Author Topic: Spam E-Mails being Sent from my PC (7000+ Today Alone)  (Read 7531 times)

Offline SendDerek

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Spam E-Mails being Sent from my PC (7000+ Today Alone)
« on: January 03, 2007, 03:52:56 AM »
Hello!

I have a question I would like to ask the experienced AV gurus here at Avast.

I have a PC running Win XP at work.  I also have Avast Home installed and running swell.  I have done a thorough scan on my entire PC and it actually picked up quite a bit of virii in the process of doing so. 

There have been quite a bit of times were Avast will alert me saying something to the effect of "Too many duplicate emails have been sent!" and it gives me a choice to continue sending the emails or stop sending them. 

After checking the Avast E-Mail scanner results, it says that it has sent out 7000+ emails today alone.  These emails are being sent from and to random email addresses.  The body text is verses from the Bible.

I have Outlook and Outlook Express setup on this machine if this helps at all.

What I have tried to do to correct: 
*Run complete scan again (including boot time scan).
*Run Spybot S&D
*Run Crap Cleaner
*Run HijackThis
*Run WinTasks Pro 5

All of these and no resolve.  I was hoping that some of you on this board might have an idea of what might be happening and how I can go about resolving the issue before the ISP shuts us down or something.

Thank you very much in advanced!

-Derek

P.S.  It was also doing this same thing with Norton AV.  I have uninstalled Norton and used Avast instead.  It makes me shiver having to say the N-word.  My appologies.  ;)

Offline SendDerek

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #1 on: January 03, 2007, 03:54:37 AM »
Oh, and BTW:  I am very computer literate.  Tell it to me straight doc!  ;D

Offline RejZoR

  • Polymorphic Sheep
  • Starting Graphoman
  • *****
  • Posts: 7798
  • Gender: Male
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #2 on: January 03, 2007, 04:19:41 AM »
Alwil team should seriously incorporate the outbound email worm protection in Standard Shield for proactive protection against such crap (which is otherwise used by Internet Mail provider).
Otherwise i think you can see the EXE file responsible for this by hovering email scanner icon in next to the clock (appears when scanning mail). At least if i remeber correctly.

Offline SendDerek

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #3 on: January 03, 2007, 04:24:35 AM »
Excellent.  I will try this.  I remember trying to double-click as well as right-click on the icon, but nothing appeared.

In the meantime, if there are any other suggestions, I would like to hear what you have to say.

Thanks!

Offline alanrf

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Gender: Male
  • Just an avast user
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #4 on: January 03, 2007, 05:34:24 AM »
Methinks that (very) young RejZoR is getting old and forgets that avast used, by default, to warn users of this problem. 

It used to be (before faintheartedness) that avast would give this process information in the "timeout" message on the send side of the avast email scanner.  But alas due to too many complaints from users of P2P programs using port 25 (among other issues) the avast team got cold feet and turned it off.  At least it meant fewer complaints for avast - even if users like SendDerek did not get useful warning information anymore. 

So, SendDerek  ...here is a suggestion:

In the Internet Mail Scanner, select "Customize" and then select the "Advanced" tab

Check the box "Timeout for Internet Communication(s)"  set the time to 60 (seconds)

Click "OK"

If 60 seconds produces no results then it may be worth trying 25 seconds (spambots are not always completely stupid).

I believe (or I hope ... since avast may have made other changes) that the spambot sending emails on your system will trip this avast check and cause a pop-up (as in the memory of RejZoR) that will advise you that a process whose name it will tell you has spent too long sending emails out of your system without your approval.

If you choose to follow this advice please let us know if this has any value in diagnosing your problem. 
« Last Edit: January 03, 2007, 05:42:01 AM by alanrf »

Offline ksav

  • Newbie
  • *
  • Posts: 5
  • Ho Ho!!!
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #5 on: January 03, 2007, 08:49:41 AM »
Just a thought, has Avast updated to it's newest DAT file?  There was a worm introduced over the new year desinged solely for SPAM'ing:
details:
Subject - Happy New Year!
Attachement - POSTCARD.exe
Worm Name - Nuwar.B

Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

Worth checking..?


Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #6 on: January 03, 2007, 09:37:52 AM »
Now i know that Avast was not picking this up as of yesterday because i tried it.
Can you please send an email with the file (false positive or infected) to: virus (at) avast.com
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #7 on: January 03, 2007, 01:13:36 PM »
Oh, and BTW:  I am very computer literate.  Tell it to me straight doc!  ;D

What is your firewall ?
This should be able to catch unauthorised outbound connections unless of course your firewall doesn't provide outbound protection, like XP's firewall.

You could also try sysinternals.com TCPView that should show the connections established and what program/file initiated the connection.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #8 on: January 03, 2007, 03:35:02 PM »
You could also try sysinternals.com TCPView
Sysinternals.com was bought by Microsoft in July, 2006 and become Windows Sysinternals  :P
http://www.microsoft.com/technet/sysinternals/default.mspx
The best things in life are free.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #9 on: January 03, 2007, 04:34:35 PM »
That's right but sysinternals.com redirects to the new site.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline SendDerek

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #10 on: January 03, 2007, 04:38:22 PM »
This is all great advice!  Thank you very much.

I'm going to look into the timeout function, and then l'm very interested in this sysinternals TCPview.

I will post the results.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #11 on: January 03, 2007, 04:41:16 PM »
Glad we could help, welcome to the forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline SendDerek

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #12 on: January 03, 2007, 04:42:32 PM »
Just a thought, has Avast updated to it's newest DAT file?  There was a worm introduced over the new year desinged solely for SPAM'ing:
details:
Subject - Happy New Year!
Attachement - POSTCARD.exe
Worm Name - Nuwar.B

Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

Worth checking..?



It's not that certian email though.  Like I said earlier, it's an email that contains verses from the Bible.  I will try and get the newest updates though.  I had just installed it yesturday and assumed (dangerous) that it had installed all the updates automatically.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64867
  • Gender: Male
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #13 on: January 03, 2007, 04:47:01 PM »
I'm going to look into the timeout function
Here you can see more about timeouts into Internet Mail provider and your email account: http://forum.avast.com/index.php?topic=11380.msg96646#msg96646
Anyway, since avast! version 4.7.807 the mail scanner module ("Internet Mail" provider) has been significantly changed to improve the overall user experience, especially in case of slow connections (dial-up). Namely, most of (if not all) the "Timeout expired" related problems should be gone by now.
The best things in life are free.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11564
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #14 on: January 03, 2007, 05:05:44 PM »
Quote
Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

I disagree, the "postcard" worm was being detected from the very beginning (Avast was one of the first who detected it).

How did you find out it can't detect it?

Am I guessing correctly if I say VirusTotal and/or Jotti's?
If at first you don't succeed, then skydiving's not for you.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now