Share via

Microsoft account compromised by chacroscmail.ru‎

Kemuel Sykes 0 Reputation points
2026-05-04T04:37:08.9266667+00:00

Every time I try to login into my account I keep getting asked to get a code from chacroscmail.ru‎ which ive never used before.

How do I remove this email from the account??

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. paulr0511 45,225 Reputation points Independent Advisor
    2026-05-04T05:27:20.6333333+00:00

    Hello, good day and thanks for your question. Sorry to know about this and I understand that you have encountered an account related issue.

    Please take note that a compromised account is a complex scenario and once the email and phone number has been changed to a different one then it is at the point that it is unrecoverable (even if 2FA is enabled) and Microsoft Support will not be able to help either.

    For this you can go over to this link https://go.microsoft.com/fwlink/?linkid=2196140 and most likely it will be followed by doing the account recovery form which is an automated process that you will need to enter every bit of information that you can remember on the account (if this is unsuccessful, the account cannot be recovered) and you can check out the links below for reference.

    https://support.microsoft.com/en-us/account-billing/how-to-recover-a-hacked-or-compromised-microsoft-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

    https://support.microsoft.com/en-us/account-billing/help-with-the-microsoft-account-recovery-form-b19c02d1-a782-dee6-93c3-dc8113b20c42

    https://support.microsoft.com/en-us/account-billing/your-microsoft-account-recovery-request-wasn-t-granted-dc56c3e3-dff0-4ed5-8edb-60290eea6b53

    Please take note that if 2FA is enabled on your account, ACSR will inform you that your recovery request will be ignored and you will only receive a message that the recovery request is either successful or it will indicate that it has insufficient information and this means that 2FA is disabled. You may keep on trying as many times as you want which is up to two times per day.

    Please take note as well that Microsoft Support will not be able to assist with doing manual recovery, unblocking, and escalation as support agents and advocates are not allowed to send password reset links or access and change account details.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-04T04:37:29.6566667+00:00

    The unknown chacroscmail.ru address is almost certainly an attacker-added alias or security info on the Microsoft account. To remove it and secure the account, follow these steps in order:

    1. Clean the device and reset the password
      1. Run a full antivirus/malware scan on the PC first. If using Windows 10/11 or 8.1, turn on and run Windows Defender as described in the article.
      2. After the scan completes, sign in to the Microsoft account (if possible) and immediately change the password to a strong, unique one. If sign-in is blocked, reset the password.
    2. Check for and remove attacker-added aliases
      1. Go to Manage how you sign in to your account: https://go.microsoft.com/fwlink/p/?linkid=842796
      2. Sign in to the affected Microsoft account.
      3. Under the list of aliases/usernames, locate any email address that is not recognized (for example, the chacroscmail.ru address).
      4. Select Remove next to that alias.
        • If the attacker’s address was set as primary, first choose another alias and select Make primary, then remove the attacker’s alias.
    3. Fix security info and verification codes
      1. If verification codes are being sent to an address that is not recognized when signing in, follow the guidance under “I don't recognize the phone/email security info when signing in to my Microsoft account.”
      2. If the account is in a “security info change pending” state and the attacker replaced the security info, use the options on that pending screen:
        • Use Let us know if the change was not made by the account owner, to trigger the unauthorized-change flow.
        • If the change was initiated by the account owner and the old security info is still accessible, use Cancel this request.
      3. Once access is restored, add trusted security info (phone, alternate email, Microsoft Authenticator) and remove any unrecognized phone/email entries.
    4. Review account activity and mailbox settings
      1. Check the Recent activity page from the Microsoft account dashboard to confirm any unusual sign-ins and mark them as “This wasn’t me.”
      2. In Outlook.com, review:
        • Settings → Mail → Rules and delete any suspicious rules.
        • Forwarding and Automatic replies pages and remove any unknown forwarding addresses or auto-replies.
    5. If access is lost or codes always go to the attacker
      1. Use the official recovery flow for compromised accounts as described in How to recover a hacked or compromised Microsoft account.
      2. If the recovery form fails and the attacker has fully replaced the security info, there is no alternate supported method to regain access beyond the documented recovery process.

    After regaining full control and removing the chacroscmail.ru address from aliases and security info, keep multi-factor authentication enabled and monitor for any new unrecognized verification-code prompts. Do not approve or respond to verification codes that were not requested.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.