Help, my Gmail is hacked!

Pumpkin_rrr on 28/05/2014 - 08:18
Last edited 29/05/2014 - 21:30 by 1 other user

I need help: my Gmail is hacked, and I couldnt find the name of the virus, so I dont know the full extent of the damage.

Over the weekend a friend sent an email on "Please find attached investment property", via Google Drive

*****Please find attached investment property, I uploaded for you via Google Drive,
For additional Security, you will be required to sign in with your email to view them,
Click Newsletter to view , it's a very important news.
Google Docs makes it easy to create, store and share online documents, spreadsheets and presentations.*****

I dont normally click on things like that because this is so HIM: just forward and no words or addressing my name, I clicked on it and must have entered my email address and password blindly. Yes stupid, but I had always been cautious and this is the first time I got attacked.

On Monday morning I was told by friends that they receive a dodgy email from me. I checked my sent box, nothing there. I later found out a few other things:

  • I can send emails out to my workplace
  • But the Sent Box has no record
  • Lost the ENTIRE contact list (which I restored later)
  • Unable to receive any emails (This is the WORST!)

I use a lot of Google Apps: Drive, Calendar etc. Have PC, iPad, iPhone, Android, laptop. Who knows what else is damaged?

Can you please help me? I want my emails back and do not wish to change email address. If someone can help identify the name of the virus, and the ways to fix it, I will gladly appreciate.

Internet

Related Stores

gmail.com
gmail.com

Comments

  • geek001 on 28/05/2014 - 08:39
    +1

    Have you tried changing your password?

    • Pumpkin_rrr on 28/05/2014 - 09:01

      Yes I have, twice actually.
      And shut down, restart…

  • rvsure on 28/05/2014 - 08:45
    +3

    Luckily you still have access to your Gmail. Change the password before someone else does. Also if it is a virus your entire computer must be affected not just Gmail. Run an antivirus full scan if you have one installed. If you are sure that the problem is only with Gmail contact Google support or check Gmail related forums someone else might have faced the same problem and resolved it.

    • Pumpkin_rrr on 28/05/2014 - 09:02

      Yes I have changed password, shut down, restart…twice.
      Had been searching for help all day yesterday but to no avail, hence this post…

      • Mikinoz on 28/05/2014 - 09:10
        +1

        You need to scan the computer for Virus, do it asap.

      • rvsure on 28/05/2014 - 09:16
        +3

        Restarting your PC won't fix the problem. You should get an antivirus software. Also make sure your PC updated with the latest patches.

        There may not be any easy way to get your deleted messages back. But check your trash folder if the messages were deleted by the hacker they should be in trash unless he/she cleared it from trash as well. Also check the recent activity on your account that might give you a clue. Here is a checklist from Google for compromised Gmail accounts

        https://support.google.com/mail/checklist/2986618

        • Pumpkin_rrr on 28/05/2014 - 09:23

          Thanks so much deal finder. Will do.

        • mattyman on 29/05/2014 - 11:30
          +1

          In the meantime login to your Gmail from a different computer, change the password and DON'T login from your infected computer until you have killed the virus.

        • pyro love bird on 30/05/2014 - 12:20

          Kill it with fire!

  • tomleonhart on 28/05/2014 - 09:18
    -6

    OUt of topic, you even show that you're panic in the subject line.

  • bajillionaire on 28/05/2014 - 09:38
    +2

    Also download a malware/spyware scanner like "Spybot Search and Destroy" (it's free). Install it, update it, and run it. Let it remove any threats it finds at the end of the scan.

  • scotty on 28/05/2014 - 09:40
    +7

    Go to your Google Account security page,

    • Check "Recent Activity" to see whether there's still abnormality.
    • Turn on "2-Step Verification", either with SMS or Google Authenticator.
    • Pumpkin_rrr on 28/05/2014 - 12:19

      Thanx so much Scotty. Did both.
      The "Recent Activity" is not overly helpful. It mentioned Chrome or Firefox of iPad, but no IP address.
      The 2-step verification is very good albeit a hassle. Well, that's a good protection.

      • EnALup on 29/05/2014 - 12:34
        +2

        Yes its a hassle, but worth taking if you think your email is that important for you.

