Author Topic: Comcast thinks I'm spamming  (Read 8119 times)

0 Members and 1 Guest are viewing this topic.

Offline mallomar

  • Jr. Member
  • **
  • Posts: 23
Comcast thinks I'm spamming
« on: August 09, 2008, 09:53:42 AM »
I'm using avast! 4.8 home edition. XP, SP2. It's up to date -- I always run the updates when the update alert pops up.

I got an e-mail from Comcast (my ISP) telling me that they have determined that my computer is sending out spam. They put a block on my account (which blocked a couple of my e-mail accounts from sending mail) and suggested that I check for viruses.

I usually run a complete system scan once a week. A week or so ago, it turned up a Trojan in the System Volume Info folder (in a restore point) on my external backup drive, and with the help of forum members here, I deleted it (I've scanned that folder a couple times since then to make sure). Previous scans occasionally turned up other viruses or malware (usually in e-mail attachments I had not opened), and those were all deleted.

I got Comcast to unblock my account, but how can I find out if someone/something is really using my computer to send out spam? In the past few weeks, I have received hundreds of bounced e-mail messages -- someone is obviously sending out spam spoofing my e-mail address as the sender, so the undeliverable messages bounce back to me. I asked Comcast if that's what triggered their e-mail to me, but the Comcast guy said their system doesn't specify which e-mails were suspicious -- it just specifies the IP address of the sender. (They didn't give me the IP address -- I suppose I could try to get it from them and see if it matches my router address or whatever.)

Anyway, I'm not sure what to do at this point, and Comcast wasn't much help. I just want to make sure the spam is NOT coming from my computer. FWIW, I do have a wireless router with WEP encryption. If that's not secure enough, I suppose I could replace it. The wireless doesn't work very well in my house, anyway. Walls are too thick.

Oh, and one other thing -- the e-mail address that was getting all of the bounced-back spams is NOT one of the addresses Comcast was blocking. I have several e-mail accounts with several different hosts. Two accounts were blocked, but I was able to get one to work (by call the host's tech support and fiddling with the alternate port settings). Comcast had to unblock before I could use the other account.

TIA.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Comcast thinks I'm spamming
« Reply #1 on: August 09, 2008, 11:55:16 AM »
Hi mallomar,

I think avast! warns if spam e-mails are being sent, even if it can't identify the malware responsible, but just to be sure there is nothing sending the emails on your computer, try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner

You could also post a HijackThis! log.

If your computer comes up clean, you will have more evidence in your claim to Comcast that the spam does not originate from you and that your address has being faked- which I believe is possible, although I hope somebody with more knowledge will confirm this.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Jtaylor83

  • Guest
Re: Comcast thinks I'm spamming
« Reply #2 on: August 09, 2008, 12:32:34 PM »
It could be a botnet hidden in your computer causing it to be zombified.

I suggest follow FreewheelinFrank's post or use Dr. Web CureIt (on demand only).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: Comcast thinks I'm spamming
« Reply #3 on: August 09, 2008, 03:32:09 PM »
Set the Internet Mail provider to High sensitivity that reports on multiple identical emails in a period of time. This may be the first indication of an undetected or hidden spambot.

These are often hidden by rootkit so some more tools for you to try.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- Trend Micro RootkitBuster - http://www.trendmicro.com/download/rbuster.asp
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mallomar

  • Jr. Member
  • **
  • Posts: 23
Re: Comcast thinks I'm spamming
« Reply #4 on: August 09, 2008, 08:59:30 PM »
Freewheelin,

Do the online scanners scan my entire system (all of my hard drives), or just certain areas/folders where malware might reside? (I'm not clear on where malware can live.) Reason I ask is that a full avast! scan takes a really long time, because I have a lot of hard drive space. I started an avast! scan about 11 hours ago, and it's only 27% complete.

So I'm trying to determine how much time to allow for an online scan.

Also, my husband's computer is networked to mine (through the router). I'm guessing I also need to do an online scan of his computer, right?

Thanks,

mallomar

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Comcast thinks I'm spamming
« Reply #5 on: August 09, 2008, 10:14:16 PM »
You should be able to exclude folders you can be reasonably confident do not contain viruses- photos, music etc.

You will need to scan both computers- your IP address will be shared by both.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline mallomar

  • Jr. Member
  • **
  • Posts: 23
Re: Comcast thinks I'm spamming
« Reply #6 on: August 11, 2008, 12:41:56 AM »
Freewheelin,

I ran the TrendMicro Housecall scan, and it found:

JS_KAKWORM.A

ADWARE_BESTOFFERS

HTTP cookies

and various vulnerabilities (obviously I need to run MS updaters).

I let Trendmicro delete all of the bad stuff.

I ran Housecall on my husband's computer, and it found:

JS_KAKWORM.A

DIAL_RAS.HE

FREELOADER_WINFIXER

ADWARE_BESTOFFERS

HTTP cookies

and one vulnerability (we'll run the MS updater)

So what should my next step be? The kakworm and dial things sound scary. Can either one send out spam from my machine? Should I run one (or more) of the other online scans you mentioned? Get a Hijackthis log? Check out the rootkit tools?

Thanks,

mallomar


YoKenny

  • Guest
Re: Comcast thinks I'm spamming
« Reply #7 on: August 11, 2008, 12:49:10 AM »
mallomar, I would download MBAM then update it then run a Quick scan and let it remove what it detects and a reboot may be required to remove locked files:
http://www.malwarebytes.org/mbam.php

Then install a HOSTS file to prevent those known malware sites from accessing your system.

HOSTS files I use:
http://www.mvps.org/winhelp2002/hosts.htm
http://hosts-file.net/?s=Download

Managed with HostsMan and I use its HostsServer proxy to speed up browsing:
http://www.abelhadigital.com

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Comcast thinks I'm spamming
« Reply #8 on: August 11, 2008, 12:54:12 AM »
Hi mallomar,

Did you install Trend Micro RUBotted, it is free: http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted

N.B. RUBotted cannot protect computers running Panda Internet Security 2008.
Respond to your ISP that this may be through malware, and they will try to help you. Update your Java and patch your software,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Jtaylor83

  • Guest
Re: Comcast thinks I'm spamming
« Reply #9 on: August 11, 2008, 07:28:01 AM »
Try one of these anti-spyware programs:

SuperAntiSpyware
Spybot - Search & Destroy
Spyware Terminator (exclude the crwaler toolbar, add on, and the ClamAV module)

After you get of the infections, please download one of these third-party firewalls.

Comodo Firewall Pro

ZoneAlarm

Also download SpywareBlaster.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Comcast thinks I'm spamming
« Reply #10 on: August 11, 2008, 11:04:52 PM »
Hi SpywareBlaster's teatimer only to be installed on a clean system, else it is putting back the malware you wanna get rid of,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

wyrmrider

  • Guest
Re: Comcast thinks I'm spamming
« Reply #11 on: August 11, 2008, 11:17:36 PM »
spyware blaster is ok in any case
t-timer is spybot search and destroy

polonus
t-timer should be off till we're done