Spyware, Viruses, & Security forum

General discussion

Help! I'm Sending Out Spam!

by e. / June 8, 2004 2:57 AM PDT

A while back I noticed "unable to send" emails that weren't mine. I thought it might be a rogue program on my computer sending these out. I was advised it was probably a case of someone stealing my email name and using it to send spam.

A few minutes ago I deleted a bunch of "deleted" items from my Outlook folder. Shortly after that I noticed there were 4 items in my Outbook. Looking further I discovered these were email messages that I didn't create.

The top outside of the email had a heading indicating that it was "deleted." In the email heading it showed the message was being sent by me to someone I didn't know.

In the body of the "message" it said

"To: myname@mydomain.com
Subject: Adventure Awaits!
Sent: 5/22/2004 4:48 PM

was deleted on 6/8/2004 11:49 AM."

(My name/domain ws my email address I've changed so the bots don't get it.)

The other messages were similar. Of note, all had different Subjects and Send Dates, and all were deleted today.

It appears that there is a program creating email on my computer. I run Search & Destroy and AdAware regularly. I also run AVG (and as my earlier post from two days ago indicated, I still have an older copy (expired less than a year ago) of Norton that scans my drive once a week.

AVG indicated two viruses but wasn't able to get rid of them. They didn't appear in the non-current Norton scan. I don't know if these two viruses are the problem or if it's something else, but obviously I have a problem.

Where do I go from here? Thanks for your help.

Post a reply
Discussion is locked
You are posting a reply to: Help! I'm Sending Out Spam!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help! I'm Sending Out Spam!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
What are the names of the viruses?
by Keith Marcotte / June 8, 2004 4:59 AM PDT

Many viruses send out infected emails. It will be much simpler to help you if you tell us the names of the viruses, OS version and browser version.

Unless the old version of NAV has up-to-date virus definitions, it is almost useless to you.

Collapse -
Your other thread
by Keith Marcotte / June 8, 2004 5:02 AM PDT
Collapse -
Re:Your other thread
by e. / June 8, 2004 5:38 AM PDT
In reply to: Your other thread

Thanks for the info. AVG didn't say what the viruses were, just that there were two and it apparently didn't remove them. Perhaps the info is there and I don't know where to look.

Collapse -
Re:Help! I'm Sending Out Spam!
by Kees Bakker / June 8, 2004 7:17 AM PDT

You can try to install a firewall to intercept the outgoing mail request (the standard XP firewall only works on incoming traffic).
Zonealarm version 5 is not recommended, but if you can download version 4 from it's site it will work for you. But Sygate, Kerio and Tiny are good also, I suppose. See
http://www.google.com/search?q=download+personal+firewall

Hope this helps.


Kees

Collapse -
Re:Re:Help! I'm Sending Out Spam!
by e. / June 8, 2004 8:19 AM PDT

Thanks for your input. I use Sygate on the hard wired computer but I don't have a software firewall on this networked computer. I do have benefit of the router from the Wi-Fi but obvously that hasn't been of any help.

Collapse -
Re:Re:Re:Help! I'm Sending Out Spam!
by Kees Bakker / June 8, 2004 4:57 PM PDT

The router only intercepts incoming threads. A software firewall can be configured to warn/ask permission for all outgoing traffic. I use Zonealarm, and it has a list of programs with yes/no/ask-parameter behind it. So if you install Sygate on this computer, you might be able to see what program is sending the mail. That's the first step towards removal.

Also run the online virusscan from housecall.antivirus.com and/or www.pandasoftware.com/ activescan/activescan.asp?

Hope this helps.


Kees

Collapse -
Re:Re:Re:Re:Help! I'm Sending Out Spam!
by e. / June 9, 2004 5:15 AM PDT

Thanks. I'm in the process of doing a virus scan. I've now been able to identify the viruses. It looks like there are two of JS NOCLOSE A in my Docs & Settings but they aren't cleanable. So where do I go from here?

