Author Topic: (AT&T/Bellsouth ISP) PC Sending SPAM emails (SOLVED)  (Read 16916 times)

0 Members and 1 Guest are viewing this topic.

thekochs

  • Guest
(AT&T/Bellsouth ISP) PC Sending SPAM emails (SOLVED)
« on: June 30, 2012, 04:41:08 PM »
My wife has fairly new DELL PC.....I configured.....I'm pretty techy guy.
It is W7 64bit with all latest updates.
I'm running Avast that does full scan daily.....shows clean.
I have Office 2010 installed and she uses the Outlook for e:mails.
Couple days ago she showed me a kickback email to one of her address book people that she did not send email to.
I looked at it and was a SPAM filter notice from that recepients SPAM filter back to us.....bascially notifying this e:mail contained SPAM.
My wife told me this had happened before few weeks back.....but I notice not daily or anything...intermitant.
I noticed it also had sent to my business email address so I check online SPAM filter there and yes is was caught.
I ws able to capture the message and is first attachment.
It basically says "hope your job is going well.  I wanted to alert you about a great joy opportunity".......blah....blah......then website link to:
orditurafratellipagni.it/claimcall/............full link shown in message.

I re-ran Avast Full Scan and Rootkit.....I also ran MBAM.....nothing found.....I attached MBAM log.

What shoudl I try next ?....please outline steps exactly for me to follow....I'm techy but know this removal stuff is very particular.
One note, I have RollBackRX on machine but the rollback points don't go back very far since we rolled forward periodically to keep machine running quick.

Appreciate all the help in advance !!!!!
« Last Edit: July 05, 2012, 12:16:28 AM by thekochs »

jeffce

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #1 on: June 30, 2012, 04:45:09 PM »
Hi,

Have you tried just changing the password for that account yet from a "clean" system?


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: PC Sending SPAM emails (HELP)
« Reply #2 on: June 30, 2012, 04:46:01 PM »
Do you use an online mail host i.e. Livemail, Hotmail, Google mail etc....

If so then change the password as the online account may have been hacked

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #3 on: June 30, 2012, 05:42:31 PM »
Not sure I follow...I don't think her online Bellsouth account (now AT&T thru Yahoo) has been "hacked"......my wife uses Outlook on the PC....not the Webmail.
There appears to be a virus or malware running within Outlook or the PC that is using some of the address book to send an e:mail....which is a SPAM email.
There is no record of this in the email in the outbox.

I see the posts above about changing password for that account.....would that make any difference because if running from the PC I have to put the new password in Outlook.

Is there some other "scanner" I can run besides Avast & MBAM to check ?

Thx !
« Last Edit: June 30, 2012, 05:59:17 PM by thekochs »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89623
  • No support PMs thanks
Re: PC Sending SPAM emails (HELP)
« Reply #4 on: June 30, 2012, 06:10:28 PM »
Generally spambot doesn't use your email client to send spam (or they would show up in the sent items/outbox), but a very small SMTP program to send the spam.

Even if it does use its own smtp client, avast should still scan that outbound email.

From your spamassassin attachment -  Looks like that email you received was from Pakistan 182.177.74.129 (image1 whois info) and the Probable originating IP address shows the message was from yahoowebmailservice not your bellsouth (image2 highlighted extract).

It is so easy to fake the From email address and they could get that from many sources. Are the email addresses in the To address in your Outlook addressbook,
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #5 on: June 30, 2012, 07:08:04 PM »
Even if it does use its own smtp client, avast should still scan that outbound email.
The Avast outbound email scanner is checked.

Are the email addresses in the To address in your Outlook addressbook
The addresses in the TO: line are in my wife's Outlook address book.
For what it is worth....we have no addresses in the webmail account since she does not use it.
« Last Edit: June 30, 2012, 07:10:46 PM by thekochs »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89623
  • No support PMs thanks
Re: PC Sending SPAM emails (HELP)
« Reply #6 on: June 30, 2012, 07:40:11 PM »
1. Possibly worth bumping up the Mail Shield, Expert Settings, Sensitivity to High heuristics.

I'm still not convinced that the email was sent from your system as the supposed original was sent from a Pakistan IP.

2. It is possible for malware on the system (at some point) to harvest the address book, but it doesn't mean that the spam originates from your system. If you were sending high volumes of spam I have little doubt that your ISP would know and tell you (probably a warning).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #7 on: June 30, 2012, 08:05:22 PM »
1. Possibly worth bumping up the Mail Shield, Expert Settings, Sensitivity to High heuristics.

I'm in Avast under Mail Shield....I see the Expert Settings button...go in there....set from Normal to High.
Any other changes like changing the Sensitivity check box on that page to "test whole files" ?
Anything else ?

FYI....I did run MBAM in safe mode with Networking on.....should I re-run in normal Windows mode ?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: PC Sending SPAM emails (HELP)
« Reply #8 on: June 30, 2012, 08:06:16 PM »
Normal mode is always best

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #9 on: June 30, 2012, 08:07:12 PM »
Normal mode is always best

I just set to HIGH....problem ?

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #10 on: June 30, 2012, 09:02:53 PM »
Check this out....what do you think ?

http://forums.att.com/t5/Email-Internet-Security/AT-amp-T-email-account-spoofed/td-p/3234663

I going to change the password for the account.
« Last Edit: June 30, 2012, 09:04:56 PM by thekochs »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89623
  • No support PMs thanks
Re: PC Sending SPAM emails (HELP)
« Reply #11 on: June 30, 2012, 09:29:02 PM »
1. Possibly worth bumping up the Mail Shield, Expert Settings, Sensitivity to High heuristics.

I'm in Avast under Mail Shield....I see the Expert Settings button...go in there....set from Normal to High.
Any other changes like changing the Sensitivity check box on that page to "test whole files" ?
Anything else ?
<snip>

I would leave the other Scan for PUPs (Potentially Unwanted Program) unchecked as it isn't really something that is connected with possible spambots.

Check this out....what do you think ?

http://forums.att.com/t5/Email-Internet-Security/AT-amp-T-email-account-spoofed/td-p/3234663

I going to change the password for the account.

Essentially essexboy has already mentioned this sort of thing as generally it is webmail that is compromised, that is why he asked (suggesting a change of password if you had webmail).

However, that said you say your wife's webmail account doesn't have her address book contents, so hard to see her webmail account being used for the spamassassin example you posted, which came from YahooMailServise, presumably she doesn't have that but an ISP webmail account ?

It will be no bad thing to change it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #12 on: June 30, 2012, 09:41:38 PM »
Check this out....what do you think ?

http://forums.att.com/t5/Email-Internet-Security/AT-amp-T-email-account-spoofed/td-p/3234663

I going to change the password for the account.

OK......we have five "legacy" bellsouth accounts that went to AT&T and I guess Yahoo "hosts" now.
My wife's Outlook logs into each of these accounts during a SEND/RECEIVE.....as well as a new GMAIL account.
I went each of the bellsouth and gmail accounts and the SPAM guards were ON.
However, in the one Bellsouth that was the culprit the online SPAM guard was OFF.....and it had the email addresses in the Contact folder.
I wanted to double check this because there was only few emails this went out to and she has alot more contacts in her outlook address book.
I enabled the SPAM guard online, I changed all of these accounts from "keep me logged in for two weeks" to force logoff.
I was going to change the password but for the life of me with AT&T I cannot find out where......I click on the change password link and it routes me into never-never land.
I will have to do some checking on how/where to do that.

Anyway, perhaps with the above the webmail server was getting a spam and doing a SEND up in the cloud and when she "received" from outlook she got the kickbacks.

What do you think ?

 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89623
  • No support PMs thanks
Re: PC Sending SPAM emails (HELP)
« Reply #13 on: June 30, 2012, 09:51:32 PM »
Well the bounces would be coming back to the From address, which I guess would be the default email address for that bellsouth account. So any bounce backs would be sitting in that webmail account inbox awaiting collection, either by webmail or by downloading them in your Outlook email client.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

thekochs

  • Guest
Re: PC Sending SPAM emails (HELP)
« Reply #14 on: June 30, 2012, 10:05:58 PM »
Well the bounces would be coming back to the From address, which I guess would be the default email address for that bellsouth account. So any bounce backs would be sitting in that webmail account inbox awaiting collection, either by webmail or by downloading them in your Outlook email client.

Thx all for responses on what probably is not a Avast issue....
After 10 minutes I found the new AT&T account page to change the password.....going to wait on that.
I think per the above the original SPAM came into webmail and since no filter then used the webmail few addresses to spam out.
When my wife used Outlook to download her e:mails.....few times a day....outlook typically closed......she got the kickbacks from the TO recipients rejecting.
Anyway, only my guess now......going to give it a few days now that I've enabled the SPAM guard and deleted the online contacts.
I also reset the Avast sensitivy back to normal.
If the above doesn't work I'll change the password too......just pain to do online, then each of the machine's outlook settings.
BTW, the password is a VERY strong password.

I'll let you know how it goes.
« Last Edit: July 05, 2012, 12:15:31 AM by thekochs »