Author Topic: Warezov-AAV : can't remove this virus  (Read 12018 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #15 on: February 13, 2007, 12:16:11 AM »
Thanks for all of your help and pointers.
Things aint gettin' any better....dodgy email still flooding in..if anything its getting worse. (200 emails today already)

Is there really nothing I can do ? Seems strange that you can go to all sorts of lengths to remove viruses from your PC...but with this (which is probably worse than a virus) there is nothing to be done !

Changing my email address would always be an option I suppose ?

Dodgy emails flooding in can't be stopped by changes on your system, it isn't generated on your system and isn't being imported by something on your system. Somehow your email address has ended up on a list or simply as has been said on someone's system that is infected and is constantly sending emails to everyone on their address book.

As you said you could change your email address, this would likely provide a respite, but you have to consider who you give it to and how you use it to stop the same condition building up. Personally I would do this as one measure the second get an anti-spam tool to pre-scan email from your email server, it will identify a huge amount of spam which it flags for deletion (at the server so you don't first have to download it to your inbox). You can check those not flagged and identify the spam and dodgy emails and also mark them for deletion and for learning.

I use MailWasher Pro, although it is primarily for Spam it is also easy to deal with suspicious emails. There is a free version, but this only works with a single email account, which may be enough for your needs. The Pro version works with multiple accounts. With a good anti-spam program (one that can delete from the email server) you may be able to get away with your existing email address, but a completely clean start is likely to have better results.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mauserme

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #16 on: February 13, 2007, 01:09:06 AM »
Is there really nothing I can do ? Seems strange that you can go to all sorts of lengths to remove viruses from your PC...but with this (which is probably worse than a virus) there is nothing to be done !
It's not that nothing can be done, its that you aren't in a position to do much because the problem is not on your computer.
 
Well, if you wanted to be proactive ...
 
There's a chance, though not a guarantee, that you are in the address book on the infected computer.  If the list of people who have your address is short you could try contacting them.  They're probably experiencing quite a slow down on their computer right now.  But this is truly a long shot.

tutties430

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #17 on: February 13, 2007, 01:43:56 AM »
Mauserme,

Definitely worth a try ! Thanx ! My own address book isn't that big. I will ship out a note to everyone and see how I get on.

An earlier post suggested he finally had to start looking at user IP's...how difficult is this to do ?

I checked my spam filter today and it had over 1000 'delivery failure' style emails in it for just today !

Graham.

P.S. Fan stopped working on my PC today too and it nearly fried ! At least I can't blame the spam for that !!! :-)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #18 on: February 13, 2007, 01:49:07 AM »
If you do as suggested, send an email warning that one of them might be infected don't what every you do send it to all in your email address book in one go (send in small batches, also avast might think it is spam).

If you do send it to multiple recipients, put their email address in the BCC field, otherwise you will be giving a gift as all addresses in the To and CC fields are visible in the email that is received and those addresses would then be exposed to the same problem.

Send the email to yourself with other recipients in the BCC field.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Warezov-AAV : can't remove this virus
« Reply #19 on: February 13, 2007, 03:02:02 AM »

An earlier post suggested he finally had to start looking at user IP's...how difficult is this to do ?

In my case it was quite easy. It was klez. The true return path with this virus could be viewed in the message source. I don't think that the evil authors made this mistake again.

 I also don't believe I was in the address book on the infected computer, but rather my address had been harvested from an email that had been forwarded to said computer.

In your case, I think following the suggestion of contacting your contacts and advising them of the problem may be your best bet. But as also suggested, it may be a long shot.

If they in turn are experiencing the same, have them do the same. Their contact circle could be quite different than yours.

Good luck!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #20 on: February 13, 2007, 03:25:27 AM »
I checked my spam filter today and it had over 1000 'delivery failure' style emails in it for just today !

That is the beauty of mailwasher or any anti-spam tool that you can train, e.g. mark delivery failure emails as spam and it will soon be flagging these emails as spam and mark them for deletion from the email server and you don't have to download 1000 emails for your filter to catch.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

tutties430

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #21 on: February 14, 2007, 12:35:32 AM »
Thanks to everyone who has helped me over the last few days !
I now have the free version of MailWasher running successfully and am in the process of contacting those on my contacts list to see if they are prepared to own up to having a virus !

Have also set up a new email address that - probably - over time I will use as my main address - assuming things don't improve on my original address.

Its been a bit wild...but at least I am a lot wiser now.

Thanks again,

Graham

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #22 on: February 14, 2007, 12:59:04 AM »
Glad we could help Graham.

Remember use the BCC files for recipients, don't make a gift of email addresses to the infected system or subject those in your address book to the same problem. I love MailWasher Pro ;D

You can stop avast scanning the mailwasher content as it downloads the partial email and save some scanning by the Internet Mail provider.

By editing the avast4.ini file, [MailScanner] section using a text editor like notepad. It is best to save a copy of avast4.ini to another location in case of any problem, you can then copy the original back.

MailWasher doesn't download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesn't download images or attachments and it views what is downloaded in text only. Based on this I personally don't feel that any negligible risk worth scanning duplication, but the choice is yours.

[MailScanner]
IgnoreProcess=MailWasher.exe add this line if you don't already have an IgnoreProcess line.
« Last Edit: February 14, 2007, 01:01:02 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MattNW

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #23 on: February 14, 2007, 07:40:18 AM »
Thanks to everyone who has helped me over the last few days !
I now have the free version of MailWasher running successfully and am in the process of contacting those on my contacts list to see if they are prepared to own up to having a virus !

Have also set up a new email address that - probably - over time I will use as my main address - assuming things don't improve on my original address.

Its been a bit wild...but at least I am a lot wiser now.

Thanks again,

Graham


I wonder if it might be possible to send emails from your new email address to each person in your contact book one at a time and wait to see if your new address starts getting spammed. That might weed out the infected machine or at least narrow the suspects down somewhat.

Thankfully I don't have that problem. Most of my email contacts are savvy enough to keep their computers pretty clean except for one lady down the street who clicks on every email attachment she sees. When I start getting these bounced emails I know exactly who to go to and run an AV scan for her.  ;D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #24 on: February 14, 2007, 02:30:32 PM »
That really is like playing Russian roulette and keep pulling the trigger until it blows your head off. The whole point of getting a new email address is to get a clean start point. Infected systems I'm sure don't only send out spam to those on their address book but also pass on those email addresses which also get passed to other zombie nets (infected systems) and it grows at a huge rate.

There is no way a single infected system would generate 1000 spam emails to a single email address in a day, the email address has to be in spam lists or a spam zombie network, so the last thing you want to do is potentially expose your new clean address to more of the same.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mauserme

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #25 on: February 14, 2007, 08:33:34 PM »
There is no way a single infected system would generate 1000 spam emails to a single email address in a day, the email address has to be in spam lists or a spam zombie network ...
I have to agree with David on this.  When it was 70 or even 200 bounced emails it might have been a single computer, but its beyond that now.

tutties430

  • Guest
Re: Warezov-AAV : can't remove this virus
« Reply #26 on: February 14, 2007, 11:51:38 PM »
1200 today....so far. All being washed away by MailWasher !

Sadly, I am now looking for patterns...205 came in altogether just a minute ago...its never been like that before 1

If it is one of these zombie things will it just go on forever and ever ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86125
  • No support PMs thanks
Re: Warezov-AAV : can't remove this virus
« Reply #27 on: February 15, 2007, 01:29:09 AM »
Zombie networks are multiple infected systems controlled by one host system it would need multiple systems for you to get this number of emails. You are now looking at step two and that has to be a clean email address with this kind of activity the old one is history as you couldn't reasonably sort through that number (even with mailwasher doing such a good job) just in case there are any legit emails in there.

Sending an email to your contacts 20 or so at a time, in the BCC field (do you understand what I'm talking about ?) so you aren't exposing others. Warning that one of them may be infected. You could mention because of the level of bounced email you have to change your email address and you will contact them when you have sorted it out. This should take the sting out of the email and emphasize the seriousness of the problem and hopefully not feel insulted when you say that their computer may be infected.

I would suggest you have two new emails one that you only give to trusted friends and another for the rest, when you are asked for an email on the internet don't give them the trusted one but the other and set mailwasher to watch the un-trusted address. Once this is set-up either close the bad address or abandon it, closure is best as it won't be swamping your ISPs email server.

Personally I would consider the Mailwasher Pro version that supports multiple addresses and is a one off payment not an annual subscription.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security