100s of bounced email messages after a customer opened a .zip file in their email

Ive ran super anti spy and mbam and other av software and removed "mind spark" sw and some other rubbish.

The question is do they have the email password and are spamming from another machine and not the customers.
The customer is on hols now and Im just researching what to do next if thats the case ....  


========== example 1 =====================

Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  ****@aol.com
    SMTP error from remote mail server after RCPT TO:<*****@aol.com>:
    host mailin-02.mx.aol.com [64.12.88.163]: 550 5.1.1
<****@aol.com>:
    Recipient address rejected: aol.com


========== example 2 =====================

Subject: Warning: message 1XFTEs-0006Ds-Bc delayed 24 hours

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on smtp.hosts.co.uk.

The message identifier is:     1XFTEs-0006Ds-Bc
The date of the message is:    Thu, 07 Aug 2014 22:19:00 +0300
The subject of the message is: Notice of appearance in court No#3302

The address to which the message has not yet been delivered is:

  *****@******.com

No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
feck1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
unplug the machine from the network.  on the exchange server delete the outgoing messages that this user/machine has queued to be sent.

now on the infected machine  you can either re-image it or run antivirus and antimalware tools i.e. malwarebytes .. once you are confident that the machine is clean then reattach it to the network.  Unfortunately you may have more infected machines in your network as right now your network is compromised.

Re-imaging the PC is usually the fastest route and the one that gives you 100% confidence in the PC
0
ghanaCommented:
The bounce messages indicate an infection by a mass mailing malware. I think it's not possible to anwer your question whether the malware has obtained the mail password to continue spamming from another machine. The malware was sent by a ZIP file that's not a sign for a very sophisticated attack. So it might only be a mass mailing malware without more sophisticated functions. But this is only an assumption and you shouldn't trust on assumptions in this case.

It seems that you have already cleaned the machine. However I would also think about a clean OS install because you don't know for sure what happened on that machine. In addition I would change the password for all mail accounts that were configured in mail client software on the infected machine. If the user has stored further passwords (for example for web sites in the browser) I would recommend to change these too.

Just a final thought you should keep in mind: If the user uses multiple computers/devices with the same mail account (for example at home or mobile) the mass mailing malware infection could also be on this device.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
feck1Author Commented:
Thanks all.  I was thinking along the same lines.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.