Solved

All of a sudden - Increased Spam on Gmail

Posted on 2014-10-29
7
922 Views
Last Modified: 2015-01-06
I recently came across a pc with a Groovorio PUP/Virus on a pc.  Since I removed it the owner of that pc started to get hundreds of spam hitting his gmail inbox which he uses regularly.  The spam emails were not typical spam like marketing or click here but absolute gibberish, full of letters a-z and numbers 0-1; some letters in caps, some not.  I'm not a 100% sure if they are related but I'm reaching out to see if anyone has an idea of what is happening.  Also since gmail doesn't appear to have contact filtering only these spam emails are still getting through, we must of highlighted close to 1000 spam emails and reported them as spam but most still get through.  Another weird behavior was that he got a amazon email saying he purchased a product and after verifying the purchase on his amazon account from another pc, it turned out to be a valid email so his amazon account was hacked.  Again not sure if this is all related to groovorio PUP but it happened all at the same time.

So my questions are;
1. Does anyone know of a tactic a hackers uses that resembles this post behavior of a virus removal?
2. Is there any additional tips to apply to gmail to block these gibberish emails (not sure why gmail doesn't stop it to begin with)
3. does anyone the full extent of the Groovorio PUP's once it hits a pc?
0
Comment
Question by:jo80ge121
  • 3
  • 3
7 Comments
 

Author Comment

by:jo80ge121
ID: 40413524
bueller... bueller?
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 500 total points
ID: 40413791
jo80ge121 --
In response to your questions
1)  No experience.
3)  This reference is pretty good
http://malwaretips.com/blogs/remove-groovorio-virus/

2)  How did you remove Groovorio?  Perhaps you did not do a thorough job.
I, too, am surprised Gmail is not blocking these emails.  If you hover over the title of a Spam message you will get a popup telling you the domain name of the sender.  You can then
a)  Set up a Filter by clicking the Gear at the top right|Settings|Filters  or
b)  Check the box to the left of the title of a Spam message and then click Move To|click Spam.
GMail should learn these messages are Spam.

You could also try a System Restore to a date before Groovorio was installed.  
And I assume you have run scans with at least your Antivirus and MalwareBytes.
0
 

Author Comment

by:jo80ge121
ID: 40413906
I remove it with Malwarebytes, and I used MRT, security essentials and rootkit scanner to make sure there wasn't anything else.  Only Malwarebytes found groovorio and listed it as a PUP.  

I found that reference before but I ended up wiping and reloading only because of the whole amazon hack thing but thank you.

the domain names are from all sort of known email providers; gmail, aol, msn, yahoo,.  Each one of those senders had gibberish names e.g; adf321id@aol.com or yyhhlle002@gmail.com.  I can't block those domain but I did start having him select the hundreds of spam mail and report them as spam using the report button.  Some days are better than other but then they start up again.  I guess we have to be a little more patience until gmail learns how to effectively stop them.  

If no one else has a better answer in a few days I'll submit  your response as a answer.  thank you again.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 50

Expert Comment

by:jcimarron
ID: 40413970
jo80ge121--
Don't forget possible use of a System Restore.
0
 

Author Closing Comment

by:jo80ge121
ID: 40420761
gmail eventually stopped the spam.  not sure why this all happened around the same time i removed the pup groovorio but with today's world who knows.  I applied my own tricks and used some of yours.  thank you.  can't do more than this
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40421840
jo80ge121--
You are welcome.  Glad to have helped.
0
 
LVL 3

Expert Comment

by:Bill C. French
ID: 40533560
Msg for jcimarron:  Thanks very much for the solution. Saved having to reload all programs & data. Regards, Bill C. French
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 and 2016 Co-Existence 24 149
Questions on 'Remote Packet Capture Protocol' from Riverbed Technology, Inc. 5 382
Mobile penetration testing 2 108
PCAnywhere 2 100
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now