ArtieRT
2011-08-30, 02:23
I'm new to this forum and hope I get the right protocol. Here is a description of the chronology of my problem.
1.) Wife boots up computer, gets message from spybot about finding and terminating "something."
2.) She clicks on a bunch of messages (doesn't come and get me) and then proceeds to try and run earthlink total access.
3.) she gets messages (sounded like error messages) that say, I think, that earthlink email can't be found.
4.) She get's frustrated and shuts down the computer.
5.) I turn on the computer again. It boots and immediately enters a spybot scan. I let it complete...nothing found.
6.) I scan with McAfee (full scan, takes hours), nothing found.
7) In the Teatimer log I find the message "Encountered and terminated Banker in C:\Program Files\Earthlink TotalAccess\Mailclnt.exe!"
8.) Spybot Recovery module shows nothing recoverable earlier than 2008.
9.) Mailclnt.exe is indeed missing from the directory noted in 7 above. I've tried to compare the files in the directory to the same one on a clean computer (to see if anything else is missing) but the clean computer's monitor (very old) failed when I turned it on....just my luck! I thought maybe I could copy over Mailclnt.exe and be back in business.
A weird incident the day before may or may not be connected.
10.) My daughter gets a message (at facebook log on) and email from Facebook saying someone tried to access her account from somewhere in Kansas and later California. The message (I looked at it later) looks legit and has a link to a help page. We didn't click on the link but she says she did earlier and it only went to a help page.
11.) We go directly to facebook, try to log in, say the other attempts were not her, and we are forced to change her password. This works and we get a legitimate email from facebook saying "your password was changed."
12.) Future attempts on clean computers allow her to long into facebook with the new password.
13.) We are able to see the emails using earthlink totalaccess email with no problems.
I find it odd that if somehow "banker" was downloaded to my PC it would choose to replace the earthlink mailclnt.exe executable. Seems like it would want to hide and do it's damage, not make it obvious something was going wrong. I can't find any reports of similar behavior in web searches.
Thanks for any insights...
ArtieRT
1.) Wife boots up computer, gets message from spybot about finding and terminating "something."
2.) She clicks on a bunch of messages (doesn't come and get me) and then proceeds to try and run earthlink total access.
3.) she gets messages (sounded like error messages) that say, I think, that earthlink email can't be found.
4.) She get's frustrated and shuts down the computer.
5.) I turn on the computer again. It boots and immediately enters a spybot scan. I let it complete...nothing found.
6.) I scan with McAfee (full scan, takes hours), nothing found.
7) In the Teatimer log I find the message "Encountered and terminated Banker in C:\Program Files\Earthlink TotalAccess\Mailclnt.exe!"
8.) Spybot Recovery module shows nothing recoverable earlier than 2008.
9.) Mailclnt.exe is indeed missing from the directory noted in 7 above. I've tried to compare the files in the directory to the same one on a clean computer (to see if anything else is missing) but the clean computer's monitor (very old) failed when I turned it on....just my luck! I thought maybe I could copy over Mailclnt.exe and be back in business.
A weird incident the day before may or may not be connected.
10.) My daughter gets a message (at facebook log on) and email from Facebook saying someone tried to access her account from somewhere in Kansas and later California. The message (I looked at it later) looks legit and has a link to a help page. We didn't click on the link but she says she did earlier and it only went to a help page.
11.) We go directly to facebook, try to log in, say the other attempts were not her, and we are forced to change her password. This works and we get a legitimate email from facebook saying "your password was changed."
12.) Future attempts on clean computers allow her to long into facebook with the new password.
13.) We are able to see the emails using earthlink totalaccess email with no problems.
I find it odd that if somehow "banker" was downloaded to my PC it would choose to replace the earthlink mailclnt.exe executable. Seems like it would want to hide and do it's damage, not make it obvious something was going wrong. I can't find any reports of similar behavior in web searches.
Thanks for any insights...
ArtieRT