Solved

Spam Emails being sent through my computer

Posted on 2004-10-09
18
8,226 Views
Last Modified: 2013-11-16
My computer is sending hundreds of emails.  A pop up from symantec states "Your email message was unable to be sent because your mail server rejected the message."  I have NAV.  I have tried many of the virus/spyware scan freeware sites with no luck.  Any help on stopping this would be helpful.  Thankyou.
0
Comment
Question by:summit76
  • 4
  • 4
  • 3
  • +5
18 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12268697
Are you using any email client to send emails ? If yes , first close the email client.

a) Install a good firewall like zonealarm.

b) Update the virus definition of NAV.
Scan virus using these both in NORMAL AND SAFE MODE.

Stinger : http://vil.nai.com/vil/stinger/

NAV

and this Online virus scanner :http://housecall.trendmicro.com/

c) Then remove all temporary files

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

d) Spams are very tricky to figure out.. Do you have any spamkiller installed , if not install it..
0
 

Author Comment

by:summit76
ID: 12268716
I am not using a email client

I have a firewall through Norton is that good?

NAV is updated.

I tried Stinger and houscall with no luck.

I did this.  What should I delete once these pages are up.
1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

I do not know what spam killer is.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12268723
summit76,
> I have a firewall through Norton is that good?

It depends to say whether it is good or not. It is better to have zonealarm ..

NAV most of the time doesnot find latest virus. Run the virus scanners , i have suggested to be sure

You can remove all the files once that temp folder comes in. DONOT remove the TEMP folder , remove only the contents.
some files you cannot remove , donot worry about those. you can remove them in safe mode..

0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12268732
0
 
LVL 4

Expert Comment

by:gemchest
ID: 12268865
Hi,

Is it really the problem caused by NAV? Is these mails those you wanna sent? or is it on its own? My point is, maybe you'd check the sending/receiving servers are ok and active first, probably the server isn't responding correctly after all..

If the mails arent ones u wanna send, you should try to do a full scan for any program that makes the computer sending out mails.

cheers,
Luis
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12270726
disable ports 25 110 113 in out tcp udp all ip addresses , this should stop the pc from sending all e-mails , course if its an internal spam app it could dos yourself but odds of it are slim if you make sure firewall is set to
DENY the connections
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12271139
Sounds very much like Blaster trying to replicate.
Run a full Stinger scan in SAFE MODE - http://vil.nai.com/vil/stinger/
0
 

Expert Comment

by:futurelogix
ID: 12272063
jus scans the ports online  with the help of softwares available in

http://www.diamondcs.com.au/index.php?page=home

tds3 trojan scanner can perfectly look for any worms that send mails from ur pc
also there is port scanner software which could help u ports online!!!

0
 
LVL 3

Expert Comment

by:happythedog
ID: 12273309
deny the ports use the utils on grc.com if your curious
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 4

Expert Comment

by:ferg-o
ID: 12277581
Tim is right - boot your machine to safe mode and scan all your drives.
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12278776
go to a format
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12285581
If the operating system is bootable, then no format required...
0
 
LVL 3

Expert Comment

by:happythedog
ID: 12286464
required it isnt , but would clean things up
quote from author Your email message was unable to be sent because your mail server rejected the message."
knowing what error code was recieved would be helpful , this could be user has gone over an e-mail quota , a misconfigured mailserver,
the fact its rejecting i assume means hes authenticating propertly so the second choice is probably out
try taking down NAV and all other av/firewalls you have , then see if you can send an e-mail this will narrow the issues some
0
 

Author Comment

by:summit76
ID: 12290026
I ran stinger and it did not detect anything.  I installed zonealarm and the pop ups stating "Your email message was unable to be sent because your mail server rejected the message" have stopped(which is very good).  Most of the email titles being sent were pornographic.  These are not emails I am sending or want sent.  They slow my internet connection and were at such high volumes that the pop up alerts made it difficult to use the computer at all.  Like I said the pop ups have stopped but its difficult to tell if these spam emails are still being sent.  During the first hour after being instaled zone alarm noted 9000 intrusion attemps.  This problem first started a couple months ago and then stopped.  My computer never ran as well and now that its back it makes me belive that it was never really gone.    
0
 

Expert Comment

by:John-Reilly
ID: 12294346
"During the first hour after being instaled zone alarm noted 9000 intrusion attemps.  This problem first started a couple months ago and then stopped.  My computer never ran as well and now that its back it makes me belive that it was never really gone."

My friend, your machine is badly 'hosed'.  We could give you accurate and professional advice that would gradually reduce your symptoms after hours of your own hard efforts, and still not be certain you have rid your machine of serious trouble.

I don't know what your technical experience level is, but I steer you towards reformating your hardrive. It will take you 5-10 hours assuming you have ALL of your origninal software CD's, usernames, and passwords handy, and access to another PC for researching trouble - but it's the only way to ensure a clean PC.

How do you decide what to do?  If you answer yes to any of the following, I'd reformat.  

-Are you behind a router/firewall from your ISP?
-do you do Online banking?
-do you do use the Internet to access your credit cards?
-do you do use the Internet for Online Bill payments
-did you ever create Excel, Word, etc., documents with personal information (SS#, drivers license, DOB, passwords, etc.)
-Have anything you wouldn't like someone to steal.
-do you connect to Employers VPN?

Reformatting is painful and slow, but the surefire way of cleaning a machine that has been compromised for months.  You will also be able to start fresh with the previous suggestion of Zone Alarm, AV, anti-spyware tools, etc.  If you're really paranoid (like me),and answered yes to most of the above items, then I'd also order a credit report.  

If you have XP, you could do a system restore to a date many months back.  But this will give you a false sense of security if you don't know how to go about 'hardening' your PC from future attacks.

Reformat and sleep better.  But backup your music and family photos first =)
0
 
LVL 4

Expert Comment

by:gemchest
ID: 12294620
hi,

hmm... i believe something really messed up is happening in your computer. try to use antivirius software to give it a thorugh scan or use adaware and hijackthis to remove unwanted entries...

http://www.zerosrealm.com/downloads/hjt.zip
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

of course, the best way for such big entanglement is to re-format, it's up to your discretion.

cheers,
Luis
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 12297885
Hosed or not, everything's fixable...  ;)  Here's my standard blurb:

Getting rid of the problem...

1)  Run a full Stinger scan in Safe Mode - http://vil.nai.com/vil/stinger/
2)  Install and run LavaSoft AdAware - http://www.lavasoftusa.com/support/download/
3)  Download and run HijackThis (HJT) http://www.snapfiles.com/get/hijackthis.html
4)  Post the log at http://www.hijackthis.de/index.php?langselect=english
5)  Run MSBA - http://www.microsoft.com/technet/security/tools/mbsahome.mspx & take appropriate patching action

Stopping it happen again...

1)  Ensure WindowsUpdate is set to update your system
2)  Download a pop-up blocker - eg toolbar.google.com
3)  Install Lavasoft AdAware and run regular scans, or just leave it and have it handy for when problems start recurring.
4)  Keep your AV software up to date - daily updates recommended
5)  Enable Internet Connection Firewall, or use ZoneAlarm if you don't use XP
6)  Stay vigilant.  Don't bother opening non-work related email attachments, or install an on-access virus scanner so that it doesn't matter if you do.
7)  Look at a host IPS - eg www.prevx.com to cover your machine between when a virus hits the wild and when a patch is finally released that fixes it.  Average time is roughly 6 days.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12341201
Which bit fixed this ?  
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now