stkoontz
asked on
Outlook 2010 sends emails not originated by user
An employee (call her Joyce) received an email a few weeks ago that had several YouTube links on it. The email was sent to about 10 other people. The email originated from another employee (call him George) and we verified that George actually sent it.
Joyce was gone for 2 weeks. When she returned yesterday, she noticed that the email she received from George had been sent out from her computer 5 or 6 times to the same people it was originally sent to except that there was a random email address added to the end of the list. Joyce hadn't resent the email. The subject line wasn't changed to Re: either.
I scanned the computer with Malwarebytes which found Swagbucks and Symantec Endpointe Protection which found and deleted a tracking cookie. Joyce has been using Swagbucks for several months without problem so I left it. Today Joyce had more of the same email sent out.
Searching Google didn't come up with anything. Anyone have any ideas?
Thanks,
Steve
Joyce was gone for 2 weeks. When she returned yesterday, she noticed that the email she received from George had been sent out from her computer 5 or 6 times to the same people it was originally sent to except that there was a random email address added to the end of the list. Joyce hadn't resent the email. The subject line wasn't changed to Re: either.
I scanned the computer with Malwarebytes which found Swagbucks and Symantec Endpointe Protection which found and deleted a tracking cookie. Joyce has been using Swagbucks for several months without problem so I left it. Today Joyce had more of the same email sent out.
Searching Google didn't come up with anything. Anyone have any ideas?
Thanks,
Steve
ASKER
It happened a few minutes ago with Joyce sitting at her computer. She noticed the email show up in her outbox and deleted it before it was sent. We use Google App Sync to sync to Gmail accounts so I'm having her change her password, but I don't think that's the problem.
Thanks for the suggestion. I do appreciate the help.
Steve
Thanks for the suggestion. I do appreciate the help.
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Besides Malware bytes try more as per above. Spybot, Symantec, Kaspersky, McAfee, ESET, Sophos, Vipre. Most have stand alone scanners,
I would also try MalwareBytes Rootkit scanner. It might not be a generic virus but a root one. Though I do assume it is a virus, or your google apps administrator/user accounts might be compromised potentially. Review logins on your google accounts and reset PW it required.
I would also try MalwareBytes Rootkit scanner. It might not be a generic virus but a root one. Though I do assume it is a virus, or your google apps administrator/user accounts might be compromised potentially. Review logins on your google accounts and reset PW it required.
A few suggestions
1. try some of the software in my anti rootkit software review article: https://www.experts-exchange.com/articles/2245/Anti-rootkit-software.html
2. Use an online scanner like Sophos or F-Secure to check again
3. Do you have the root kit scanning option turned on in MBAM (off by default) ?
Try the following:
Run roguekiller and without rebooting run MBAM.
1. try some of the software in my anti rootkit software review article: https://www.experts-exchange.com/articles/2245/Anti-rootkit-software.html
2. Use an online scanner like Sophos or F-Secure to check again
3. Do you have the root kit scanning option turned on in MBAM (off by default) ?
Try the following:
Run roguekiller and without rebooting run MBAM.
ASKER
Restore point didn't work. I'm running roguekiller now. Should I run these in administrator mode, Safe mode, or is the user login fine?
Thanks!
Steve
Thanks!
Steve
It's better to run in safe mode.
ASKER
I replaced the PC with a new one I was setting up for someone else then I'll re-install Windows on the infected PC. I'm giving the points to Justin who first suggested it might be a virus.
Thanks!
Thanks!
Check login times in event logs on PC and confim when the account was accessed
Change the account / email password and ask joyce not to share it and see if it happens again