Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


My Outlook is sending spam

Posted on 2008-10-14
Medium Priority
Last Modified: 2013-12-06
When I starts Oulook, the dialogbox Sending & Receivning tells me it sending message 6/80. Later I get lot of "Undelivered Mail Returned to Sender". If I check the e-mail returned it's spam!

It's likely a virus but I had NOD32 installed all time. After I got this problem I also installed AVG (in Windows safe mode) to search for virus, but nothing found. I do not have Delivery or Read Receipt activated and the e-mail from my computer is a spam!

Any ideas how to fix this? I just reinstalled my computer 1 week ago...
Question by:riverman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
LVL 12

Expert Comment

ID: 22710453
install spybot and update to the latest definations and do a full scan as well..



Author Comment

ID: 22710695
Thank you for your reply!

Could not find anything with Spybot. But I attach the log file.

Any idea?

LVL 12

Expert Comment

ID: 22716169
well it all looks pretty good..

if your NOD32 is fully up to date as is spybot, and youve don full scans with both not finding anything, then thats good..

Now your outlook.. if you go to your outbox.. whats in it ? anything ? if there is, what are they ? canyou delete them ? (You'll probably have to 'work offline' to remove them though)..

if you then shut down and restart do they reappear ?

next thing to do.. go to a CMD prompt (Start / programs / Command prompt) and do a 'netstat -a > c:\whatports.txt'  this will show us whether your machine is perhaps being controlled as a zombie by listening on non-standard ports..

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Author Comment

ID: 22716789
Thanks for your replay!

> if your NOD32 is fully up to date as is spybot, and youve don full scans with both not finding anything, then thats good..
Yes nothing reported by NOD or AVG.

> Now your outlook.. if you go to your outbox.. whats in it ? anything ? if there is, what are they ? canyou delete them ?
No it's empty, still Outlook reporting sending message 4/50 something...

> if you then shut down and restart do they reappear ?
N/A (no)

> next thing to do.. go to a CMD prompt (Start / programs / Command prompt) and do a 'netstat -a > c:\whatports.txt'  

I'll attach the c:\whatports.txt

Lot of connections it seems...


Author Comment

ID: 22716839
Here is the same file but when Outlook is closed! Almost no connection to the world outside!

Author Comment

ID: 22717261
Hi again!

I have disable all addons in Outlook and this also seems to disable the spaming...

The addons are:
OLSIDESHOW.DLL - Microsoft Office Outlook Calendar Gadget for Windows SideShow
UmOutlookAddin.dll - Exchange Outlook UM addin
GrooveTransceiver.dll - Groove Transceiver Module
OMSMAIN.DLL - Microsoft Outlook Mobile Service
ONBttnOL.dll - Microsoft Office OneNote Outlook Add-in
ACCOLK.DLL - Access Outlook Data Collection Addin
ColleagueImport.dll - Microsoft Office SharePoint Server component
OUTLVBA.DLL - Outlook VBA Integration Add-In
mssphtb.dll - Outlook MSSearch Connector

Conclution should be that one or more of above plugins are the "virus"....

Another intresting after disable addons is that all the connection opend with outlook is gone!!! (see attached file)

The question now is how to narrow down the addon and to get back to original one?

LVL 12

Accepted Solution

Steve earned 750 total points
ID: 22717346
ok.. you've got the following ports open :
  Proto  Local Address          Foreign Address        State
  TCP            river-wks8:0           LISTENING - Netbios OK
  TCP            river-wks8:0           LISTENING - Microsoft DS - Resource Sharing on win - OK
  TCP           river-wks8:0           LISTENING - Microsoft Terminal Server - RDP Client
  TCP           river-wks8:0           LISTENING - Web Service for devices ??

dynamic ports (below). (not registered)

  TCP          river-wks8:0           LISTENING - BIT Torrent Sharing Port
  TCP          river-wks8:0           LISTENING - BIT Torrent
  TCP          river-wks8:0           LISTENING - BIT Torrent
  TCP          river-wks8:0           LISTENING - Bit Torrent
  TCP          river-wks8:0           LISTENING - Bit Torrent
  TCP          river-wks8:0           LISTENING - ???
  TCP        river-wks8:0           LISTENING - ???
  TCP        river-wks8:0           LISTENING - ???

so.. after looking at this we get a pretty good idea.. firstly.. you have netbios open on your machine.. you need to secure it.

Bit Torrent Sharing.. man.. this is going to cause grief, because there is no way i can tell what you have or have not run on your machine.. for example if you've downloaded cracks or hacks or whatever you do, many of them have embedded mail servers etc which allow people to use you as a spam bot..

you really need to lock your ports down on your router to start with.. (if you can).. block those ports that you dont need the internet to access (probably all of them except if you HAVE to have bittorrent sharing)..

the next thing id be doing would be a system restore.. check out what restore points you have on your machine, and try to restore back to before the problem was occurring.. eg.. if you only reloaded a week ago, restore to then.. but make sure your ports are locked down on your router first..

that way you wont be susceptable to the same problem going forward..

Author Comment

ID: 22717632
Hi again!

I have used bittorent to download pbxinaflash (a open source pbx) no crack or hack stuff! I did this after my problems accord so bittorrent should not be the cause. My computer is behind a firewall.

However it's interesting that this ports are active and listening...

x: Windows Sockets initialization failed: 5
  TCP    adsl-71-139-244-137:http  TIME_WAIT
  TCP    adsl-71-139-244-137:http  TIME_WAIT
  TCP    adsl-71-139-244-137:http  TIME_WAIT
  TCP    adsl-71-139-244-137:http  TIME_WAIT

It's Outlook.exe that makes connections over 64xxx ports to other sites! Port 49xxx was opend by Windows process: SSDPSRV.

Still it seams that something in Outlook, add on or similar cosing my problems...
LVL 12

Expert Comment

ID: 22717648
yeah i dont doubt it.. but.. just removing the add-in isnt going to fix the root of the problem. because there is nothing stopping it from coming back if you dont plug the hole..

you can always remove the plugins one at a time to see which one is the problem..

those addresses you've entered there are all http web browsing sites that you mustve been browsing to at the time you did the netstat.. one was microsoft etc etc..

Author Comment

ID: 22717748
Only one of the plugins are not signed and it's: mssphtb.dll - Outlook MSSearch Connector. Perhaps it shouln't be signed but at least its a suspect.

It was two ip-addresses on was MS and the other was from AT&T and was a adsl connection. I didn't have any browser started!

For now I have done following:
- I have deleted the exceptional rules for torrent in Windows Firewall.
- Disable above addon in outlook and renam the the file. (if it gets back I know it the virus).
- I have activate usage throttle at my mail server so if it for some reasons activates again, the damage will be less then 20 spam.

I will also keep my computer under control and reinstall it again soon.

Thank you for all help!

Author Closing Comment

ID: 31505839
Thanks again for your time and offert! You lead me into the netstat...


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question