![]() |
![]() |
#1 (permalink) |
Been Here Since the Begin
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
|
![]()
After breakfast this morning, I came down to my PC and opened up my email. In my Inbox (Outlook 2007), I found about 15-20 "returned emails" from "postmaster". I had apparently sent out a spam email automatically. A couple of people on my contacts list sent me emails to also tell me that I sent out a spam email.
Since then, I have run full scans using MSE, MalwareBytes, SAS, and HitmanPro. None of them found a thing. Now what? Any suggestions? I've thought about running Housecall. Anyone have any ideas how my email program sent out an automatic email without me doing anything, yet everything shows up clean? P.S. Yes, I did full updates on all the programs before running in-depth scans.
__________________
<-------Just jammin to some music.... |
![]() |
![]() |
#2 (permalink) |
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
|
![]()
Submitting a HijackThis log is about the most reliable method although there are some local things you can do as well.
Try checking your HOSTS file. Many bots rewrite this file to trick your PC into connecting to an incorrect and unauthorized IP address for a server. Typically the only line in this file will be 127.0.0.1 local host, although there may be some additional, inactive lines; these will be preceded by a #, indicating that they're to be ignored by the system. If you find other lines, make a backup copy of the HOSTS file (just in case), then delete the suspect lines and save the file. Also, Process Explorer might help you to identify something you don't recognize, especially if it's in the top ten for memory consumption. As you say, Housecall is an obvious choice for an online scan. You might also take a look at this PDF which has some good tips - in pictures as well as words ![]() http://www.ipa.go.jp/security/englis...asures_eng.pdf Good luck!
__________________
Buy a Hoover and prove technology sucks. |
![]() |
![]() |
#3 (permalink) | |
Been Here Since the Begin
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
|
![]()
Housecall clean as well.
MC, how do I find the hosts file in Windows 7 (64 bit)? Nevermind....found it. Here it is: Quote:
__________________
<-------Just jammin to some music.... Last edited by kendall; 23. May 2010 at 09:57 PM. |
|
![]() |
![]() |
#5 (permalink) |
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
|
![]()
Although I know "of" these things I wouldn't trust my own ability to interpret someone else's results correctly. I'm more in tune with the prevention of host file manipulation as in this example:
http://antivirus.about.com/od/securi...ss/hosts_4.htm I'd welcome some other input here for you, otherwise in view of what you might have encountered I still think a HijackThis analysis would be the best way forward. You can copy/paste your log file here: http://www.hijackthis.de/ This automated process though is not as accurate as a proper analysis but it is of course quicker than posting it in one of the tech forums.
__________________
Buy a Hoover and prove technology sucks. |
![]() |
![]() |
#6 (permalink) |
Been Here Since the Begin
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
|
![]()
I ran Hijackthis and pasted it into the site you posted. It shows everything as safe. I'd post the log here, but it is way too long. Besides, it's better to be pasted in a specific forum designed for such purpose.
__________________
<-------Just jammin to some music.... |
![]() |
![]() |
#7 (permalink) |
Senior Member
Join Date: Nov 2009
Posts: 445
|
![]()
Hi kendall,
As I have a little bit of experience with "managing" spam, here are a couple of things: 1. Not long ago, I got a couple of "postmaster" messages stating that an email I tried to send could not be delivered. Funny thing was that: 1.1 Turned out one of them wasn't even a legitimate "postmaster" message - it was a spam itself. 1.2 The other had the alleged email attached and, after checking it, it turned out that it had nth to do with me (I was not the real sender). So, are you and/ or your contacts absolutely sure that you really sent out a spam? You can verify that by checking the headers of both the spam and the "postmaster" emails - headers always tell the truth, even if the "From", "To", "Reply to", etc lines are spoofed. Since all your scans come clean, it's a possibility to consider. Of course, if we're talking about a very "private" email address, it's rather unlikely that it's being used for sending spam by a third party (not from your machine). If this is the case, you do need to look further into the chance of having some kind of infections and MC's advice is indeed the best I can think of myself. I don't want to unnecessarily alarm you, but I've noticed that on "The Spamhaus Project" site a lot of "unknownXXX" bots are being reported lately ("XXX" stands for a comb of numbers, stating that the bots don't fall under any known ones) - maybe a reason for your scans coming clean? It's a wild guess and sure hope you're not that unlucky. Good luck, 26Dolphins |
![]() |
![]() |
#8 (permalink) |
Been Here Since the Begin
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
|
![]()
I think I might know the problem. I think it is related to my MSN email account. If you Google "MSN sent email spam", you will find hundreds of links. This appears to be a very common issue with MSN email.
It might be time to switch over to my Gmail account?! In the mean time, I've changed my MSN password and my security question/answer. Of course, I've had this MSN email account since 2005. However, dumb me has never changed the email password. Probably not too smart. Well, it's changed now.
__________________
<-------Just jammin to some music.... |
![]() |
![]() |
#9 (permalink) |
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
|
![]()
Well, at least you've been able to identify the source. I don't use MSN - all I know about it is that the university network where my wife works is stacked with viruses and their own techs attribute most of this to MSN being used as the main communicator.
__________________
Buy a Hoover and prove technology sucks. |
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|