Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Closed Thread
 
Thread Tools Display Modes
Old 23. May 2010, 08:07 PM   #1 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default Suggestions Needed

After breakfast this morning, I came down to my PC and opened up my email. In my Inbox (Outlook 2007), I found about 15-20 "returned emails" from "postmaster". I had apparently sent out a spam email automatically. A couple of people on my contacts list sent me emails to also tell me that I sent out a spam email.

Since then, I have run full scans using MSE, MalwareBytes, SAS, and HitmanPro. None of them found a thing. Now what? Any suggestions?

I've thought about running Housecall. Anyone have any ideas how my email program sent out an automatic email without me doing anything, yet everything shows up clean?

P.S. Yes, I did full updates on all the programs before running in-depth scans.
__________________
<-------Just jammin to some music....
kendall.a is offline  
Old 23. May 2010, 08:54 PM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
Default

Submitting a HijackThis log is about the most reliable method although there are some local things you can do as well.

Try checking your HOSTS file. Many bots rewrite this file to trick your PC into connecting to an incorrect and unauthorized IP address for a server. Typically the only line in this file will be 127.0.0.1 local host, although there may be some additional, inactive lines; these will be preceded by a #, indicating that they're to be ignored by the system. If you find other lines, make a backup copy of the HOSTS file (just in case), then delete the suspect lines and save the file.

Also, Process Explorer might help you to identify something you don't recognize, especially if it's in the top ten for memory consumption.

As you say, Housecall is an obvious choice for an online scan.

You might also take a look at this PDF which has some good tips - in pictures as well as words (downloaded and scanned clean with Malwarebytes, HitmanPro and Panda).

http://www.ipa.go.jp/security/englis...asures_eng.pdf

Good luck!
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline  
Old 23. May 2010, 09:47 PM   #3 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default

Housecall clean as well.

MC, how do I find the hosts file in Windows 7 (64 bit)?

Nevermind....found it. Here it is:

Quote:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Anything I should worry about?
__________________
<-------Just jammin to some music....

Last edited by kendall; 23. May 2010 at 09:57 PM.
kendall.a is offline  
Old 23. May 2010, 10:06 PM   #4 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default

BTW...nothing found with Sophos Anti-Rootkit either.

This is very odd.
__________________
<-------Just jammin to some music....
kendall.a is offline  
Old 23. May 2010, 11:48 PM   #5 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
Default

Although I know "of" these things I wouldn't trust my own ability to interpret someone else's results correctly. I'm more in tune with the prevention of host file manipulation as in this example:

http://antivirus.about.com/od/securi...ss/hosts_4.htm

I'd welcome some other input here for you, otherwise in view of what you might have encountered I still think a HijackThis analysis would be the best way forward.

You can copy/paste your log file here:
http://www.hijackthis.de/

This automated process though is not as accurate as a proper analysis but it is of course quicker than posting it in one of the tech forums.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline  
Old 24. May 2010, 01:07 AM   #6 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default

I ran Hijackthis and pasted it into the site you posted. It shows everything as safe. I'd post the log here, but it is way too long. Besides, it's better to be pasted in a specific forum designed for such purpose.
__________________
<-------Just jammin to some music....
kendall.a is offline  
Old 24. May 2010, 01:19 AM   #7 (permalink)
Senior Member
 
Join Date: Nov 2009
Posts: 445
Default

Hi kendall,

As I have a little bit of experience with "managing" spam, here are a couple of things:
1. Not long ago, I got a couple of "postmaster" messages stating that an email I tried to send could not be delivered. Funny thing was that:
1.1 Turned out one of them wasn't even a legitimate "postmaster" message - it was a spam itself.
1.2 The other had the alleged email attached and, after checking it, it turned out that it had nth to do with me (I was not the real sender).

So, are you and/ or your contacts absolutely sure that you really sent out a spam? You can verify that by checking the headers of both the spam and the "postmaster" emails - headers always tell the truth, even if the "From", "To", "Reply to", etc lines are spoofed.
Since all your scans come clean, it's a possibility to consider.

Of course, if we're talking about a very "private" email address, it's rather unlikely that it's being used for sending spam by a third party (not from your machine). If this is the case, you do need to look further into the chance of having some kind of infections and MC's advice is indeed the best I can think of myself.
I don't want to unnecessarily alarm you, but I've noticed that on "The Spamhaus Project" site a lot of "unknownXXX" bots are being reported lately ("XXX" stands for a comb of numbers, stating that the bots don't fall under any known ones) - maybe a reason for your scans coming clean? It's a wild guess and sure hope you're not that unlucky.

Good luck,
26Dolphins
26Dolphins is offline  
Old 24. May 2010, 04:51 AM   #8 (permalink)
Been Here Since the Begin
 
kendall.a's Avatar
 
Join Date: Apr 2008
Location: Colorado, USA
Posts: 2,325
Default

I think I might know the problem. I think it is related to my MSN email account. If you Google "MSN sent email spam", you will find hundreds of links. This appears to be a very common issue with MSN email.

It might be time to switch over to my Gmail account?!

In the mean time, I've changed my MSN password and my security question/answer.

Of course, I've had this MSN email account since 2005. However, dumb me has never changed the email password. Probably not too smart. Well, it's changed now.
__________________
<-------Just jammin to some music....
kendall.a is offline  
Old 24. May 2010, 10:14 AM   #9 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,190
Default

Well, at least you've been able to identify the source. I don't use MSN - all I know about it is that the university network where my wife works is stacked with viruses and their own techs attribute most of this to MSN being used as the main communicator.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline  
Old 24. May 2010, 04:30 PM   #10 (permalink)
Senior Member
 
Join Date: Jul 2009
Location: Northeast US
Posts: 476
Default

Quote:
Originally Posted by kendall View Post
It might be time to switch over to my Gmail account?!
The answer is a resounding yes! I would also plan on deleting and closing your MSN account.
Taurus is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 06:24 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.