[DBCIII]

People are getting emails purportedly from my email account with various semi-literate product promotions.

They go to addresses I have used, but most are very old and many are obsolete. The ones to obsolete addresses "bounce" back to me with an "unable to deliver" message, which I think indicates the malware is actually using my email account, not just faking the "from" field. Some of the accounts are current, and I've heard from people asking about it. It also sends a copy to me. I tell them not to open, forward, reply, or click on any links, since I think that is how I got infected. A relative had this issue with an old hotmail account she had not used in years, and I opened a couple, forwarded one to her to show her what was happening.

I've run some cleanup software which found nothing and will try malwarebytes, since I've seen it recommended.

Is there any point in my creating a new email account and telling people to just send the old one to spam filter? Once I get them switched I can delete that account. But will the malware be able to infect one of my other accounts? Anything else I can do?

-DBC

[coastie65]

DBCIII, on 31 May 2011 - 09:41 AM, said:

People are getting emails purportedly from my email account with various semi-literate product promotions.

They go to addresses I have used, but most are very old and many are obsolete. The ones to obsolete addresses "bounce" back to me with an "unable to deliver" message, which I think indicates the malware is actually using my email account, not just faking the "from" field. Some of the accounts are current, and I've heard from people asking about it. It also sends a copy to me. I tell them not to open, forward, reply, or click on any links, since I think that is how I got infected. A relative had this issue with an old hotmail account she had not used in years, and I opened a couple, forwarded one to her to show her what was happening.

I've run some cleanup software which found nothing and will try malwarebytes, since I've seen it recommended.

Is there any point in my creating a new email account and telling people to just send the old one to spam filter? Once I get them switched I can delete that account. But will the malware be able to infect one of my other accounts? Anything else I can do?

-DBC

Hi and welcome to the forum. First, it most likely isn't in your computer, but it never hurts to run malwarebytes. I have had the same thing happen as well a lot of friends, so it isn't new. If you have a Facebook account, check to make sure your address book isn't visble to all as that is one thing they use. the upside to that is once you have secured it, it will stop as they apparently don't copy it, but just go back and send more stuff to the addresses on there. You can change you password as well for your email.

[DBCIII]

Thanks.
I have a FB account, but have security set tight. And I don't ever use any features to "find friends" using address book on FB or anywhere else. I've changed email password a couple of times. That's one reason I decided to switch email accounts. I wanted to communicate clearly to my actual acquaintances that it was not me and tell them to put that account in spam filter. That is to avoid the scenario where they don't understand and just filter me and also hate me!

The fact that most of the email addresses it sends to are ones I've not used in several years (from before Facebook) suggests it is getting them from an archive somewhere - and my PC would seem the only place for that. Maybe an old pst? The only ones I know of that I still am active with are ones I've used for a long time - dating back to same time as the obsolete ones.

Malwarebytes scanned and found nothing. That was the "quick" scan that took 1.5 hrs. I'll run the full one.

coastie65, on 31 May 2011 - 12:00 PM, said:

DBCIII, on 31 May 2011 - 09:41 AM, said:

People are getting emails purportedly from my email account with various semi-literate product promotions.

They go to addresses I have used, but most are very old and many are obsolete. The ones to obsolete addresses "bounce" back to me with an "unable to deliver" message, which I think indicates the malware is actually using my email account, not just faking the "from" field. Some of the accounts are current, and I've heard from people asking about it. It also sends a copy to me. I tell them not to open, forward, reply, or click on any links, since I think that is how I got infected. A relative had this issue with an old hotmail account she had not used in years, and I opened a couple, forwarded one to her to show her what was happening.

I've run some cleanup software which found nothing and will try malwarebytes, since I've seen it recommended.

Is there any point in my creating a new email account and telling people to just send the old one to spam filter? Once I get them switched I can delete that account. But will the malware be able to infect one of my other accounts? Anything else I can do?

-DBC

Hi and welcome to the forum. First, it most likely isn't in your computer, but it never hurts to run malwarebytes. I have had the same thing happen as well a lot of friends, so it isn't new. If you have a Facebook account, check to make sure your address book isn't visble to all as that is one thing they use. the upside to that is once you have secured it, it will stop as they apparently don't copy it, but just go back and send more stuff to the addresses on there. You can change you password as well for your email.

[coastie65]

DBCIII, on 31 May 2011 - 12:45 PM, said:

Thanks.
I have a FB account, but have security set tight. And I don't ever use any features to "find friends" using address book on FB or anywhere else. I've changed email password a couple of times. That's one reason I decided to switch email accounts. I wanted to communicate clearly to my actual acquaintances that it was not me and tell them to put that account in spam filter. That is to avoid the scenario where they don't understand and just filter me and also hate me!

