Solved

All of a sudden - Increased Spam on Gmail

Posted on 2014-10-29
7
1,157 Views
Last Modified: 2015-01-06
I recently came across a pc with a Groovorio PUP/Virus on a pc.  Since I removed it the owner of that pc started to get hundreds of spam hitting his gmail inbox which he uses regularly.  The spam emails were not typical spam like marketing or click here but absolute gibberish, full of letters a-z and numbers 0-1; some letters in caps, some not.  I'm not a 100% sure if they are related but I'm reaching out to see if anyone has an idea of what is happening.  Also since gmail doesn't appear to have contact filtering only these spam emails are still getting through, we must of highlighted close to 1000 spam emails and reported them as spam but most still get through.  Another weird behavior was that he got a amazon email saying he purchased a product and after verifying the purchase on his amazon account from another pc, it turned out to be a valid email so his amazon account was hacked.  Again not sure if this is all related to groovorio PUP but it happened all at the same time.

So my questions are;
1. Does anyone know of a tactic a hackers uses that resembles this post behavior of a virus removal?
2. Is there any additional tips to apply to gmail to block these gibberish emails (not sure why gmail doesn't stop it to begin with)
3. does anyone the full extent of the Groovorio PUP's once it hits a pc?
0
Comment
Question by:jo80ge121
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 

Author Comment

by:jo80ge121
ID: 40413524
bueller... bueller?
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 500 total points
ID: 40413791
jo80ge121 --
In response to your questions
1)  No experience.
3)  This reference is pretty good
http://malwaretips.com/blogs/remove-groovorio-virus/

2)  How did you remove Groovorio?  Perhaps you did not do a thorough job.
I, too, am surprised Gmail is not blocking these emails.  If you hover over the title of a Spam message you will get a popup telling you the domain name of the sender.  You can then
a)  Set up a Filter by clicking the Gear at the top right|Settings|Filters  or
b)  Check the box to the left of the title of a Spam message and then click Move To|click Spam.
GMail should learn these messages are Spam.

You could also try a System Restore to a date before Groovorio was installed.  
And I assume you have run scans with at least your Antivirus and MalwareBytes.
0
 

Author Comment

by:jo80ge121
ID: 40413906
I remove it with Malwarebytes, and I used MRT, security essentials and rootkit scanner to make sure there wasn't anything else.  Only Malwarebytes found groovorio and listed it as a PUP.  

I found that reference before but I ended up wiping and reloading only because of the whole amazon hack thing but thank you.

the domain names are from all sort of known email providers; gmail, aol, msn, yahoo,.  Each one of those senders had gibberish names e.g; adf321id@aol.com or yyhhlle002@gmail.com.  I can't block those domain but I did start having him select the hundreds of spam mail and report them as spam using the report button.  Some days are better than other but then they start up again.  I guess we have to be a little more patience until gmail learns how to effectively stop them.  

If no one else has a better answer in a few days I'll submit  your response as a answer.  thank you again.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 50

Expert Comment

by:jcimarron
ID: 40413970
jo80ge121--
Don't forget possible use of a System Restore.
0
 

Author Closing Comment

by:jo80ge121
ID: 40420761
gmail eventually stopped the spam.  not sure why this all happened around the same time i removed the pup groovorio but with today's world who knows.  I applied my own tricks and used some of yours.  thank you.  can't do more than this
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40421840
jo80ge121--
You are welcome.  Glad to have helped.
0
 
LVL 3

Expert Comment

by:Bill C. French
ID: 40533560
Msg for jcimarron:  Thanks very much for the solution. Saved having to reload all programs & data. Regards, Bill C. French
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question