  • Pumpkin_rrr on 28/05/2014 - 09:47
    +1

    Thanx everyone for your kind advice. Much quicker than Google :-)
    To the person who asked me not to panic, guess what, the bank just rang me and said I have some overseas credit card transactions, eg Apple in USA $2800! Is that a coincidence or what!!

    • bajillionaire on 28/05/2014 - 11:00
      +10

      Ok, now this is serious.

      Disconnect your computer from the Internet. Copy important documents off it to a USB drive. Do not connect the computer to the outside world again until you have formatted it and reinstalled a clean operating system.

      Use your smartphone to change all the passwords to all of your accounts that you can think of. Then check the transactions in your bank accounts for unauthorised activity and contact those institutions to let them know.

      You now need to go into damage control mode.

      • Pumpkin_rrr on 28/05/2014 - 12:20

        Yes we have thanx. See below.

    • BuyoTheCat on 29/05/2014 - 12:44

      Alright….PANIC!!!

    • sirplus on 29/05/2014 - 16:59
      +2

      The friendly bank caller.
      Did they ask you to provide any info, any at all (no matter how innocent it may sound is enough to give a scammer an opportunity)?
      If so they were probably not from the bank.

  • timmypete on 28/05/2014 - 10:10
    +6

    Check that there aren't any forwarding rules set. Scammers often divert stuff to another inbox which might be what is happening here.

    • Pumpkin_rrr on 28/05/2014 - 11:25
      +1

      Done that yesterday but didnt find anything unusual.

  • Pumpkin_rrr on 28/05/2014 - 12:17
    +3

    Update: When I first check the Filter, there wasnt anything suspicious. They were all my own filters, or looked like.

    Anyway, I later decided to remove all filters. Guess what, it removed 609 filters! Surely I didnt create that many, but how did they "hide it"?

    It looks like now my incoming mails are visible, and Sent Box is visible too.

    Now running all sorts of test and scans, and will ring Google once finished.

    Thanx for listening guys. What a day!

    • mattyman on 29/05/2014 - 11:33
      +4

      Now you need to go and change your passwords on EVERY account that you have … eBay, Paypal, your bank, Twitter, Facebook, Origin, Steam, Uplay, Hotmail etc.

      Chances are, they've been using the password retrieval process on these websites to sniff for access to your other accounts associated with your email address.

  • derek324 on 28/05/2014 - 13:23
    +4

    It is probably best if you keep trying various anti malware tools. In addition to already mentioned Spybot Search and Destroy I would also recommend Malwarebytes Anti-Malware Free and Malwarebytes Anti-Exploit BETA tools (typically you wouldn't need anything more than a free version). Also different tools have different success rate with specific infections, thus it is worth trying many different ones. It is usually a good idea to de install each tool before you install a next one, as some may have some active protection running which potentially can conflict with another active protection.
    Hope it helps.

    • Geewhizz on 29/05/2014 - 06:11
      +1

      Do yourself a favour and change your password on another computer, just to be on the safe side.

      Several months ago I managed to pick up a bug from somewhere … from memory it was from clicking on a link that seemed innocent enough, anyway ….. I ran every online scan I could think of (and my own antivirus obviously, and also Spybot S&D) and came up with nothing.

      Malwarebytes found it.

  • Bystander on 28/05/2014 - 20:04

    Consider using a ChromeBox/Book

    • mangoman on 29/05/2014 - 04:55

      Sound like this was a phishing scam, so that more than likely would not have helped at all.

  • zerocritical on 29/05/2014 - 07:21
    +1

    Do change your security questions and backup email address too. Hackers can reset the password using forgot password link if they have access to such info.

  • Tcm9669 on 29/05/2014 - 07:25
    +4

    Use 2-step authentication. It can be a bit of a pain (less pain than what you are in now!) BUT if your GMAIL is that important to you, trust me you won't regret it. I use it and it's great for piece of mind.

    Using 2 step verification, even if someone knows your password, it will ask them for a verification code… (which you need to download an app on your phone which will do this).. without that, they can't login :) Also, if they hack your computer and manage to see a code you typed it, it won't matter because the code is ONE TIME USE and resets every 30 seconds :)

    http://www.google.com.au/landing/2step/

    • verio on 29/05/2014 - 08:02
      +1

      It is worth mentioning though that the two-step verification won't give you 100% protection if you use application specific passwords for apps in Windows. If there is a virus, it can potentially steal your app password and send spam via it.

