Solved

All of a sudden - Increased Spam on Gmail

Posted on 2014-10-29
7
907 Views
Last Modified: 2015-01-06
I recently came across a pc with a Groovorio PUP/Virus on a pc.  Since I removed it the owner of that pc started to get hundreds of spam hitting his gmail inbox which he uses regularly.  The spam emails were not typical spam like marketing or click here but absolute gibberish, full of letters a-z and numbers 0-1; some letters in caps, some not.  I'm not a 100% sure if they are related but I'm reaching out to see if anyone has an idea of what is happening.  Also since gmail doesn't appear to have contact filtering only these spam emails are still getting through, we must of highlighted close to 1000 spam emails and reported them as spam but most still get through.  Another weird behavior was that he got a amazon email saying he purchased a product and after verifying the purchase on his amazon account from another pc, it turned out to be a valid email so his amazon account was hacked.  Again not sure if this is all related to groovorio PUP but it happened all at the same time.

So my questions are;
1. Does anyone know of a tactic a hackers uses that resembles this post behavior of a virus removal?
2. Is there any additional tips to apply to gmail to block these gibberish emails (not sure why gmail doesn't stop it to begin with)
3. does anyone the full extent of the Groovorio PUP's once it hits a pc?
0
Comment
Question by:jo80ge121
  • 3
  • 3
7 Comments
 

Author Comment

by:jo80ge121
ID: 40413524
bueller... bueller?
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 500 total points
ID: 40413791
jo80ge121 --
In response to your questions
1)  No experience.
3)  This reference is pretty good
http://malwaretips.com/blogs/remove-groovorio-virus/

2)  How did you remove Groovorio?  Perhaps you did not do a thorough job.
I, too, am surprised Gmail is not blocking these emails.  If you hover over the title of a Spam message you will get a popup telling you the domain name of the sender.  You can then
a)  Set up a Filter by clicking the Gear at the top right|Settings|Filters  or
b)  Check the box to the left of the title of a Spam message and then click Move To|click Spam.
GMail should learn these messages are Spam.

You could also try a System Restore to a date before Groovorio was installed.  
And I assume you have run scans with at least your Antivirus and MalwareBytes.
0
 

Author Comment

by:jo80ge121
ID: 40413906
I remove it with Malwarebytes, and I used MRT, security essentials and rootkit scanner to make sure there wasn't anything else.  Only Malwarebytes found groovorio and listed it as a PUP.  

I found that reference before but I ended up wiping and reloading only because of the whole amazon hack thing but thank you.

the domain names are from all sort of known email providers; gmail, aol, msn, yahoo,.  Each one of those senders had gibberish names e.g; adf321id@aol.com or yyhhlle002@gmail.com.  I can't block those domain but I did start having him select the hundreds of spam mail and report them as spam using the report button.  Some days are better than other but then they start up again.  I guess we have to be a little more patience until gmail learns how to effectively stop them.  

If no one else has a better answer in a few days I'll submit  your response as a answer.  thank you again.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 50

Expert Comment

by:jcimarron
ID: 40413970
jo80ge121--
Don't forget possible use of a System Restore.
0
 

Author Closing Comment

by:jo80ge121
ID: 40420761
gmail eventually stopped the spam.  not sure why this all happened around the same time i removed the pup groovorio but with today's world who knows.  I applied my own tricks and used some of yours.  thank you.  can't do more than this
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40421840
jo80ge121--
You are welcome.  Glad to have helped.
0
 
LVL 3

Expert Comment

by:Bill C. French
ID: 40533560
Msg for jcimarron:  Thanks very much for the solution. Saved having to reload all programs & data. Regards, Bill C. French
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now