The fact that most of the email addresses it sends to are ones I've not used in several years (from before Facebook) suggests it is getting them from an archive somewhere - and my PC would seem the only place for that. Maybe an old pst? The only ones I know of that I still am active with are ones I've used for a long time - dating back to same time as the obsolete ones.

Malwarebytes scanned and found nothing. That was the "quick" scan that took 1.5 hrs. I'll run the full one.

coastie65, on 31 May 2011 - 12:00 PM, said:

DBCIII, on 31 May 2011 - 09:41 AM, said:

People are getting emails purportedly from my email account with various semi-literate product promotions.

They go to addresses I have used, but most are very old and many are obsolete. The ones to obsolete addresses "bounce" back to me with an "unable to deliver" message, which I think indicates the malware is actually using my email account, not just faking the "from" field. Some of the accounts are current, and I've heard from people asking about it. It also sends a copy to me. I tell them not to open, forward, reply, or click on any links, since I think that is how I got infected. A relative had this issue with an old hotmail account she had not used in years, and I opened a couple, forwarded one to her to show her what was happening.

I've run some cleanup software which found nothing and will try malwarebytes, since I've seen it recommended.

Is there any point in my creating a new email account and telling people to just send the old one to spam filter? Once I get them switched I can delete that account. But will the malware be able to infect one of my other accounts? Anything else I can do?

-DBC

Hi and welcome to the forum. First, it most likely isn't in your computer, but it never hurts to run malwarebytes. I have had the same thing happen as well a lot of friends, so it isn't new. If you have a Facebook account, check to make sure your address book isn't visble to all as that is one thing they use. the upside to that is once you have secured it, it will stop as they apparently don't copy it, but just go back and send more stuff to the addresses on there. You can change you password as well for your email.

Hi, All that stuff is stored with the email provider and not actually in your computer. If it was in your computer, you coud access it without actually having to be logged in online. As far as I know, the only way you can access your email is by first going online. As Isaid, It has ahppened to me and they spammed my Congressman as well, because he was in my address book. The point is, they would have to hack into gmail, MSN mail, Hotmail, etc to get that stuff. In my case, I think my address book was visible in Facebook. I locked things down and have no repeat of that. Tells me they didn't keep a copy of the things and were just going back to Facebook for the addresses ( It only happened once ).

[DBCIII]

Actually, the .pst files are on my computer, and include plenty of very old email addresses, some accumulated when I was using different providers. I can browse those pst's all day long with Outlook without going online. I have five different email accounts with three different providers, all of which are downloaded to Outlook and deleted from server. I don't keep address lists online - they are all on my pc. If I access email from another computer w/o Outlook, then I use webmail and only recently used addresses are cached.

Malwarebytes is running the full scan now, and has found three "infections." Won't know what they are 'til it finishes, probably tomorrow!

coastie65, on 31 May 2011 - 02:54 PM, said:

DBCIII, on 31 May 2011 - 12:45 PM, said:

Thanks.
I have a FB account, but have security set tight. And I don't ever use any features to "find friends" using address book on FB or anywhere else. I've changed email password a couple of times. That's one reason I decided to switch email accounts. I wanted to communicate clearly to my actual acquaintances that it was not me and tell them to put that account in spam filter. That is to avoid the scenario where they don't understand and just filter me and also hate me!

The fact that most of the email addresses it sends to are ones I've not used in several years (from before Facebook) suggests it is getting them from an archive somewhere - and my PC would seem the only place for that. Maybe an old pst? The only ones I know of that I still am active with are ones I've used for a long time - dating back to same time as the obsolete ones.

Malwarebytes scanned and found nothing. That was the "quick" scan that took 1.5 hrs. I'll run the full one.

coastie65, on 31 May 2011 - 12:00 PM, said:

DBCIII, on 31 May 2011 - 09:41 AM, said:

People are getting emails purportedly from my email account with various semi-literate product promotions.

They go to addresses I have used, but most are very old and many are obsolete. The ones to obsolete addresses "bounce" back to me with an "unable to deliver" message, which I think indicates the malware is actually using my email account, not just faking the "from" field. Some of the accounts are current, and I've heard from people asking about it. It also sends a copy to me. I tell them not to open, forward, reply, or click on any links, since I think that is how I got infected. A relative had this issue with an old hotmail account she had not used in years, and I opened a couple, forwarded one to her to show her what was happening.

I've run some cleanup software which found nothing and will try malwarebytes, since I've seen it recommended.

Is there any point in my creating a new email account and telling people to just send the old one to spam filter? Once I get them switched I can delete that account. But will the malware be able to infect one of my other accounts? Anything else I can do?