      Please correct me if I am wrong.

      • Joshman5k on 29/05/2014 - 09:57

        Hi Brightaussie,
        I think you may be wrong. I haven't used google 2Step but it sounds like it is an example of One time passwords, which makes it two factor authentication.
        Using two factor authentication you need both your password (a thing you know) and, in this case, a one off password from a token (a thing you have).
        So even if a virus steals the thing you know, you still have your one time password which will expire every 30 seconds.

        • 11112007 on 29/05/2014 - 12:10

          Correct.

          I use 2 step for Google. Love knowing my stuff is semi secure (Prism).

        • verio on 29/05/2014 - 17:52

          I am afraid we are talking about different things.

          Consider the following example: on an iOS device you can add a gmail account by entering the app password only. You are not asked for the main password.

          Moreover, if I recall it correctly, you can make a full backup of your device and restore it to another device with app passwords still working on another device.

        • Tcm9669 on 30/05/2014 - 07:24

          Brightaussie is correct.

          So you can either stick to 2 factor auth (this is the only method I use, apps that do no support this are clearly not built around security. Me being a security engineer, I really won't be confident using this app)

          or, if certain application does not support 2 factor authentication then you need to setup a STATIC password SPECIFICALLY FOR THAT APP ONLY.

          https://support.google.com/accounts/answer/185833?hl=en

          However, I think that password will only be linked to that app and not anything else. So if you setup an app password for Application A, that password can't be used by Application B.

        • zfa on 31/05/2014 - 17:56

          An application-specific password can be used by anything, anywhere. It effectively just generates a 'static' password for you to use in apps that can't cope with 2FA. If you use them be aware of this.

      • Scumbag on 29/05/2014 - 13:55

        I believe the application passwords are still associated with a device. Unless the hacker can identify and submit the same device id, then the application password will not work.

        • zfa on 31/05/2014 - 17:57

          An application-specific password can be used by anything, anywhere. It effectively just generates a 'static' password for you to use in apps that can't cope with 2FA. If you use them be aware of this.

      • Weezle on 29/05/2014 - 22:15

        If you use two-step verification to sign into Gmail then you need to input a unique code generated and sent to your phone via a text message. So unless the thief has your mobile phone as well as your Gmail password, then two-step verification is pretty secure.

  • ahly92 on 29/05/2014 - 10:57
    +2

    WOW!!! OZBARGAINER's as a team can solve nearly all issues

  • CI on 29/05/2014 - 11:02

    That's scary stuff man, lucky it's sorted now!

  • Tothy on 29/05/2014 - 12:09

    Mate hope all is good and well now…..and hopefully some of us have also learnt a valuable lesson, never be too lax when it comes to your own personal security on the web.

    • Pumpkin_rrr on 30/05/2014 - 14:34

      Sure is. Love this community. Great sharing great knowledge. Hope the hacker is not reading to. Lol.

  • [Deactivated] on 29/05/2014 - 12:21
    -1

    Run Linux and never have this issue again.

    • felipe1982 on 29/05/2014 - 14:13
      +4

      Wasn't the OP's problem related to entering his username/password into a fake site? If so, Linux wouldn't help here (although i am in your camp, sir).

      • [Deactivated] on 30/05/2014 - 06:58

        Assumed the filters the op was talking about was in his Web browser.

    • scrimshaw on 29/05/2014 - 16:09
      +3

      This is social engineering. Only way to avoid it is if you have good common sense.

  • Scumbag on 29/05/2014 - 14:00

    Another thing to consider it that the hacker could have configured API access to your account (https://code.google.com/apis/console). Once configured specific data in your account can be accessed without a password - instead authenticating using an application specific security token.

    I'm guessing that resetting your password, or configuring 2-step authentication would not necessarily revoke API access.

  • [Deactivated] on 29/05/2014 - 14:34

    I'm sorry but once you have a malicious virus like this - you can't just use a virus scanner.

    Virus scanners are preventative - they are not made to clean up a virus after it has already infected your machine.

