HELP! I'm a spambot!

tomteriffic · June 4, 2013

OK, any whiz kid IT guys out there?

I seem to have become a spambot. I'm spewing out e-mails to addresses I've never heard of. I suspect that the link contained in the outbound messages is malicious as well. I've tried:

My AV all in one program (avast!)

Malwarebytes, including their root kit killer. (It's a beta so??)

Spybot SD

So far I haven't been able to track the baddie down and kill it.

I'm using

Windows 7, up to date, all patches, etc. with my email being sent/received with Windows Live Mail.

Any help would be appreciated, places to look in the file system, etc.

Oh, don't tell me to get a Mac. Not helpful. Or particularly funny at the moment.

TIA

JGale · June 4, 2013

Tom. Want to call me?

If none of your programs are identifying the culprit...

I recommend trashing all of the above and going with Microsoft Security Essentials for firewall and automatically unobtrusively updated virus and malware software.

To clean your infestation will depend on the symptoms, which a Google search and some judicious filtering of Internet bullshit responses to similar queries.

I run with:

CCLeaner at a minimum.

I have the full version and run it with all stops removed of Macecraft Jv16. Here is a free LITE version: (http://www.macecraft.com/powertools-lite-ex-2013/) also the full version (http://www.macecraft.com/jv16-powertools-2013/)

looks like it has a demo download that is unhindered in the important areas.

Ting Ho Dung · June 4, 2013

Maybe I read (skimmed) over your post too quickly. Are you using a local e-mail program like Outlook or an online one like Yahoo or Gmail? If it's local, you are using the correct tools. You may want to boot into safe mode and run all the scans. Be sure to run the complete scans and not the quick ones. Seek and Destroy has an immunizing function. Run that as well. If it's not local then it's up to their IT guys to fix it.

aknapp · June 5, 2013

If you use online mail, it is possible your account was hacked. Simply changing your password may make it stop.

This has happened twice to my Yahoo! account.

gorch · June 5, 2013

There is a chance someone's using your mail address in the from field so you receive all the returns. Make sure mails are not sent from your PC. Query Google for how to find a spam bot on a PC. Or look out for a network filter to watch outgoing traffic.

When you are ready with all that apply for an IT job in security. You might bring in enough skills for that.

JGale · June 5, 2013

Help I'm a rock!

tomteriffic · June 5, 2013

Help I'm a rock!

I wondered who was going to get the reference.

unfun75 · June 5, 2013

This has happened to my Yahoo account twice. In my case, mails were not being sent from my account and my account had not been hacked. Also, I didn't have any contacts saved in a contact list. Do you download Torrents? I'm guessing that's where my virus came from.

Run the Avast full system scan. The one that requires a restart and looks like DOS when it is running. Slowwww, but effective. That one should find it. You can set scan parameters by clicking the settings button in the full system scan window. You can set up an action that will delete, repair, move to chest, etc. when a virus is found. If you don't choose an action, it will prompt you. Not a good idea if you let it run over night. I know from experience.

After the virus was deleted, I've decided to no longer remain logged in to Yahoo. I only log in to check mail and then log out. I also move all my emails that I want to save to a different folder. I leave the inbox clean and clear. Have not had any virus issues since and I still blowup the Torrent world on a nearly daily basis.

tomteriffic · June 6, 2013

No torrent use at all. I use Windows Live Mail to check two Earthlink accounts (usable as web-based or in conjunction with Outlook, etc. locally). I'll try the every-damn-thing in avast! next. Although I'm pretty sure I did that. Possibly the pre-boot scan will pick something up. Doing an every-damn thing in Malwarebytes right now (although I'm pretty sure I've done that before as well). Next up, re-starting in Safe Mode and running all of this again.

It appears that the Bot is setting up bogus IP addresses by way of accounts and sending them out over a supposedly secure outbound port.

I get paid by the job, not by the hour and this is not helping much at all.

unfun75 · June 6, 2013

No torrent use at all. I use Windows Live Mail to check two Earthlink accounts (usable as web-based or in conjunction with Outlook, etc. locally). I'll try the every-damn-thing in avast! next. Although I'm pretty sure I did that. Possibly the pre-boot scan will pick something up. Doing an every-damn thing in Malwarebytes right now (although I'm pretty sure I've done that before as well). Next up, re-starting in Safe Mode and running all of this again.
It appears that the Bot is setting up bogus IP addresses by way of accounts and sending them out over a supposedly secure outbound port.
I get paid by the job, not by the hour and this is not helping much at all.

Yeah, sounds like a different malware/virus than what I had. The safe mode idea is a good one. Good luck.

Armitage · June 6, 2013

It's happened to me twice, both times it seemed someone got hold of my hotmail password and sent stuff out. I changed my password and it stopped. Sometimes I wonder if they just grabbed my address book and put in my return address as nothing was in my SENT folder...

