"I got an email from one of your friends. Maybe..." Wed Mar-14-18 04:26 AM by Ttech
Today I got a suspicious email from someone claiming to be a friend of a PCQ&A member. Below is the message. I'm not showing the entire email address of the sender in case this is legit.
Hi, You were recommended to me by a friend who has been on pcqanda for many years. I've recently solved an issue which prevented me from receiving windows updates for over a two year period. This is something I shouldn't have left unresolved for such a long time but...I did. The concern is that over that period my computer may have been subject to a rootkit issue. I have looked into what would be the best rootkit removers. It seems Sophos and Kaspersky are high on the list but there are others. Before I begin this I thought I would see if you have any advice. Thanks.
This is suspicious to me because there was no display name for the sender, it doesn't mention which PCQ&A member is his/her friend and it was sent direct to me instead of having the PCQ&A member post a question. The message is all text, there are no links, but it's just too odd.
My first thought was to reply, but there are too many odd things about this message. If you are the PCQ&A member that referred this person to me, please send me a private message or email and tell me what your PCQ&A name is and the full email address of the sender of this message.
Behind every good computer... is a jumble of wires 'n stuff.
#1. "RE: I got an email from one of your friends. Maybe..." In response to Ttech (Reply # 0) Wed Mar-14-18 05:42 AM by KJT
How would anyone get your email address from a Forum member? Unless you provided it to the member, in which case you should be able to figure out who you gave it to.
Private email sent from within PCQandA should be identifiable - but that would have to be sent by a member.
If you use Mailwasher, assuming you haven't deleted the message from the server, it might provide a clue. Right click the Subject in Mailwasher, then click "View complete header".
#4. "RE: I got an email from one of your friends. Maybe..." In response to Ttech (Reply # 0)
Martin,
As strange as this appears, it looks to me like it was sent by a friend of mine who is a member on PCQ&A. I am basing this on his explanation of his problem, which I was remotely helping him with. Our last conversation, from about a week ago, suggested that he go on PCQ&A and do a history search for further help with his problem. I did mention that if he came across any related responses from a user named TTech, that they should be serious considered as I considered your knowledge to be exemplary. I am unaware how he could acquire your email, and doubt he did. I'm betting he used the private communications available in the forum. In any case, I think his user name may be brofff, or something like that. His name is Brian, and I'll contact him immediately to find out more.
#7. "RE: I got an email from one of your friends. Maybe..." In response to Ttech (Reply # 6)
Martin,
He's likely asking about rootkit scanning/removal based on a comment I made to him over the phone a while back. I mentioned that if he had been running his machine for more than two years with no security updates of any kind happening, that it would be wise to do thorough scans of his computer, including for possible rootkits. I suggested he search the forum for help with that, which seems to have resulted in the email you received.
#8. "RE: I got an email from one of your friends. Maybe..." In response to dtellier (Reply # 7)
That clarifies things further, thanks Dave. I scan lots of computers for infections, and very rarely find any signs of rootkits. That's not saying that they aren't a concern. The stuff I see most is related to Mindspark junkware, it is rampant.
Behind every good computer... is a jumble of wires 'n stuff.