Author Topic: Spam E-Mails being Sent from my PC (7000+ Today Alone)  (Read 19773 times)

0 Members and 1 Guest are viewing this topic.

SendDerek

  • Guest
Spam E-Mails being Sent from my PC (7000+ Today Alone)
« on: January 03, 2007, 05:52:56 AM »
Hello!

I have a question I would like to ask the experienced AV gurus here at Avast.

I have a PC running Win XP at work.  I also have Avast Home installed and running swell.  I have done a thorough scan on my entire PC and it actually picked up quite a bit of virii in the process of doing so. 

There have been quite a bit of times were Avast will alert me saying something to the effect of "Too many duplicate emails have been sent!" and it gives me a choice to continue sending the emails or stop sending them. 

After checking the Avast E-Mail scanner results, it says that it has sent out 7000+ emails today alone.  These emails are being sent from and to random email addresses.  The body text is verses from the Bible.

I have Outlook and Outlook Express setup on this machine if this helps at all.

What I have tried to do to correct: 
*Run complete scan again (including boot time scan).
*Run Spybot S&D
*Run Crap Cleaner
*Run HijackThis
*Run WinTasks Pro 5

All of these and no resolve.  I was hoping that some of you on this board might have an idea of what might be happening and how I can go about resolving the issue before the ISP shuts us down or something.

Thank you very much in advanced!

-Derek

P.S.  It was also doing this same thing with Norton AV.  I have uninstalled Norton and used Avast instead.  It makes me shiver having to say the N-word.  My appologies.  ;)

SendDerek

  • Guest
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #1 on: January 03, 2007, 05:54:37 AM »
Oh, and BTW:  I am very computer literate.  Tell it to me straight doc!  ;D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #2 on: January 03, 2007, 06:19:41 AM »
Alwil team should seriously incorporate the outbound email worm protection in Standard Shield for proactive protection against such crap (which is otherwise used by Internet Mail provider).
Otherwise i think you can see the EXE file responsible for this by hovering email scanner icon in next to the clock (appears when scanning mail). At least if i remeber correctly.
Visit my webpage Angry Sheep Blog

SendDerek

  • Guest
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #3 on: January 03, 2007, 06:24:35 AM »
Excellent.  I will try this.  I remember trying to double-click as well as right-click on the icon, but nothing appeared.

In the meantime, if there are any other suggestions, I would like to hear what you have to say.

Thanks!

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #4 on: January 03, 2007, 07:34:24 AM »
Methinks that (very) young RejZoR is getting old and forgets that avast used, by default, to warn users of this problem. 

It used to be (before faintheartedness) that avast would give this process information in the "timeout" message on the send side of the avast email scanner.  But alas due to too many complaints from users of P2P programs using port 25 (among other issues) the avast team got cold feet and turned it off.  At least it meant fewer complaints for avast - even if users like SendDerek did not get useful warning information anymore. 

So, SendDerek  ...here is a suggestion:

In the Internet Mail Scanner, select "Customize" and then select the "Advanced" tab

Check the box "Timeout for Internet Communication(s)"  set the time to 60 (seconds)

Click "OK"

If 60 seconds produces no results then it may be worth trying 25 seconds (spambots are not always completely stupid).

I believe (or I hope ... since avast may have made other changes) that the spambot sending emails on your system will trip this avast check and cause a pop-up (as in the memory of RejZoR) that will advise you that a process whose name it will tell you has spent too long sending emails out of your system without your approval.

If you choose to follow this advice please let us know if this has any value in diagnosing your problem. 
« Last Edit: January 03, 2007, 07:42:01 AM by alanrf »

ksav

  • Guest
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #5 on: January 03, 2007, 10:49:41 AM »
Just a thought, has Avast updated to it's newest DAT file?  There was a worm introduced over the new year desinged solely for SPAM'ing:
details:
Subject - Happy New Year!
Attachement - POSTCARD.exe
Worm Name - Nuwar.B

Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

Worth checking..?


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #6 on: January 03, 2007, 11:37:52 AM »
Now i know that Avast was not picking this up as of yesterday because i tried it.
Can you please send an email with the file (false positive or infected) to: virus (at) avast.com
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #7 on: January 03, 2007, 03:13:36 PM »
Oh, and BTW:  I am very computer literate.  Tell it to me straight doc!  ;D

What is your firewall ?
This should be able to catch unauthorised outbound connections unless of course your firewall doesn't provide outbound protection, like XP's firewall.

You could also try sysinternals.com TCPView that should show the connections established and what program/file initiated the connection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #8 on: January 03, 2007, 05:35:02 PM »
You could also try sysinternals.com TCPView
Sysinternals.com was bought by Microsoft in July, 2006 and become Windows Sysinternals  :P
http://www.microsoft.com/technet/sysinternals/default.mspx
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #9 on: January 03, 2007, 06:34:35 PM »
That's right but sysinternals.com redirects to the new site.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

SendDerek

  • Guest
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #10 on: January 03, 2007, 06:38:22 PM »
This is all great advice!  Thank you very much.

I'm going to look into the timeout function, and then l'm very interested in this sysinternals TCPview.

I will post the results.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #11 on: January 03, 2007, 06:41:16 PM »
Glad we could help, welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

SendDerek

  • Guest
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #12 on: January 03, 2007, 06:42:32 PM »
Just a thought, has Avast updated to it's newest DAT file?  There was a worm introduced over the new year desinged solely for SPAM'ing:
details:
Subject - Happy New Year!
Attachement - POSTCARD.exe
Worm Name - Nuwar.B

Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

Worth checking..?



It's not that certian email though.  Like I said earlier, it's an email that contains verses from the Bible.  I will try and get the newest updates though.  I had just installed it yesturday and assumed (dangerous) that it had installed all the updates automatically.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #13 on: January 03, 2007, 06:47:01 PM »
I'm going to look into the timeout function
Here you can see more about timeouts into Internet Mail provider and your email account: http://forum.avast.com/index.php?topic=11380.msg96646#msg96646
Anyway, since avast! version 4.7.807 the mail scanner module ("Internet Mail" provider) has been significantly changed to improve the overall user experience, especially in case of slow connections (dial-up). Namely, most of (if not all) the "Timeout expired" related problems should be gone by now.
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Spam E-Mails being Sent from my PC (7000+ Today Alone)
« Reply #14 on: January 03, 2007, 07:05:44 PM »
Quote
Now i know that Avast was not picking this up as of yesterday because i tried it.  I wasn't infected I was just trying various scanners to see which one found it..!!

I disagree, the "postcard" worm was being detected from the very beginning (Avast was one of the first who detected it).

How did you find out it can't detect it?

Am I guessing correctly if I say VirusTotal and/or Jotti's?
If at first you don't succeed, then skydiving's not for you.