One was a deal on TVs. A friend called me up and asked why I'd sent him a link for a deal on TVs... that were in the Netherlands!

I didn't know anything about it. I asked him if he was on drugs, and he said "of course I am, but not enough to buy a TV from the Netherlands!"

tomteriffic · June 6, 2013

Nothing in the sent folder here either. But none of the addressees were in my address book or even in domains I'd ever heard of, for the most part. My outgoing requires password authentication. I'll need to change it both locally and on the website, I reckon.

tomteriffic · June 7, 2013

For anybody who gives a rat's ass.....

I think I have it but won't be sure until morning as this scan is already 6 hours in and only 75% done. But I used Avast!, told it to check every-damn-thing, including unzipping all archives and checking them completely, etc, but do it on a reboot, before Windows actually starts up. The log indicates that it found a Trojan planted in a Windows Live folder and it corresponds to the e-dress that was the culprit. Good thing, I'd already spammed all of Italy, most of Czechoslovakia and was going to work on Hotmail and a bunch of corporate domains.

Man, I hope this is behind me.

specialk · June 7, 2013

Phew!

Congrats on finding it and here's hoping all that crap is behind you.

BTW, I have it on good authority that the folks in Czechoslovakia like to receive email.

JGale · June 7, 2013

It's happened to me twice, both times it seemed someone got hold of my hotmail password and sent stuff out. I changed my password and it stopped. Sometimes I wonder if they just grabbed my address book and put in my return address as nothing was in my SENT folder...
One was a deal on TVs. A friend called me up and asked why I'd sent him a link for a deal on TVs... that were in the Netherlands!
I didn't know anything about it. I asked him if he was on drugs, and he said "of course I am, but not enough to buy a TV from the Netherlands!"

Same here!!

JGale · June 7, 2013

Ting Ho Dung · June 7, 2013

For anybody who gives a rat's ass.....
I think I have it but won't be sure until morning as this scan is already 6 hours in and only 75% done. But I used Avast!, told it to check every-damn-thing, including unzipping all archives and checking them completely, etc, but do it on a reboot, before Windows actually starts up. The log indicates that it found a Trojan planted in a Windows Live folder and it corresponds to the e-dress that was the culprit. Good thing, I'd already spammed all of Italy, most of Czechoslovakia and was going to work on Hotmail and a bunch of corporate domains.
Man, I hope this is behind me.

If you have preview pane open on your mail client I'd change that so you have to physically click on the e-mail and attachments to open them. As always, don't open the stuff you know is nonsense.

specialk · June 9, 2013

Perhaps Big Brother was in your computer:

Government Built Spy-Access Into Most Popular Consumer Program Before 9/11

In researching the stunning pervasiveness of spying by the government (it’s much more wide spreadthan you’ve heard even now), we ran across the fact that the FBI wants software programmers to install a backdoor in all software.

Digging a little further, we found a 1999 article by leading European computer publication Heise which noted that the NSA had already built a backdoor into all Windows software:

MORE:

http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html

gorch · June 10, 2013

Take it the HFC way. Privacy is for pussies!

Armitage · June 13, 2013

Ages ago, a fellow on HarmonyCentral asked “I’ve heard there are places on the internet where you can find out all kinds of information on people, is that true?”

So I responded;

“Sure is, for eg. Your user name is SomeGuy, but if I look around, your real name is Paul Grover, you’ve lived at 724 Pepper Dr in Hamilton Wisconsin for 9 years, and before that 8273 Slate Dr in Mississippi. You went to Elmik Pubic School for 8 years, then to Central Public H.S. and got your 12th Grade diploma. A surprise, looking at your marks in math! You did really well in auto shop, good for you. I would have thought you’d work as a mechanic not as a bank teller like you do now, at the First National on Barker Ave. Other than some cost of living adjustments, you really haven’t had a raise in the last 9 years, maybe you should look for a better job.
You bought your first house on Pepper Dr. for $57,000 with a down payment of $6,000 that came out of your fathers account June 5th. Well your adopted father. You we adopted at 2 years old after your real father left your mom when he found out she had had an affair with a guy in Clown College, who she later married. Byron Bates who has a criminal record dating back to a B+E when he was 22."

All kinds of people responded, it was a riot! You'd think the Clown College thing would be a give away... it went on for days before the original poster came back and went "hey, that's not right! None of it!"

gorch · June 13, 2013

Well, now his name is Paul Grover. At least saying for NSA, FBI, and CIA, since they scanned the forum.

Sign In

HELP! I'm a spambot!

Question

tomteriffic

20 answers to this question

Recommended Posts

JGale

Ting Ho Dung

aknapp

gorch

JGale

tomteriffic

unfun75

tomteriffic

unfun75

Armitage

tomteriffic

tomteriffic

specialk

JGale

JGale

Ting Ho Dung

specialk

gorch

Armitage

gorch

Archived

Browse

Activity