Over 1 million tech questions and answers.

someone's sending spam email from my ip

Q: someone's sending spam email from my ip

hi i'm hoping someone can help me with any ideas before my isp suspends my internet. the email they sent contains the following:

Four additional reports of an open proxy have been received on [dates]. Please follow the instructions below to close the open proxy/relay and/or remove the virus/Trojan from your computer. If additional reports are received, we may be forced to temporarily suspend your Road Runner service to stem the spread of these viruses/Trojans.

i have 2 computers connected to my router and have my wireless wpa locked. i have scanned both computers w/ad-aware, ccleaner, and avg multiple times and deleted any threats and/or cookies. however, i don't know which computer is infected or how to check from the ip that they gave me. i'm on an AMD athlon64 X2 Dual Core Processor 6000+ 3.10GHz running Vista Home Premium SP2. here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:30 PM, on 3/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RALINK\Common\RaUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESEA\ESEA Client\eseaclient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ffd0e2c8a310) (gupdate1c9ffd0e2c8a310) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12281 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: someone's sending spam email from my ip

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 73.6

I have a system at work, which has been identified as sending spam email. I have run Norton Antivirus, MalwareByte, and SuperAntispyware. After removing some viruses, I thought the system was clean. But yesterday I got a notification from AT&T that the system is still sending spam. I noticed on this system an error in the event viewer about too many tcpip connections being opened. I downloaded and ran combofix, but that is as far as I got. I would like to upload a log to see if anyone can assist me in resolving this issue. My problem now is that once I ran combofix, I cannot restore my network connections. I have tried to repair the connection, reinstall the hardware, reset the winsock, but nothing works. Any assistance would be greatly appreciated.

A:PC is sending spam email

You have know experienced why we warn users against using ComboFix without guidance. Please see the note in blue at the top of this forum. Our best solution is to post a DDS log in the HJT forum. You may have to move the program to you computer and the log from your computer via flash drive, but the team will help as best they can. They may also ask for the combofix log, but do not post it until asked. Trust me here, they are the experts.Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far. If you need any help with the guide, please let me know.

Read other 1 answers
RELEVANCY SCORE 73.6

I checked my email, and my email was sending some type of spam .php link to my contacts, and even to myself. (it sent about 4 emails with about 10 different recipients each email in the sent box) Now these were sent at 3:30 AM when my computer was not even on, so does that mean my computer itself is not infected? This is the first time this has happened and I really hope I don't have some type of virus. I don't believe the emails are spoofed with my email because some of the emails failed to send, and were sent back to me, if they were spoofed would I not get them? And the fact that even in the "from" box it showed my email, I didn't see any signs of spoofing. And how would they get my contacts without signing into my account?

If this could be some type of virus, could someone tell me what to do to remove it, or move this to the malware section or something? I scanned with Norton and Malware Bytes and got nothing.
 

A:Email Sending Spam

King56 said:


I don't believe the emails are spoofed with my email because some of the emails failed to send, and were sent back to me, if they were spoofed would I not get them? And the fact that even in the "from" box it showed my email, I didn't see any signs of spoofing.Click to expand...

That is exactly how e-mail spoofing works. Anyone can put any address they want in the outgoing e-mail's "From" header. There is no kind of authentication in place to confirm the accuracy of the senders information.

King56 said:


Now these were sent at 3:30 AM when my computer was not even on, so does that mean my computer itself is not infected?Click to expand...

That just means that the computer used to send the e-mails was not your computer. It is possible that you may have a virus on your computer that allowed a hacker to download your address book. It is also possible that some spammer received an e-mail that was sent to you and some of your contacts (or a forwarded copy of a copy, of a copy, etc.) and harvested any e-mail addresses found in it for future spamming.

King56 said:


If this could be some type of virus, could someone tell me what to do to remove it, or move this to the malware section or something? I scanned with Norton and Malware Bytes and got nothing.Click to expand...

You would probably be better off starting a new thread in the Malware removal forum that includes the required logs that are mentioned in... Read more

Read other 1 answers
RELEVANCY SCORE 73.6

Hi!

Last Saturday (January 21st, 2012), I was browsing through my hotmail when I opened an email (that I thought was from a friend) that ended up being some sort of malware/virus. It immediately sent out a SPAM email with a link to what looks like my entire contact list. I know this because I suddenly had over 70+ emails saying that were bouncing back. The emails sent were also found in the sent box. I downloaded Malwarebytes Anti-Malware and ran a full scan and didn't find anything. I'm not too knowledgeable about computers and I hoped that this might be a one time thing. But this happened again yesterday (Wednesday, Jan 25, 2012), and I hadn't even checked my email yet, when SPAM was sent out. With the advise from a friend that reported these SPAM back to me, I have since changed the password to my hotmail; I have also bought and ran North 360, which deleted some cookies, temporary files and cleaned up the registry. I could use any help with any advise on how I should proceed to fix this problem with my email and preventing it from happening in the future. I have posted my DDS log below; the GMER tool doesn't seem to be producing any output (although I think Norton might be blocking it when I checked my Norton security history logs).

Thank you for your help,
Terence.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Terence at 8:58:36 on 2012-01-26
Microsoft Windows 7 Home Premium 6.1.76... Read more

A:My Email is sending out SPAM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 10 answers
RELEVANCY SCORE 73.6

I received a message from someone I had been emailing, it said that there was an error and to click the link to read the message, stupidly I clicked it as I had been expecting a message. Straight after this I started receiving failure notices of spam emails I had not sent, I went to the sent folder to see how many of these emails had been sent out- there was nothing there!