-DBC

Hi and welcome to the forum. First, it most likely isn't in your computer, but it never hurts to run malwarebytes. I have had the same thing happen as well a lot of friends, so it isn't new. If you have a Facebook account, check to make sure your address book isn't visble to all as that is one thing they use. the upside to that is once you have secured it, it will stop as they apparently don't copy it, but just go back and send more stuff to the addresses on there. You can change you password as well for your email.

Hi, All that stuff is stored with the email provider and not actually in your computer. If it was in your computer, you coud access it without actually having to be logged in online. As far as I know, the only way you can access your email is by first going online. As Isaid, It has ahppened to me and they spammed my Congressman as well, because he was in my address book. The point is, they would have to hack into gmail, MSN mail, Hotmail, etc to get that stuff. In my case, I think my address book was visible in Facebook. I locked things down and have no repeat of that. Tells me they didn't keep a copy of the things and were just going back to Facebook for the addresses ( It only happened once ).

[coastie65]

Ahhh, ok. I don't use Outlook and that is a different animal all together when it comes to that stuff. I haven't even checked for .pst files on my computers as I assumed they were kept elsewhere. I know I did a scam as well with Malwarebytes and it came up clean, so I assumed they got that stuff from somewhere besides my computer. I did notify Microsoft ( I use MSN primariy and it was that email, MSN that the stuff was coming from ) and they said that email was getting hacked and gave a me a list of things to do ( most all had been done anyway ). Would be interesting to see what Malwarebytes comes up with.

This post has been edited by coastie65: 31 May 2011 - 04:06 PM

[LincolnSpector]

Hi, DBC and welcome to the forums.

I doubt that this is caused by an infection. Yes, a lot of Spam is sent by infected PCs, but they seldom use the user's own email address. Remember that the only connection between your computer and your email account is that you use one to access the other. It's far more likely that someone you know has an infected PC, or that a criminal has hijacked your account.

See Am I Mailing Spam? for details.


Lincoln

[DBCIII]

Good points. It COULD be the same agent that was sending mail under my neice's old hotmail account. Or another one. But there is still that question of why it has a lot of really old addresses, and no recently-added ones. Unless the carrier's email server had a cached version of my contacts from seven years ago, it makes no sense. And the "to's" are definitely mine, although old. So it is not someone else's distribution list with my return address. And I DO have pst's from back then on my PC. Regardless, creating a new email account and telling people to ignore anything from the old one will put an eventual end to it. Once I have changed the various subscriptions and such, I'll just delete the account.

LincolnSpector, on 01 June 2011 - 08:03 AM, said:

Hi, DBC and welcome to the forums.

I doubt that this is caused by an infection. Yes, a lot of Spam is sent by infected PCs, but they seldom use the user's own email address. Remember that the only connection between your computer and your email account is that you use one to access the other. It's far more likely that someone you know has an infected PC, or that a criminal has hijacked your account.

See Am I Mailing Spam? for details.


Lincoln

[mjd420nova]

My first response to anyone that has a machine infected with a virus that it sends out e-mails, UNPLUG IT, remove the ethernet cable from it and then tackle the problem (spybot and malwarebytes) with removal approaches without any network support. When all else fails, do a restore to a date previous to your infection, if you know it. But do not reconnect it to the network until the thing is clean or things will just resume. Backtracking e-mails and links imbed within thode sites and so on but should only be attempted at risk of re-infecting or even spreading to a friends machine where you can in contact again while looking for clues to your infection. A local library with machines to use have protections that will stop any attempts and could yield some clues too.

[LincolnSpector]

DBCIII, on 01 June 2011 - 09:16 AM, said:

Good points. It COULD be the same agent that was sending mail under my neice's old hotmail account. Or another one. But there is still that question of why it has a lot of really old addresses, and no recently-added ones. Unless the carrier's email server had a cached version of my contacts from seven years ago, it makes no sense. And the "to's" are definitely mine, although old. So it is not someone else's distribution list with my return address. And I DO have pst's from back then on my PC. Regardless, creating a new email account and telling people to ignore anything from the old one will put an eventual end to it. Once I have changed the various subscriptions and such, I'll just delete the account.

It's possible that your email provider has a list of every address with whom you've sent and received mail. However, if you've successfully changed your password and didn't stop the spam, we can assume that your account hasn't been hijacked.

If your PC is infected, changing your email account won't solve the problem. You'll still be mailing out spam, because you've lost control of your PC.

See The Cleanest Malware Scan for some scanning suggestions.


