Computer sending emails by itself


I am having a very strange problem. I currently have Norton Antivirus 2005 installed (and have so for months). I have the scanning of outgoing emails feature turned on, so when I compose and send a message from Outlook it is moved to the 'Sent Items' folder and then Norton relays the message (showing its progress near the systray in a popup). For the past couple of months my PC has been sending emails by itself occasionally.  They are not being sent through Outlook but the Norton outgoing email scanner does pop up briefly to let me know it is scanning an outgoing message.

I have done searches by date for files last modified and accessed and can see nothing suspicious. I am running Norton AV 2005 with all the latest updates and this PC also does weekly virus scans by itself. I have run Adaware as well and found nothing that strikes me as being odd. Also the smtp server I use for relaying is my own (located on a different PC, not on the same network). I have checked the logs on the server and these messages are not being relayed through my server.

I'd like to stop this from happening (or even confirm that it is indeed happening) but more importantly I'd like to know what is being sent and to whom. Does anyone have any suggestions on how I can track these outgoing messages or locate the source application which is sending them?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi rite_eh,

thats perfectly normal my friend


ah wron Q damn QP!

sorry mate

you definatly have a problem here. Sounds like you got hacked :-) . Sounds even more like you have a rootkit.

You should try using RootKit Revealer. You can download it here:

Perhaps the reason why you can't find the offending file is because it IS a rootkit. Norton hooks into Winsock, that is probably the ONLY way this thing is being detected.

If a rootkit is found, you best format your drive. Don't think you can clean it out yourself.


Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Can u check the LOGS od Norton and see what is happeneing exactally.

and also check in Event Viewer .
You can also download and run HJT from  Post the log back to that web site (not here), click on "analyze" at the bottom, then click "Save Analysis" at the bottom of the next page, and finally post a link to that saved analysis page here.
If I were you I'd immediately disconnect from the internet, and do not reconnect until you know what is being sent, and to where, and by what.
Check Norton: "statistics" - "view logs" - "e-mail filtering". This should reveal some information about what is being sent.

Try downloading, updating and running Ewido: 

Disable system restore and boot into safe mode. Run Ewido.
Disable startups in msconfig.
Bitdefender is an anti-virus program which I have seen find infections which Norton missed. Check it out here:

An added bonus is - it's free!

Are you running any peer-to-peer file sharing software: Limewire; Winmx; E-mule; etc.? If so, check the contents of your shared folder. I recently had a client whose HDD was colonized by a huge repository of porn. He was running Kazaa, but he isn't any more.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Right off, I'd tighten the rules on my software firewall. Make sure youi have not inadvertantly allowed access to an application you did not mean to. If you don't have a software firewall installed, I'd highly recommend it. It's typically pretty easy to block from the outside in, but it is the inside ---> Outside exploits that get us.  I had something similar happen abouit a year ago. I installed Zone alarm and caught the application in the act and was able to track it down from there.

I strongly Advise you to go to 

download kaspersky anti virus personal (trial version)

do a full scan.

Cuz It may be key logger which collects information about ur pc and the keys u enter on keyborad and send them to the hacker.

or just A trojan that sends the hacker ur ip everytime u connect to the internet

I had this problem before when i used to using norton anti virus and some trojans couldnt be catched by it

since 2 years i have been using kaspersky i havent got any virus or trojan....etc

regards :)

Was any of the above info helpful?
rite_ehAuthor Commented:
Yes, thank you to all of you who provided me with suggestions, links, etc. I have divided points up across multiple people. There were actually two reasons my PC was doing this.

I had a spyware/virus application which was emailing out on a regular interval. Monitoring outgoing traffic helped me catch this one. Requests going out on port 80 for ad sites. It was emailing out ad re;ated data as far as I can tell. I've taken some precautions there (changed passwords, etc). Secondarily I stumbled across Outlook in the logs which was automatically sending read receipts (without my permission, which I have since turned off). The weird thing was it was doing this a minute or two after I opened the message (not right away as expected). I tracked this down while viewing the Norton Antivirus logs.

Again thanks for the help and reminder on this question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.