The failure notices contained a mixture of contacts and people whom I have never herd of. I imminently changed my password and checked my account settings-everything seemed normal. I have started receiving emails from confused friends and family wondering what the email was about. This means at least some did send although they did not appear in my sent or junk folders.

I have spent the whole day researching how I can fix this-was the change of password enough to prevent this from happening again? is this too optimistic? I have tried to contact yahoo-which was a waste of time. I have got the header of one of the spam messages, which is below this message (from what I have read is supposed to indicate who the message is really from?)

I am so clueless at to what I should do now, please help!
Many Thanks,
F

x-store-info:fHNTDlzCF8Nxw6HwcfGQy+S7Ax/lqLSmNphQ3OF+T9E=
Authentication-Results: hotmail.com; spf=pass (sender IP is 67.195.87.214; identity alignment result is pass and alignment mode is relaxed) [email protected]; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header... Read more

A:Email sending out spam, HELP!

Hi feltmountain,
It looks like you use Yahoo Mail.

Some information you NEED about Yahoo Mail:
------------------------------------------------
If your Yahoo mail account has been hacked, or if you find mysterious e-mails sent or received in your name, it may not have anything to do with you.
If you contact Yahoo, they will tell you to use a more secure password.
That's good advice, but not necessarily the source of the problem.
There is a fair likelihood that the fault lies with Yahoo servers.
Yahoo has been unwilling or unable to make their e-mail service adequately secure.
IT experts have blogged about it for years.
If criminals can hack into Yahoo servers, they can get all your information, including your passwords, e-mails and recipients addresses.
The resulting spam is sometimes just a nuisance, but sometimes it's porn, or malicious attachments.
Some articles on the subject:
http://www.huffingtonpost.com/2013/05/31/yahoo-email-hacking_n_3366259.html

http://arstechnica.com/security/201...oses-key-customer-following-mass-hack-attack/

Yahoo even has a plan to recycle inactive user IDs ! :
http://www.webpronews.com/yahoo-raises-security-concerns-with-email-plans-2013-06

Until things change, I would suggest you save any critical Yahoo e-mails and address book(s), then establish a new e-mail account with a different provider.
Your Internet Service provider will likely offer free e-mail accounts.
I would then delete everything in all Yahoo e-mail folders (inbox,... Read more

Read other 1 answers
RELEVANCY SCORE 73.6

I logged into my account to see hundreds of "post delivery failure" notifications

this is the information from the emails

x-store-info:7YsnRco0gQJ3EyekdHv0zlwbSFmh6T19j+hXYC7bDk/2K/hxH91pys1JYPjoALWGyXpBqVi/6pPTU3THVq1eUVONoQGlXLqO7lGdufk7YrxpEOa50ou3+A== Authentication-Results: hotmail.com; sender-id=pass (sender IP is 65.55.111.82) header.from=email; dkim=neutral header.d=hotmail.co.uk; x-hmca=pass X-Message-Status: n:0:n X-SID-PRA: name name <email> X-SID-Result: Pass X-AUTH-Result: PASS X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0yO1NDTD0w X-Message-Info: iIOHNJf19lgVhXckiHseaVpVBgthSnrgnWJfnqE/pAGKdGpbrAFW0UD86hWVFDvPFpgOtcQYoiln4gIx9TPL15vCUR6jIq1omFxRFsOYV4vbinnwwcuj5Ge9hoTlDhSIixLhzjcEogs= Received: from blu0-omc2-s7.blu0.hotmail.com ([65.55.111.82]) by BAY0-HMMC1-F2.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Wed, 19 Oct 2011 23:42:25 -0700 Received: from BLU0-SMTP65 ([65.55.111.72]) by blu0-omc2-s7.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 19 Oct 2011 23:42:25 -0700 X-Originating-IP: [93.114.43.26] X-Originating-Email: Message-ID: <[email protected]> Return-Path: email Received: from [192.168.1.1] ([93.114.43.26]) by BLU0-SMTP65.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 19 Oct 2011 23:42:23 -0700 From: name name <email> Subject: hi email Date: Thu, 20 Oct 2011 06:43:35 +0000 To: email MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1&qu... Read more

A:Someone sending spam from my email

Read other 7 answers
RELEVANCY SCORE 72.8

My email address keeps sending Spam emails although not from my email server as there are not in my sent folder and neither to my contacts.
They are sending to other emails which I don't know who they are. I only know becaus i keep receiving emails about my emails having been blocked by the receivers.

This is one example of many where they are using my email address
from :CANADIAN PHARMACY [[email protected]]
to : [email protected]
cc : [email protected]; [email protected]; [email protected]; [email protected]; [email protected]
Subject: ONLINE SHOP WEBSITE - repairing men?s wish to make her complete
--------------------------------------------------------------------------------------------------------
I am deeply sorry, but I was not able to deliver your mail to the following addresses:

[email protected] : Message rejected on 2018/09/12 13:50:15 BST, policy (3.2.1.1) ? Your message looks like SPAM or has been reported as SPAM please read www.bt.com/bulksender This is a permanent delivery failure. The delivery has been tried 0 times and will not be rescheduled again.
----------------------------------------------------------------------------------------------------------

There are plenty of these emails.. What can I do to stop this? Please help....

