Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1151
  • Last Modified:

Computer sending emails by itself

Hello,

I am having a very strange problem. I currently have Norton Antivirus 2005 installed (and have so for months). I have the scanning of outgoing emails feature turned on, so when I compose and send a message from Outlook it is moved to the 'Sent Items' folder and then Norton relays the message (showing its progress near the systray in a popup). For the past couple of months my PC has been sending emails by itself occasionally.  They are not being sent through Outlook but the Norton outgoing email scanner does pop up briefly to let me know it is scanning an outgoing message.

I have done searches by date for files last modified and accessed and can see nothing suspicious. I am running Norton AV 2005 with all the latest updates and this PC also does weekly virus scans by itself. I have run Adaware as well and found nothing that strikes me as being odd. Also the smtp server I use for relaying is my own (located on a different PC, not on the same network). I have checked the logs on the server and these messages are not being relayed through my server.

I'd like to stop this from happening (or even confirm that it is indeed happening) but more importantly I'd like to know what is being sent and to whom. Does anyone have any suggestions on how I can track these outgoing messages or locate the source application which is sending them?
0
rite_eh
Asked:
rite_eh
4 Solutions
 
Jay_Jay70Commented:
Hi rite_eh,

thats perfectly normal my friend

Cheers!
0
 
Jay_Jay70Commented:
rite_eh,

ah wron Q damn QP!

sorry mate
0
 
mugman21Commented:
rite_eh,

you definatly have a problem here. Sounds like you got hacked :-) . Sounds even more like you have a rootkit.

You should try using RootKit Revealer. You can download it here:
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Perhaps the reason why you can't find the offending file is because it IS a rootkit. Norton hooks into Winsock, that is probably the ONLY way this thing is being detected.

If a rootkit is found, you best format your drive. Don't think you can clean it out yourself.

Mugman

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
ashburyCommented:
Can u check the LOGS od Norton and see what is happeneing exactally.

and also check in Event Viewer .
0
 
r-kCommented:
You can also download and run HJT from http://www.hijackthis.de/  Post the log back to that web site (not here), click on "analyze" at the bottom, then click "Save Analysis" at the bottom of the next page, and finally post a link to that saved analysis page here.
0
 
phototropicCommented:
If I were you I'd immediately disconnect from the internet, and do not reconnect until you know what is being sent, and to where, and by what.
Check Norton: "statistics" - "view logs" - "e-mail filtering". This should reveal some information about what is being sent.

Try downloading, updating and running Ewido:

www.ewido.net/ 

Disable system restore and boot into safe mode. Run Ewido.
Disable startups in msconfig.
Bitdefender is an anti-virus program which I have seen find infections which Norton missed. Check it out here:

www.bitdefender.com/

An added bonus is - it's free!

Are you running any peer-to-peer file sharing software: Limewire; Winmx; E-mule; etc.? If so, check the contents of your shared folder. I recently had a client whose HDD was colonized by a huge repository of porn. He was running Kazaa, but he isn't any more.
0
 
Wookie68Commented:
Right off, I'd tighten the rules on my software firewall. Make sure youi have not inadvertantly allowed access to an application you did not mean to. If you don't have a software firewall installed, I'd highly recommend it. It's typically pretty easy to block from the outside in, but it is the inside ---> Outside exploits that get us.  I had something similar happen abouit a year ago. I installed Zone alarm and caught the application in the act and was able to track it down from there.

Later
Wook
0
 
nikorbaCommented:
I strongly Advise you to go to www.kaspersky.com 

download kaspersky anti virus personal (trial version)

do a full scan.

Cuz It may be key logger which collects information about ur pc and the keys u enter on keyborad and send them to the hacker.

or just A trojan that sends the hacker ur ip everytime u connect to the internet

I had this problem before when i used to using norton anti virus and some trojans couldnt be catched by it

since 2 years i have been using kaspersky i havent got any virus or trojan....etc

regards :)
0
 
phototropicCommented:
rite_eh,

Was any of the above info helpful?
0
 
rite_ehAuthor Commented:
Yes, thank you to all of you who provided me with suggestions, links, etc. I have divided points up across multiple people. There were actually two reasons my PC was doing this.

I had a spyware/virus application which was emailing out on a regular interval. Monitoring outgoing traffic helped me catch this one. Requests going out on port 80 for ad sites. It was emailing out ad re;ated data as far as I can tell. I've taken some precautions there (changed passwords, etc). Secondarily I stumbled across Outlook in the logs which was automatically sending read receipts (without my permission, which I have since turned off). The weird thing was it was doing this a minute or two after I opened the message (not right away as expected). I tracked this down while viewing the Norton Antivirus logs.

Again thanks for the help and reminder on this question.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now