e-overshop.com is malicious!

[jimbo8098]

beware of e-overshop.com , it is a wholesale shop BUT it is completely malicious. I had never heard about this site until yesterday when i found my email spamming my friends mailboxes directing them to e-overshop. Please beware of this site and DO NOT fior heavens sake hand out any details to them. Heres what one of thir representatives said when i told them about it:

kitty  21:32:28
  hello,what can i do for you ?
I 21:32:36
  hello i would like to buy an ipad
I 21:32:41
  do you have any?
kitty  21:33:01
  yes
kitty  21:33:11
  you can choose on our site first
I 21:33:19
  umm i would prefer if you told me
I 21:33:39
  i like to make sure of what im buying
kitty  21:33:55
  64GB and 32 GB ...
I 21:34:10
  how much is the 32 GB one?
kitty  21:34:54
  Apple iPad Tablet (32GB, Wi-Fi)Product ID: 1154Euro 399
I 21:35:06
  399 is that not a bit cheap?
kitty  21:35:17
  final price
I 21:35:33
  really?
I 21:35:57
  if i gave you my bank details how l;ong would it take to get here?
kitty  21:36:11
  5--6 days
kitty  21:36:15
  working days
I 21:38:05
  I have recieved messages from your employees spamming my friends emails. Last time i visited you replied with a smiley. Could you possibly reenforce what you mean by this smiley? I am slightly confused as to what that means... Also please remember i will post everything you say on computerhope.com
kitty  21:39:22
  oo
kitty  21:39:28
  welcome
kitty  21:39:32
  guy

=== after that the support person (named kitty) left===

Well i think that says it all...

[kpac]

http://www.mywot.com/en/scorecard/e-overshop.com

[jimbo8098]

ye there mywot rating wasnt good. I have his IP and his email...

[kpac]

http://whois.domaintools.com/e-overshop.com
IP:  204.13.64.69
Server located in California. The domain is registered in China.

[2x3i5x]

be very wary of things coming out of China. 

[jimbo8098]

Lol the usual , well this is just an update , i think i found the problem , 5.exe in c:\. Ill have to check that its gone but i think thats it. There were a number of files i had not placed there. 5.exe and a bunch of others in root of my c:\ AND a folder named src. I deleted a script file and 5.exe (and a bunch of other things it seems to have made in c:\) and the src folder which contained a script file. I guess thats what it used to get your email address because the code was definately accessing some kind of web address. I didnt take my time to find out what it was doing or any full file names or anything but i can tell you that the 5.exe logo looked like the game X3 logo but with a 5 where the 3 is.

Hope no one else gets this... I personally would like to give this guy a piece of my mind but unfortunately .. hehe

[jimbo8098]

Heres my solution and my results of 5mins research...

I seem to have found the source fo this problem in a file on the root directory of C:\ the name of the program which i think was doing this was named 5.exe. There were a couple of other files but that was the most memorable. There was also a folder named src in my c:\ too which had a script file with the extension .js and something else. Again my memorey escapes me. When i deleted these files the spammer is not sending from my email address. I also changed passwords.

I think the program worked by watching how you log on to hotmail , wether that be using a auto sign in or just typing in so in essence it was a cookie thief or a keylogger from what i can find from the code in the Javascript file. The files were deleted and i have not sent out any spam now for a couple of weeks. I will try to remember to check back to tell everyone if it really did work.

THis site is unacceptable. Please dont go near it. I hope this doesnt happen to anyone else. Its just one of these things that happen nowadays.

Anyway you've seen his IP now so im sure youll stay away from THAT too. keep away from e-overshop.com