Thank you
 

A:My Email keeps sending spam emails

First things first: change your email password and, if you don't have it already, set up two-factor authentication. I've seen it happen in some instances whereby email accounts have been used to send spam, and then a rule has been used to park the sent emails in a folder different from the Sent box in an attempt to escape detection. Sometimes it's a folder with a period as its name to try and hide among your other folders.
 

Read other 1 answers
RELEVANCY SCORE 72.8

Hi
Our home email address is sending out spam. One of our email addresses is like (name)@(our domain).freeserve.co.uk . We know spam is being sent out because we are getting emails saying messsage unable to be delivered, and the original sender was something like [email protected](our domain).freeserve.co.uk or [email protected](our domain).freeserve.co.uk . We are using Outlook Express 6 (or 6.00.2900.2180), and we can log into email on the internet using Orange's website.

Another problem (could be related) is that we cannot send email unless ZoneAlarm is disabled. Although this is probably not related.

Has anyone got any similar experiences, or any ideas on how to stop this. It would be much appreciated. If more info about our computer is needed I can provide it.

Thanks
Dave
 

A:home email is sending out spam

Read other 7 answers
RELEVANCY SCORE 72.8

For the past few days, my Yahoo email has been sending out spam to my address book. I've deleted and trashed any traces of the spam (sometimes they show up in my sent folder or in my spam/inbox as undeliverable). I deleted unnecessary contacts in my address book. I created a yahoo custom seal, changed my email password, and reset my security questions. I ran McAfee (quarantined 2 Exploit-ByteVerify trojans), Spybot (results below...should I fix those problems?), Malwarebytes(results below...should I remove those problems?), and Secunia (updating flash & realplayer). It's still sending out spam email...and it appears that it's even sending the spam to contacts that were previously in my address book but deleted a couple days ago. Any advice? Thanks!

Spybot found:
AdBrite
DoubleClick
WebTrends live
WildTangent
*Should I fix those problems? Would they be the cause of the email spam?


Malwarebytes' Anti-Malware 1.39
Database version: 2437
Windows 5.1.2600 Service Pack 3

9/23/2010 5:27:13 AM
mbam-log-2010-09-23 (05-27-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 336091
Time elapsed: 2 hour(s), 7 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No ... Read more

A:My Yahoo Email Sending Spam

The following is the full header and content of a spam email that my yahoo is sending out:

From [email protected] Thu Sep 23 06:31:18 2010
X-Apparently-To: my email address @yahoo.com via 216.252.110.201; Wed, 22 Sep 2010 23:31:19 -0700
Return-Path: <>
X-YahooFilteredBulk: 68.142.237.123
Received-SPF: none (mta1052.mail.sp2.yahoo.com: domain of n10.bullet.re3.yahoo.com does not designate permitted sender hosts)
X-YMailISG: YCaA_m0cZAqMOLhd7IsfTRXPwPBgd79Pwl28rwMXYcgdFJr9
9xuJ4LgriGqIBjop2jbQUi7h.DTl86gsWv2OieviPPJ1yDK6dc71wu9L0dVk
VVA3ZW5t_39wA9gBdlTD6Vr8aoeWIpRzNYHRK5I9ofqhGItIy.x4IsoMwBPO
L9sV9.PUM3YU2Trv4kvjWtorjQ.xY6.F2Q3CFb5NdFGlglCweXvxEpIMk647
gpkavUSsoUxokQbsSs5mQcmB3NRFh6DUG2K.aOsxldkNLLGRq1uhyExqIO36
n.ujVbACnpHn0dqMFw0GukAzM5_q3_.EcGc.m7as2rlOiZCSrVqmivWFeICT
6uA7pa2DG9sQfjt4P4s5wXmtBU4y2hHcebXZ8RwlbHQOio79RTe3HpRo0XzM
reiJ17ByO20X.nvleRuSbft1e6p00IMhwhysHAhGhgLba6Nkfl5uc58MGUt9
wU_iMhP2BGgOM3WEF9dP6vNuHiUiPDSB_..ITb8YNuSo8Tf8qd20KmSLIhvw
L.yXtIahpsBVSy.ilpU1Ydd3dUYB0wHor9lnqHVobbBlBvB4USl90Yybnjsv
QWA-
X-Originating-IP: [68.142.237.123]
Authentication-Results: mta1052.mail.sp2.yahoo.com from=n10.bullet.re3.yahoo.com; domainkeys=neutral (no sig); from=n10.bullet.re3.yahoo.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO n10.bullet.re3.yahoo.com) (68.142.237.123)
by mta1052.mail.sp2.yahoo.com with SMTP; Wed, 22 Sep 2010 23:31:18 -0700
From: [email protected]
To: my email address @yahoo.com
Date: Thu, 23 Sep 2010 06:31:18 -0000
Subject: fail... Read more

Read other 1 answers
RELEVANCY SCORE 72.8

Hello,

I have been advised by some of my email contacts that my Yahoo address keeps sending out SPAM messages and I want to stop this without cancelling my yahoo account. Is this possible?

Thanks,
Lynne
 

A:Solved: Email keeps sending SPAM

E-mail Spoofing

E-mail Spoofing

How do Spammers Harvest Email Addresses

Seems like you volunteered to receive spam?
 

Read other 2 answers
RELEVANCY SCORE 72.8

We are a small company with 15 users and we have been blacklisted in several sites for sending spam, everytime we ask for removal, they do, but after few days, we are there again.

Cash flow in the company is really tight, we can not afford to pay a tech guy!.

Any help!!

A:Please Help! Our email server is sending spam!!!

I'm not the person to help find the evil program lurking on Windows but, have you actually identified it's the mail server and not one of the clients?
I would disconnect till you find it and scan all the systems there.
If you can analyze the traffic on your network you could narrow down which machine it is. On Windows, you could use wireshark.

Found you an intro: http://www.mynetwatchman.com/pckidiot/nattrack.htm

Read other 2 answers
RELEVANCY SCORE 72.8

I am running windows xp on a dell dimensions 2400. I just found out that my Comcast email addy has sent out an email that was infected. I did not knowingly send this out.I run avast, super anti spyware, and have comodo firewalll. TIA

A:Email sending out spam messages

my Comcast email addy has sent out an email that was infectedHow did you find out?

Read other 3 answers
RELEVANCY SCORE 72.8

Hello all,I've got a sticky problem here. My ISP shut off my internet access due to SPAM. It appears that one of my svchost.exe processes is sending out TONS of it! I've scanned my system with Computer Associates Antivirus and Trend Micro Internet Security Pro and they say everything is fine. Windows Defender (for what it's worth) says everything is fine as well.I have blocked port 25 at my router so that my ISP would turn my internet back on, but now I'm having some problems cleaning it up. Here's a screenshot of it in action:Notice it is using svchost.exe with a PID of 856.Here's a screenshot of Process Explorer showing what is running with this svchost.exe.I tried killing the process, it forces a reboot of the computer because Plug and Play has stopped. I changed the Plug and Play service to Restart instead of Reboot. If I kill the process now, it wants to reboot because the DCOM Server process has stopped. I am unable to change the recovery for this service to anything other than reboot the computer.Has anyone seen anything like this before? Does anyone know how to get rid of it? I am officially stumped and am open to suggestions.Thanks,Marty Westra

A:Svchost.exe Sending Spam Email

If you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.Please download AVG Anti-Rootkit and save to your desktopDouble click avgarkt-setup-1.1.0.42.exe to begin installation. Click Next to select the Normal interface.Accept the license and follow the prompts to install. (By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit)You will be asked to reboot to finish the installation so click "Finish".After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.You will see a window with three buttons at the bottom. Click "Search For Rootkits" and the scan will begin.You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.When the scan has finished, if anything was found, click "Remove selected items"If nothing is found, a message will appear "Cong... Read more

Read other 3 answers
RELEVANCY SCORE 72.8

This is what Time Warner sent me in an email, and via snail mail.

Four additional reports of an open proxy have been received on [dates]. Please follow the instructions below to close the open proxy/relay and/or remove the virus/Trojan from your computer. If additional reports are received, we may be forced to temporarily suspend your Road Runner service to stem the spread of these viruses/Trojans.

It goes on to list the email information which includes addresses that are not mine, but has my ip. I have 2 computers hooked up to my router (router's wireless is wpa encrypted), running Vista SP2 (although I only updated the 2nd computer to SP2 after the warnings because I didn't know that my mom didn't update her Windows). I've scanned both computers w/ad-aware, CCleaner, AVG, and HouseCall. My friend suggested I run Hijack This, so I have the log from that for both, but I don't know what to look for.

Was hoping that someone would have any suggestions as to what I should do or even how to figure out which computer is causing the problem.

Read other answers
RELEVANCY SCORE 72.8

Hi,

I made this post in the email forum as our home email is sending out spam - http://forums.techguy.org/web-email/534309-home-email-sending-out-spam.html

The problem is "Our home email address is sending out spam. One of our email addresses is like (name)@(our domain).freeserve.co.uk . We know spam is being sent out because we are getting emails saying messsage unable to be delivered, and the original sender was something like [email protected](our domain).freeserve.co.uk or [email protected](our domain).freeserve.co.uk . We are using Outlook Express 6 (or 6.00.2900.2180), and we can log into email on the internet using Orange's website."

I was advised to post a HJT log so here it is. FYI, some of the programs running are AVG Free Edition, Zone Alarm, FreeRAM XP Pro, Lexmark Control Center (printer). We use Spybot S&D and Adaware free regularly. Any help would be appreciated:

Logfile of HijackThis v1.99.1
Scan saved at 21:36:11, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Sys... Read more

Read other answers
RELEVANCY SCORE 72.8

i have the paid version of norton antivirus; this thing rendered it useless. i can't open antimalware because my comp gets diverted to some other site. also, none of my restore points work for system restore. my friends keep emailing me and telling me that they DON'T WANT any viagra! please help. thanks, boyd.
 

Read other answers
RELEVANCY SCORE 72.8

Hello, i just happen to notice that in my email inbox i get "Delivery Status Notification (Failure)?" from the postmaster to dozens of emails that i never heard of or sent an email to and believe i have some sort of virus doing this. The email talks about some world of warcraft scam but how do i fix this?
 

A:Virus in my email? Sending spam?

it's NOT 'in your email' but rather someone has hijacked your email address

there is only one solution that really works
get another email address
inform all your contacts of the change
discontinue using the old address
inform the ISP of the fact and have the OLD account disabled
The issue is how that email address was made so easily available;

As email users, we owe it to one another to use the BCC feature when adding multiple
recipients. If a correspondant forwards a group list to someone else, at least the addresses of your friends are hidden.
 

Read other 12 answers
RELEVANCY SCORE 72.8

Nobody in my address book wants to buy viagra from the canadian pharmacy so it is time to see if I can fix this. I have run Malwarebytes, Ad-aware, and Spybot but it is still doing it. As a matter of fact it did it about ten minutes ago. Any help I can get would be much appreciated. I think this is everything you guys(or gals) asked for.DDS (Ver_10-03-17.01) - NTFSx86 Run by JOHN at 20:01:46.44 on Sat 04/10/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.683 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exeC:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeC:\Program Files\Common Files\AOL\1264394545\ee\AOLSoftware.exeC:\Program Files\... Read more

A:My comuter is sending email spam

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 22 answers
RELEVANCY SCORE 72.8

Hello- My AOL email account has been sending out spam e-mails to all of my contacts several times a day for the past few days. It generally sends out 15-30 separate e-mails with anywhere from 1 to 20 of my contacts as receipients in each email. The e-mails have different subjects and different text in the e-mails. Some of the subjects are: Re:3; Re:0; (No Subject); Re: Do you want to lose a...; Re:It increases sex drive! and many, many more.

I access AOL using AOL Desktop, Internet Explorer and on my phone (HTC Incredible). I do not have access to a Windows Boot CD or Install Disc.

I hope that gives you enough information!

Thank you for your help!

Here is the log requested:

.
DDS (Ver_2011-06-01.06) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lynn at 23:17:06 on 2011-06-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2141 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows... Read more

A:AOL Email Hacked- sending out spam

Bump, please.

Read other 2 answers
RELEVANCY SCORE 72.8

My hotmail account is sending email spam to everything in my address book, mostly undeliverable. I will post DDS.txt below and attach.rar, but I can't run Gmer.exe because I run Win 7 64 bit.

DDS.txt:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Bob at 15:25:42.63 on Thu 09/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2902 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system3... Read more

Read other answers
RELEVANCY SCORE 72.8

luckily i have been virus free for years but since Monday my computer is sending a tons of spam emails. Unless it's shut down

below is my file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:02 AM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Documents and Settings\Pablo\Local Settings\Application Data\Google ... Read more

A:Computer sending spam email

I still need help, i removed one malware then got rid of the spam/email problem only to be hit with antitivrus 2010 and the "you have been infected with the netsky virus" and redirect google , yahoo searches, and more spam email going out

Read other 18 answers
RELEVANCY SCORE 72.8

Hi all,

Wanted to ask for your help regarding one strange matter.
My configuration system is Windows XP Home SP3, I use TheBat! as mail client and my AV is NAV2008.
The problem started to appear yesterday with a thing that periodically my PC starts sending emails (spam for sure) while NAV was blocking them with a pop-up and a message "Your email message was unable to be sent because your mail server rejected the message"
After blockade I'm unable to send anything, until restarting system.
Upon restart - everything comes back to normal, except that this sending repeats and I have to start from the beginning as well.

Needless to say, that NAV found nothing upon scanning, SDFix - too, Anti-Malware - one thing (wiaserva empty log file) and this file reverses to a number known viruses/trojans and definitely I'm not an expert to say which one we have here.
I post HijackThis log and can give away any detail that is necessary to solve this issue.

Thanks in advance, people.

A:Email spam sending, NAV2008

not a single idea about this issue?Hello vabankas,While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been r... Read more

Read other 3 answers
RELEVANCY SCORE 72.8

Someone has hijacked my yahooemail and is sending out spam to all my contacts. I am not a computer whiz so I don't understand a lot of the info I get on the internet - I am not even sure if I am following the protocol here. - Log posted below - and any help appreciated, Thanks. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:48:50 PM, on 6/3/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\AVG&... Read more

A:email hijacked and sending out spam

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 72.8

Hello, just today my email sent out a bunch of spam to all my contacts. I scanned with AVG but nothing showed up as a threat. I am worried that it will happen again. Below is my hijackthis log.
Thanks for the help!

The email content was something like "hey check this out this is intense... (link to job offering)" I deleted all of it before I copied it down.

[HJT log removed by Broni]
 

A:Email sending spam to all contacts

Okay thank you
 

Read other 4 answers
RELEVANCY SCORE 72.8

Hi there,
 
My grandma and other family members have recently been telling me that my grandma's as well as my grandpa's email addresses have been sending out spam for some design website. My grandma told me she doesn't remember opening anything odd and doesn't know how to do anything on this computer other than check her email and play games already loaded into the computer (Solitare, etc). I have done a few virus scans and spyware scans and I've come up with nothing. You guys have helped me before with stuff like this so I'm hoping you can help me again! Here are the DDS logs:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464
Run by User at 4:53:42 on 2013-03-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.2038.909 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPE... Read more

A:Grandma's email sending out spam

Greetings mgoug252 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================Ground Rules:
First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounte... Read more

Read other 18 answers
RELEVANCY SCORE 72.8

Hello, All

Recently my wife's Yahoo Email starting sending out spam to all her contacts at the rate of 30+ per minute. All the emails contained a link that if clicked on, introduced the same virus to that person's Yahoo account. Several of her friends are not speaking to her as a result of this. Not knowing exactly what to do to contain this, I changed her Yahoo password and the problem stopped ( apparently ). Although, we've not seen a re-occurance of the problem, I'm still in the dark as to how this can happen, and whether there are infections in my computer that are just lying dormant. Can you help me with this ?

yours, NoMonkeyTricks

A:My Yahoo Email is sending out Spam

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/456510 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 72.8

This company or spammer is sending us spam with our own email address. I have tried to write them that we will file charges or whatever our State Attorney General thinks is best.

But none of the emails or applications on their site will go through.

What can we do besides going along with the State Attorney General.

kovozpuq.com

A:sending us spam with our own email address

hello ,

do not open the messages for that is what started it

block the message

is it thru (outlook) or another mail system

get a good spam blocking software

also listing (e-mails & company address's ) in forums will give the spamers that browse forums looking for address' & company names a link to you or the company

is your company big enough to have an IT tech ?

if so then contact hime to solve this issue for then he will have a kinda lock on the system and what we tell you will be kinda useless

let us know

Read other 2 answers
RELEVANCY SCORE 72.8

Not even sure if this should be here.

This AM my web-based Yahoo mail sent a spam to everyone on my contact list. I constantly see others having this happen to them but I do a daily scan with MBAM,SuperAntiSpyware and Windows Essentials and so far the computer LOOKS clean.

I have no idea about the web-based (Yahoo!) mail client, but it wold need an impetus from my computer to go sending crud about, I should think.

Asking Yahoo! about this proved slightly less frustrating that trying to thread a needle while on a vibrating bed.

Any suggestions will be gratefully received.

A:Email "bot" sending spam from my address

Changing your yahoo email password should help. You may want to change all of your other online passwords as well. Rule of thumb... the longer and more complicated the better. Check out these blogs from Norman. Blog 1 Blog 2Hope this helps!

Read other 1 answers
RELEVANCY SCORE 72.8

Hi, yesterday my email started sending out SPAM and it seems it's doing it now every 12 hours automatically. When i run Malwarebytes & Trend Micro in "full scan" mode the programs cant detect any malware. Can you please check and see what is wrong? Many thanks in advance.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Victor at 16:02:53 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4430 [GMT -8:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\... Read more

A:Email is infected, Keeps sending SPAM

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436290 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 72.8

Hi I'm running XP pro SP2, My computer keeps sending SPAM, I am running Norton internet security with firewall. Norton shows emails being scanned to be sent the subjects of the email are "asian girls XXX" girls doing this and girls doing that etc. I dont know how to stop it.. I did a virus scan and found nothing. If I do not block all traffic in Norton before I go to bed I wake up with a taskbar full of failed to send messages from Norton. How do I stop this?

I also have another question is there a way to get services and process in a text form so I can copy and paste them in my post ?
 

A:win xp computer sending email (SPAM) HELP

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 72.8

I was asked to repost this here. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic364122.html ~ OB Emails from my comcast email account that I know nothing about. Can't get sp3 to download. And itunes dragging.

A:Email sending out spam messages

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 12 answers
RELEVANCY SCORE 72.8

hi
opened my hotmail account today to find that someone has sent emails to all my contacts 3 times over this afternoon. my email account is linked to my wifes account which has some sensitive information in it.
the email sent see below: has anyone come across this? can anyone please advice?

Dear friend,
Have a good day .
welcome you to browse our website: www.ekantoy.com ,We are mainly sell electrical product,such as digital cameras, mobile phones, LCD TV, the Xbox, laptops, DV, MP4, global positioning system,and so on. All projects are 12 months of international guarantee. If you want to buy these goods, please contact us freely. our company would like to offer you/you company more better services .and any other concerns,you can sned us email for details

A:email account sending out spam

Moving to Am I Infected

Read other 2 answers
RELEVANCY SCORE 72.8

Something on my computer is sending spam emails to people. I don't know what it is. I have scanned my computer with McAfee, adaware, spybot, and stng259 and it says there are no viruses/spyware. I have scanned in normal mode and safe mode. My computer is running a lot slower also.Thanks in advance to whoever helpsLogfile of HijackThis v1.99.1Scan saved at 10:07:34 AM, on 12/27/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files ... Read more

A:Virus Sending Spam Email

Fix these with HJT ? mark them, close IE, click fix checkedO4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"DownLoad http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exeNote: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.START ? RUN ? type in %temp% OK - Edit ? Select all ? File ? DeleteDelete everything in the C:\Windows\Temp folder or C:\WINNT\tempEmpty the recycle binBoot and post a new log from normal NOT safe modePlease give feedback on what worked/didn?t work and the current status of your system

Read other 3 answers
RELEVANCY SCORE 72.8

Hey TSG, someone is screwing with my mum's email account and I'd like some advice.

Got a call from a friend saying they'd recieved dodgey e-mail so I opened up her sent messages, and sure enough there was a load of crap sent to all her contacts advertising 'Rob Buy', a dodgey looking ebay clone.

She doesn't use the computer much and doesn't do anything you'd expect to bring virus contact and never opens spam. I did a virus sweep which found nothing, so I'm not guessing someone hacked in and sent the messages.

The fact they're still in the sent messages folder suggests it's a lazy human and not a bot (to me at least, but I don't know much about this field).

So, I'm wondering what you'd reccomend doing and also if there's anyway to get the IP address from which the e-mail were actually sent?

I changed the password on it earlier, but I've just logged in and there's another Nigerian-esq bit of spam gone out since the change... What to do?

Please help, it's bloody demorlising to think someones hijacking my mum's e-mail for spam.

Oh, it's a Hotmail.co.uk account btw - the password was admittedly very easy.
 

A:I think someone has hacked my mum's email and is sending spam, help please!

Read other 7 answers
RELEVANCY SCORE 72.8

Hello all,I've got a sticky problem here. My ISP shut off my internet access due to SPAM. It appears that one of my svchost.exe processes is sending out TONS of it! I've scanned my system with Computer Associates Antivirus and Trend Micro Internet Security Pro and they say everything is fine. Windows Defender (for what it's worth) says everything is fine as well.I have blocked port 25 at my router so that my ISP would turn my internet back on, but now I'm having some problems cleaning it up.I started a topic here.http://www.bleepingcomputer.com/forums/t/156262/svchostexe-sending-spam-email/quietman7 suggested I post my HijackThis log here.Deckard's System Scanner v20071014.68Run by mwestra on 2008-07-08 18:22:50Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as mwestra.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:23:28 PM, on 7/8/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\WLTRAY.EXEC:\Windows\WindowsMobile\wmdc.exeC:\Progra... Read more

A:Svchost.exe Sending Spam Email

Hello Marty Westra and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

Read other 24 answers
RELEVANCY SCORE 72.8

Got a new windows 8.1 laptop a month ago, then about 2 weeks later I started receiving spam emails into my msn account I logged onto the computer with. I've ran various tools, factory resets, you name it i've done it. No problems using that account on my windows 7 machine. I even got desperate and installed Windows 10 preview on it and no problems their either. As soon as put 8.1 back and signed in I was spammed within about 2 hours. Some of the emails say their from me and I don't want to block myself. Please help!

A:New laptop is sending me spam email

This issue will require further investigation and a more comprehensive look at your system. Many of the scanning tools we use in this forum are not capable of detecting (removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a FRST log for further investigation.Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.If you cannot complete a step, then skip it and continue with the next.In Step 6 there are instructions for downloading and running FRST which will create two logs.When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.After doing this, please reply back in this thread with a link to the new topic so we can close this one.

Read other 3 answers
RELEVANCY SCORE 72

Thursday night, i got a fake "AntiVirus" pop-up on my computer. I thought i took care of it b/w my Symantec AV and Malwarebytes. But on Friday, my Symantec AV started popping up lots of message boxes, saying that "email could not be delivered" to addresses that i haven't seen before

I ran Malwarebytes in safe mode Friday afternoon. It located several Trojans: Work.Koobface; Rootkit.TDSS;Trojan.Clicker; Adware.BHO; Adware.Adrotator; Trojan.Agent. I deleted these and restarted the computer. Unfortunately, the pop-ups are still there (still seemingly sending out mass spam) but Malwarebytes or my Symantec locate nothing suspicious.

Could you please help? below is my DSS output, and attached are the other two files. GMER gave me trouble, so i could only run the Sections and the C drive. Thanks!




DDS (Ver_10-03-17.01) - NTFSx86
Run by 506450 at 11:42:12.68 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3066.2209 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati... Read more

A:computer sending mass spam email

Hello dca221 and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Before beginning the fix, read this post completely. If you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

--------------------------------------------


Quote:




Unfortunately, the pop-ups are still there (still seemingly sending out mass spam)




Have you tried changing your email password? Please do so if you haven't.

-----------------------------------------

I am sorry to tell you that one or more of the identified infections is/was a backdoor trojan / rootkit .

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.... Read more

Read other 3 answers
RELEVANCY SCORE 72

My mother's gmail account seems to have contracted a virus that sends an email with the subject line '+hi+' to everyone in the contacts book and with the url 'http://sites.google.com/site/s3895yhf56eydya/aovq7a' in the message body. The site appears to be Canadian and is selling vyagra.

I don't think it's likely to have done any harm to the computer itself, and we noticed the problem when she received several failed message emails. The machine we noticed the problem was a mac so I guess that makes it even less likely the virus is affecting the actual computer but obviously it's not great for my Mum to be sending everyone she knows links to vyagra sites and also I don't know if the emails themselves contain the virus and would infect the recipients.

Is it possible to disinfect the account or does one just have to start over with a new one. That would be hugely inconvenient given how long my mother has used this account.

A:Email virus sending spam to contacts

Hi,

Gmail account password and secret question has to be changed. Also, check email filters (in Gmail settings) that there're no unfamiliar ones set.

Read other 2 answers
RELEVANCY SCORE 72

Hi, I don't know how it happened but my Uncle seemed to get his MSN email sending porn spam to some of his contacts. Seeing I can't monitor what he does on the computer there is really noway of knowing how he happened to accomplish this. I ran spyware scans with Superantispyware and Malwarebytes. All it found was cookies and no virus or anything that would lead me to believe he had a virus. I also scanned with AVG and it came up clean. How do you keep a web-based email from sending spam to your contacts under your name? I do know his password is saved. If he changes his password and types it in from now on will that stop it? Thanks.
 

A:MSN email sending porn spam to some contacts

I believe that sometime last week a lot of MSN/Hotmail accounts were hacked and their contact lists taken over.
I have read that the first thing to do is to change your email address. Personally, I would get a different address and close that one...Perhaps someone else here has a better idea.
Vicks
 

Read other 3 answers
RELEVANCY SCORE 72

I am running Windows 7 64 bitMy email has repeatedly sent out spam to my entire contacts list. I have run my Trend Micro Titanium version full scan 2x with 0 results. I ran the free version of Malwarebytes, also came up with nothing. Then I noticed the blue and yellow shield on my Trend Micro, Malware, and for some reason on my Kodak printer icons on my desktop. So I rebooted in safemode and ran rkill which came up with this: Rkill 2.5.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Invalid arguments ignored: ASUSLaptop\Downloads\rkill.exe Program started at: 06/20/2013 08:56:24 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop:  * No malware services found to stop. Checking for processes to terminate:  * No malware processes found to kill. Checking Registry for malware related settings:  * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Carla's ASUS Laptop\Desktop\rkill\rkill-06-20-2013-08-56-39.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks:  * ALERT: ZEROACCESS rootkit symptoms found!      * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-be... Read more

A:I'm not sure what has attacked my computer it keeps sending spam from my email

The same thing has happened to me.  It was nothing that was on the computer; someone had hacked my Yahoo e-mail account.  I changed my password and the problem went away.

Read other 5 answers
RELEVANCY SCORE 72

Hello all, first time poster here with a bit of a problem. About 2 weeks ago I was infected with this rogue antivirus called Security Suite. I was able to remove it after some googling, but ever since then I have been getting numerous Symantec email proxy popups that say the email couldn't be sent because of spam or some other reason. I believe I have a bot on here somehow sending out spam but have no idea how to get rid of it! I've ran Malwarebytes, Spyware Doctor, Spybot, and Norton to no avail. Google hasn't helped me, and I am not well versed with computer problems. Runnning XP SP3 on a Dell Inspiron if that helps.

Any help would be appreciated

I'll post the DDS and GMER logs soon

Read other answers
RELEVANCY SCORE 72

As of yesterday, my email began sending out 400-1000 emails an hour that were all bouncing back. Rackspace has warned me that my computer is probably compromised with a rootkit or some virus that's sending the emails out. Can anyone please help me?!
 
Thanks!
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Neil Essen at 14:43:18 on 2013-12-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2022.1068 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\C... Read more

A:Rootkit and Hacked Email Sending Spam

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517384 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 12 answers
RELEVANCY SCORE 72

Hello, I'm trying to help out a friend with a computer issue. He says that for a while he was getting a pop up that looked like the FBI virus and was telling him that he had to pay money to unlock his computer. He got rid of it by running Superantispyware but asked me to take a look at his computer for him to be sure. This was a couple of months ago and I cleaned up the computer a bit by running Avast and Malwarebytes so we thought everything was good. But about a week ago he says that his friend recieved some emails from him that were spam so he changed his Yahoo password and asked me to take a look again. For email he doesn't use any programs and just logs into Yahoo so since changing his password there hasn't been any more spam as far as we know and Avast (which I just reinstalled) and Malwarebytes haven't found anything. But I was hoping somebody could take a look at his logs and let me know if there is anything on the computer.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.51.2
Run by Home at 20:54:26 on 2014-04-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2039.950 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Upda... Read more

A:Was getting FBI virus pop up and yahoo email was sending out spam

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

Read other 7 answers
RELEVANCY SCORE 72

I had started this in the wrong forum yesterday without luck so am moving it to here where it belongs
 
Members

3 posts

Posted Yesterday, 04:41 PM

Hi I was sent here by Gizmo after sending them scans of my regersty. Since mid week My computer ha been sending out my address box with a message to click on a link. I do not have a copy but have seen them because I was getting the same thing from people I know but I never clicked on link and deleted them. Not sure what started this I am very careful with spam or anything that looks like spam.
thank you for any help you can offer
 
Have already changed email password, and I have run 4 or 5 spyware/malware/virus programs.
malwarebytes shows as many as 20 maybe problems another one had 3 which 2 were deleted and FREZZE (A) would not delete.
Any help please???
 

A:Email sending out spam / malware problem?

Hello -
Plese post the MBAM log with the "FREZZE (A)" detected, and post the Full Log.
Open "Logs" at the top of MBAM program and select the log that I am requesting.
 
I need this first.
Thank You -
 
EDIT - Please list as many of the tools that you recall use the of -

Read other 63 answers
RELEVANCY SCORE 72

I received an email from my ISP today warning that my account is sending spam emails. I don't use this account at all, it is created when i subscribed with my ISP. So, this could be malware or something.

If I don't turn on the computer or not to connect to the Internet through this computer, will the spam mails still be sent out? I want to get someone to have a look for me but at the meantime, is there anything I could do to prevent spam mails being sent out?

A:my computer is reported as sending spam email

Hello and Welcome to TSF.

You will have to keep the computer offline to prevent the spam emails.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 72

My yahoo email account is sending out spam...please can somebody help as i am getting nasty messages now because of it...
i have done a hijack this log...thanks in advance x
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:35, on 26/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP... Read more

A:My email account is sending out spam (hijackthis log)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers