. It's now 10 PM where I live - I'll execute your detailed instructions tomorrow with a clearer head after a night's sleep.
    To update the status of the problem, my email in-box still has 3 copies of "wArrentyChoicE" and 2 copies of "DEstroyTinnitus" (all 5 spelled as shown here) but has received no new ones since 8/25/19.
    I agree with you that these look like spam, but it makes no sense to send out a sales pitch that can't be read and irritates the recipient by crashing his computer if he tries to delete it.
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    OK, thanks for letting me know.
     
  7. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Hi iMacg3, here are the 2 logs you requested.
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    Let's get started ...

    ---------------------------------------------------
    I noticed you have disabled some startup items using msconfig. msconfig is designed to be used for temporary/troubleshooting issues, and is not recommended as a startup manager.

    MSConfig - Normal Startup
    • Press the Windows key + R.
    • Type msconfig in the Run box and press Enter.
    • MSConfig will open. Select the Normal Startup radio button and click Apply > OK.
    • Restart your computer to apply the changes.

    ---------------------------------------------------

    Do you recognize the following installed program?

    ---------------------------------------------------
    Uninstall a Program

    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    • Select the above program(s) and click Uninstall.
    • Restart the computer if prompted.

    ---------------------------------------------------
    Optional Uninstalls

    I noticed you have some programs installed on your computer that could be considered potentially unwanted. If you didn't install the below programs or want to uninstall them, follow the instructions below:

    Uniblue RegistryBooster 2009 <----------- I don't recommend the use of registry optimizers or registry cleaners as they can do more harm than good. See here.
    Yahoo! Software Update
    Yahoo! Toolbar


    • Press the Windows Key + R.
    • Type appwiz.cpl in the Run box and click OK.
    • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    • Select the above program(s) and click Uninstall.
    • Restart the computer if prompted.

    ---------------------------------------------------
    Uninstall Chrome Extension(s)

    • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    • Click the trash can icon next to the following extension(s):
    • A confirmation dialog will appear. Click Remove.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Download the attached file (fixlist.txt - at the bottom of this post) and save it to the same location FRST64 is saved.
    • Start FRST64 with Administrator privileges. (Right-click and select Run as Administrator)
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) will pop up/saved in the same location the tool was run from.
    Please copy and paste its contents in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Let me know how the computer is doing.
     

    Attached Files:

  9. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Hi iMcg3,


    I finished your last instructions, and the 5 emails are gone!! They were still in the in-box but were easily deleted and their sender blocked. All seems to be back to normal. Thank you! Thank you! Thank you!


    Fixlog.txt is attached.
     

    Attached Files:

  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    Glad to hear the issue is resolved.

    Do you recognize the following installed program?

    KBD


    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now ...
      • When the scan has finished a Scan Results window will open.
      • Click Cancel (at this point do not attempt to Quarantine anything that is found)
    • Now click the Log Files tab ...
      • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the scan.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Do you recognize the above installed program?
    • AdwCleaner[S0*].txt
     
  11. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Hi iMacg3

    KBD is an item on the Programs and Features list of my Control Panel and I suspect it's what controls my wireless keyboard. I changed the speed of the keyboard earlier this year to slow it down for the sake of my faltering fingers. Do you still want me to go through the AdwCleaner process described above?
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    Yes, please run the AdwCleaner scan and post the contents of the AdwCleaner[S0*].txt log.
     
  13. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Hi iMacg3,
    Sorry I'm so slow getting back to you. Here's the AdwCleaner[S0*].txt log
     

    Attached Files:

  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Harry32,

    No problem.

    Please do the following to clean the threats detected by AdwCleaner:

    ---------------------------------------------------
    AdwCleaner - Clean

    • Double click AdwCleaner.exe to run it.
    • Click Scan Now
    • When the scan has finished a Scan Results window will open.
    • Please check the following boxes and then click Quarantine
      • Click Next
      • If any pre-installed software was found on your machine, a prompt window will open ...
        • Click OK to close it
      • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
      • Click Quarantine
    • A prompt to save your work will appear ...
      • Click Continue when you're ready to proceed.
    • A prompt to restart your computer will appear ...
      • Click Restart Now
    • Once your computer has restarted ...
      • If it doesn't open automatically, please start ADWCleaner ...
      • Click the Log Files tab ...
      • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the removal.
      • Please post the contents of the file in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • AdwCleaner[C0*].txt
     
  15. Harry32

    Harry32 Thread Starter

    Joined:
    Jul 28, 2009
    Messages:
    141
    Hi iMacg3,
    Here's the AdwCleaner log -
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Short URL to this thread: https://techguy.org/1232011

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice