Help !!! My pc is sending out hundreds of junk emails by itself :(

Associate
Joined
2 Feb 2004
Posts
908
Location
West Mids, near Walsall
I have an old Plusnet email account that I use now and again to retreive emails being sent to my old address but it seems to have been hijacked.

The email address can be "anything"@xxxxx.plus.net


I keep receiving Delivery Failure Notification emails back from people Ive never heard of with attachments of the emails Im supposedly sending out. The emails are just gibberish like a paragraph from a random book or stocks and shares rubbish.

I run NOD32 Anti Virus and have completed full scans of my PC and found no virus.

Im getting hundreds of these emails a week being returned to me as undeliverable and each one has an attachment so they take ages to download.

Each one has a different combination of letters before the @xxxxx.plus.net so I cant just block a specific address.


Now has my PC been hijacked or is someone just pretending to be me using my email address to disguise the senders/return address ?

Is there anything I can do about it ?

Thanks
 
hey mate, i'm not sure if we're having the same problem?
if it is the same as me, then i can't help too much as i'm still suffering from it...
http://forums.overclockers.co.uk/showthread.php?t=17631949&highlight=random

check for files in your C:\Documents and Settings\*username*\Local Settings\Temp folder called win****.exe (where **** are random letters)

and check system32 for random dll's called win****.dll (where **** are random numbers)


sorry i can't be much help, just it might be the same thing i'm suffering from :confused:
 
sorry bud, no random win***.exe or .dll files in my temp folders

I tried to run the Trend Micro AV Scanner but it crashes Internet Explorer (just closes all browsers by itself) and the stinger AV program found nothing.
 
have you tried running spyware/antivirus scans in safe mode?

try running hijackthis as well to see if anything is out of the ordinary.
 
Post your process list from task manager up here so we can see if there is anything suspicious running.
 
Oh, and your HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

keys from regedit.
 
tbh your address is being spoofed.
someone with your email address in their contacts has the virus. not you/.
 
Post up a HiJackThis log (www.merijn.org) and I will take a look to see if your infected with.

However as one of the posters stated, I imagine it is just your email addresses are being spoofed and nothing too much for you to worry about as there is not a lot that can be done :(
 
theredguy said:
The same thing is happening to me, i must get at least 6-10 delivery failure emails a day at the moment. :(
bah try 600 in ten minutes ala my thread above :p

but yeah, just one is bad enough when you know you haven't sent it :-/
 
Have you considered this?

W32.Stration@mmRisk Level 2: Low

http://www.symantec.com/security_response/writeup.jsp?docid=2006-092111-0525-99&tabid=1

Discovered: September 20, 2006
Updated: October 3, 2006 12:03:35 PM PDT
Type: Worm
Infection Length: Varies
Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


Once executed, worms from the W32.Stration family may perform some of

the following actions:


Contacts remote hosts.


Downloads and executes remote files.


Gathers email addresses from the compromised computer.


Sends itself to the email addresses that have been gathered. The email may have some of the following characteristics:

From:
[SPOOFED]

Subject:
One of the following:


Good Day
Server Report
hello
picture
Status
test
Error
Mail Delivery System
Mail Transaction Failed
Mail server report.

Message:
One of the following:


The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
The message cannot be represented in 7-bit ASCII encodingand has been sent as a
binary attachment
Mail server report. Our firewall determined the e-mails containing worm copies are being sent from your computer. Nowadays it happens from many computers, because this is a new virus type (Network Worms). Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses. Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service

Attachment:
One of the following:


body
data
doc
docs
document
file
message
readme
test
text
Update-KB[RANDOM NUMBER]-x86


Note: The file name of the attachment may use a double extension, for example body.txt.exe.



RecommendationsSymantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
 
Back
Top Bottom