    Here is what you need to do:

    1 - Disconnect your computer from the internet (from any network with other computers on it) and do not connect it back until all steps below are done
    2 - Back up ONLY media files to a USB. This means - no programs. Word Documents, Movies, Music, Excel Spreadsheets, Outlook PSTs etc are all fine to back up because they are not programs - they are simply "read" by programs.
    3 - WIPE your computer back to manufacturer defaults or format and re-install Windows from scratch.
    4 - Log in to your Gmail from another machine and check all Gmail APP settings remove anything suss and make sure there is no API access as posts above - then change your password.
    5 - Log in to your Netbank from another machine and check all settings and remove anything suss and then change your password
    6 - Repeat this step for any other social / banking site you use.

    Remember that formatting and re-installing will mean you lose all of your programs (which you should have disks for or just re-download them with the speed of internet these days could be faster than installing of a disk)

    The idea is to reformat your computer. Unfortunately the longer you keep your computer turned on and transferring files - the more chance your USB stick / other computers in your network can get infected and leaving it on the internet is even worse with information stealthily being sent back to the malware culprits.

    • derek324 on 30/05/2014 - 15:11
      -1

      That advice is somewhat incorrect. You are referring mainly to active protection, and even that is only partly correct: malware scanners can be run AFTER the infection, some even can be installed on already infected system. While the steps 1-2 are correct, everything from the step 3 should be tried only after one first tries different tools, including new tools one did not have before the infection.

      Every anti malware tool can be run on demand, also on already infected computers (some, specially free versions, do not even offer active protection at all, only on demand run). Many such tools can be installed on a bootable USB or CD/DVD, but some even specifically point out that they allow Windows installation on already infected system. Obviously depending on a specific case and a specific tool used cleaning the system may or may not succeed.

      There are two reasons why it is good to try different tools first before proceeding with the step 3:
      (1) vast majority of infections can be successfully cleaned without time consuming, frustrating and error prone process of rebuilding full system from scratch (unless a trustworthy backup is used),
      (2) for paranoid: there are malware infections which will NOT be removed by the step 3 (unless one does a full low level disk format), but which will be detected and removed by some anti-malware tools. Rare, but not that uncommon.

      • [Deactivated] on 06/06/2014 - 12:07

        I'm not disputing that you can run malware protection even while infected. I'm just saying that there is no way to know if the malware that is stealing your details has actually been cleaned. You can never know. There is no message that pops up that says "This is the malware which was stealing your details and it has now been removed."

        Just because protection can be "run" and shows that it "found malware" and "cleaned it" doesn't mean that the malware causing havoc has been cleaned.

        Chances are it still hasn't - but let's say you take the risk anyway. Why would you?

        Reformatting is a 100% method. I'm not sure why you think this method is "error prone". Have you been getting errors when re-installing Windows? I haven't. I don't think anyone has - if it was working in the first place.

        Your advice is incorrect because you still cannot be sure 100% that the malware has been cleaned - especially if there are multiple infections and something as serious as unauthorised bank transactions going on.

        Here is an example:

        Your malware protection finds "XYZ" and shows you that it found it and cleaned it.

        What's to say that "XYZ" was in fact the culprit for scamming your netbank in the first place?

        Nothing. It could have been a completely different malware that wasn't even detected.

        So you are left with a false sense of security thinking that because your protection software has found 75 trojans / trackers / pups etc and then cleaned them - that your computer is now fine.

        And surely enough - you will run the program again and one of two things will happen:

        1 - No results found after cleaning (more false sense of security)
        2 - Trojans / trackers / pups found again even after just doing a scan and fix

        Either way - it's all about detection in the end. Why would you even think about whether or not the malware detection software has a big enough database of known malware when all you have to do is format?

        How much are your netbank details worth? Enough to take that risk?

  • sirplus on 29/05/2014 - 17:05

    The best way to fix a virus is to remove the hard drive from the affected machine
    There are now 2 options
    Hard option -hit the affected hard drive with a big hammer (joking -but not much)
    Soft Option -Plug that drive into a second virus free computer as an auxiliary or removable drive (you need an enclosure), install malwarebytes on the second computer and scan the drive using the second computers av scanner first then malwarebytes.

    • Tnetennba on 29/05/2014 - 23:21

      He probably doesn't have any software on his computer, it's just his google account was compromised by a phishing link. There is no harm in him doing a virus scan/etc, but this is extreme.

  • A-boy on 30/05/2014 - 20:09

    Follow this instruction, u will get your answer if someone access yr gmail from different ip.
    https://support.google.com/mail/answer/45938?hl=en

Login or Join to leave a comment
Login Join