• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1443
  • Last Modified:

All of a sudden - Increased Spam on Gmail

I recently came across a pc with a Groovorio PUP/Virus on a pc.  Since I removed it the owner of that pc started to get hundreds of spam hitting his gmail inbox which he uses regularly.  The spam emails were not typical spam like marketing or click here but absolute gibberish, full of letters a-z and numbers 0-1; some letters in caps, some not.  I'm not a 100% sure if they are related but I'm reaching out to see if anyone has an idea of what is happening.  Also since gmail doesn't appear to have contact filtering only these spam emails are still getting through, we must of highlighted close to 1000 spam emails and reported them as spam but most still get through.  Another weird behavior was that he got a amazon email saying he purchased a product and after verifying the purchase on his amazon account from another pc, it turned out to be a valid email so his amazon account was hacked.  Again not sure if this is all related to groovorio PUP but it happened all at the same time.

So my questions are;
1. Does anyone know of a tactic a hackers uses that resembles this post behavior of a virus removal?
2. Is there any additional tips to apply to gmail to block these gibberish emails (not sure why gmail doesn't stop it to begin with)
3. does anyone the full extent of the Groovorio PUP's once it hits a pc?
0
jo80ge121
Asked:
jo80ge121
  • 3
  • 3
1 Solution
 
jo80ge121Author Commented:
bueller... bueller?
0
 
jcimarronCommented:
jo80ge121 --
In response to your questions
1)  No experience.
3)  This reference is pretty good
http://malwaretips.com/blogs/remove-groovorio-virus/

2)  How did you remove Groovorio?  Perhaps you did not do a thorough job.
I, too, am surprised Gmail is not blocking these emails.  If you hover over the title of a Spam message you will get a popup telling you the domain name of the sender.  You can then
a)  Set up a Filter by clicking the Gear at the top right|Settings|Filters  or
b)  Check the box to the left of the title of a Spam message and then click Move To|click Spam.
GMail should learn these messages are Spam.

You could also try a System Restore to a date before Groovorio was installed.  
And I assume you have run scans with at least your Antivirus and MalwareBytes.
0
 
jo80ge121Author Commented:
I remove it with Malwarebytes, and I used MRT, security essentials and rootkit scanner to make sure there wasn't anything else.  Only Malwarebytes found groovorio and listed it as a PUP.  

I found that reference before but I ended up wiping and reloading only because of the whole amazon hack thing but thank you.

the domain names are from all sort of known email providers; gmail, aol, msn, yahoo,.  Each one of those senders had gibberish names e.g; adf321id@aol.com or yyhhlle002@gmail.com.  I can't block those domain but I did start having him select the hundreds of spam mail and report them as spam using the report button.  Some days are better than other but then they start up again.  I guess we have to be a little more patience until gmail learns how to effectively stop them.  

If no one else has a better answer in a few days I'll submit  your response as a answer.  thank you again.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
jcimarronCommented:
jo80ge121--
Don't forget possible use of a System Restore.
0
 
jo80ge121Author Commented:
gmail eventually stopped the spam.  not sure why this all happened around the same time i removed the pup groovorio but with today's world who knows.  I applied my own tricks and used some of yours.  thank you.  can't do more than this
0
 
jcimarronCommented:
jo80ge121--
You are welcome.  Glad to have helped.
0
 
Bill C. FrenchCommented:
Msg for jcimarron:  Thanks very much for the solution. Saved having to reload all programs & data. Regards, Bill C. French
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now