Lincoln

[LiveBrianD]

mjd420nova, on 01 June 2011 - 10:01 AM, said:

My first response to anyone that has a machine infected with a virus that it sends out e-mails, UNPLUG IT, remove the ethernet cable from it and then tackle the problem (spybot and malwarebytes) with removal approaches without any network support. When all else fails, do a restore to a date previous to your infection, if you know it. But do not reconnect it to the network until the thing is clean or things will just resume. Backtracking e-mails and links imbed within thode sites and so on but should only be attempted at risk of re-infecting or even spreading to a friends machine where you can in contact again while looking for clues to your infection. A local library with machines to use have protections that will stop any attempts and could yield some clues too.

Another thing: unplug it for a day or two, and ask your friends if they keep getting spam from you.

Also, although I know you guys will treat this nuclear idea as a last resort, reinstalling Windows is a surefire way to get rid of malware (unless it hides in the HD's MBR, which is unlikely but possible).

This post has been edited by LiveBrianD: 02 June 2011 - 08:16 PM

[LincolnSpector]

LiveBrianD, on 02 June 2011 - 08:15 PM, said:

Another thing: unplug it for a day or two, and ask your friends if they keep getting spam from you.

That's an excellent idea. And in almost cases, they will continue getting spam from "you."

LiveBrianD, on 02 June 2011 - 08:15 PM, said:

Also, although I know you guys will treat this nuclear idea as a last resort, reinstalling Windows is a surefire way to get rid of malware (unless it hides in the HD's MBR, which is unlikely but possible).

That is definitely a last resort approach. I'd only recommend it if a) the unplugged PC test temporarily stops the spam, plugging your PC started it again, and c) scans with three or four good security programs didn't stop the problem.

Lincoln

[LiveBrianD]

LincolnSpector, on 05 June 2011 - 10:44 AM, said:

That is definitely a last resort approach. I'd only recommend it if a) the unplugged PC test temporarily stops the spam, plugging your PC started it again, and c) scans with three or four good security programs didn't stop the problem.

Lincoln

You know how I tend to do things - if there's a decently large problem, I just nuke the OS install. I can't be bothered to try to actually fix the problem.

[DBCIII]

Good suggestion to unplug. Would have provided a good test. As it is, the malwarebytes full scan found nine copies of a trojan in some animated graphics files I had received six years ago - same timeframe as the email list that was being used. Don't know what trojan it was, but I think it was getting outlook to send mail using a list it stored when it came in, using outlook's stored password, so it didn't have to actually steal the pwd and changing it had no affect.

I disabled sendmail in outlook for the affected account by putting a bogus server name. Also changed password on the server. none of my other email accounts are affected, and that one is no longer doing it. it still receives mail, which I autoforward to the new account. Once i have gotten COA to all that matter, I'll just delete it.

LiveBrianD, on 02 June 2011 - 08:15 PM, said:

mjd420nova, on 01 June 2011 - 10:01 AM, said:

My first response to anyone that has a machine infected with a virus that it sends out e-mails, UNPLUG IT, remove the ethernet cable from it and then tackle the problem (spybot and malwarebytes) with removal approaches without any network support. When all else fails, do a restore to a date previous to your infection, if you know it. But do not reconnect it to the network until the thing is clean or things will just resume. Backtracking e-mails and links imbed within thode sites and so on but should only be attempted at risk of re-infecting or even spreading to a friends machine where you can in contact again while looking for clues to your infection. A local library with machines to use have protections that will stop any attempts and could yield some clues too.

Another thing: unplug it for a day or two, and ask your friends if they keep getting spam from you.

Also, although I know you guys will treat this nuclear idea as a last resort, reinstalling Windows is a surefire way to get rid of malware (unless it hides in the HD's MBR, which is unlikely but possible).

[LincolnSpector]

DBCIII, on 09 June 2011 - 07:47 AM, said:

Good suggestion to unplug. Would have provided a good test. As it is, the malwarebytes full scan found nine copies of a trojan in some animated graphics files I had received six years ago - same timeframe as the email list that was being used. Don't know what trojan it was, but I think it was getting outlook to send mail using a list it stored when it came in, using outlook's stored password, so it didn't have to actually steal the pwd and changing it had no affect.

I disabled sendmail in outlook for the affected account by putting a bogus server name. Also changed password on the server. none of my other email accounts are affected, and that one is no longer doing it. it still receives mail, which I autoforward to the new account. Once i have gotten COA to all that matter, I'll just delete it.

I doubt that disabling outgoing mail in Outlook will help. These spam-sending programs don't generally use your email program to send their spam. They just send it directly, themselves without using other software.

Anyway, I'm glad you removed the malware and, hopefully, solved the problem. But if the problem persists anyway, definitely try unplugging.


Lincoln