Collapse -
Information about JS.Noclose
by Marianna Schmudlach / June 9, 2004 5:54 AM PDT

While JS.Noclose may be annoying, it is not malicious. A Web site uses its code to create hidden windows to display advertisements as well as banner advertisements. Closing these windows can be difficult, because when you close one, the window that is "hidden" behind it is displayed.

There is no malicious payload involved in this type of code, and as such, your system is not endangered. For this reason, Symantec does not detect such scripts as viral.

http://securityresponse.symantec.com/avcenter/venc/data/js.noclose.html

......

-- Update March 11, 2004 --
The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.

This javascript trojan allows various hidden functions to take place on a user's system. It exists in two forms:

In HTA form, an HTML Application is created which is not visible to the user and can not be closed.
In HTML form, a browser window is created which is minimized and can not be easily maximized or closed.
Typically these window "tricks" are seen associated with advertisement and banner ad programs. Especially affiliated with pornographic sites and sites which pay commissions to others for displaying banner ads.
The trojan does not contain any other payload and does not cause any damage to the local system. Files which trigger this detection should be deleted.

http://216.239.57.104/search?q=cache:3y1W8ptwup0J:vil.nai.com/vil/content/v_99279.htm+JS+NOCLOSE+A&hl=en

Collapse -
Re:Information about JS.Noclose
by e. / June 9, 2004 9:01 AM PDT

Thanks so much. Now I still have that little problem about my computer sending out spam. Where should I go with that one?

Collapse -
Re:Information about JS.Noclose
by Marianna Schmudlach / June 9, 2004 9:12 AM PDT
Collapse -
Re:Information about JS.Noclose
by e. / June 9, 2004 2:03 PM PDT

Thanks so much. Now I still have that little problem about my computer sending out spam. Where should I go with that one?

Collapse -
Do you have ZoneAlarm ??
by Marianna Schmudlach / June 9, 2004 2:41 PM PDT

this way you can STOP the flow of e-mail and can find our which program is sending it.

If you don't have ZoneAlarm free- look for downloading version 4!

Collapse -
Re:Information about JS.Noclose
by rbayron / June 11, 2004 12:20 AM PDT

There's a possibility that your computer is not sending spam messages but appears to be. For example, let's say I'm a spammer and I have a list of email addresses. If I've got my own email server, I can send out a spam message and make the "From" field appear to be any of the email addresses on the list. The spam would appear to come from you but it's really coming from the spammer. The only time you would know is when the spam message gets bounced back to the email address in the "From" field, which is your email address.

Since your original message was an "Unable to send" message, this could very well be what's happening; you got the bounce back from someone sending email as you. It's sort of an identity theft but with email addresses.

The problem is that there's nothing you can really do in this case.

In our organization, some users have gone to a web-based email (using our domain name) and they still get the same problem you're getting.

Collapse -
(HIJACK)Re:Help! I'm Sending Out Spam!
by belewmoon / June 11, 2004 12:24 AM PDT

What's the deal with version 5?

Collapse -
Zonealarm V5 ...
by Kees Bakker / June 11, 2004 5:37 AM PDT
Collapse -
Re:Help! I'm Sending Out Spam!
by Skullduggery / June 11, 2004 4:09 AM PDT

Kees,

You say not to use ZoneAlarm v5 but to use v4 instead.
I use v4.5 pro and Windows XP Pro sp1.
Is there something wrong with v5 and Windows XP ?

Regards,

Tony

Collapse -
Re:Help! I'm Sending Out Spam!
by wombat / June 11, 2004 10:49 AM PDT

I use XP Pro with Zone Alarm version 5 and have had no problems to-date.

Collapse -
Re:Help! I'm Sending Out Spam!
by Sasha Tee / June 11, 2004 5:58 AM PDT

Hi Kees,

I suspected some type of virus or trojan today also because I had a few bounced emails in OE that I hadn't generated. One had the return path <> nothing else. I use ZA and recently upgraded to version 5 but installed it over the old version, keeping the former settings. I update AVG daily and scanned with AVG today as well as Adaware. Moo Soft Cleaner didn't indicate a trojan. I read the bounced mail through properties and I think maybe we're being fooled with spammers taking another approach to get us to open their mail. Thanks

Sasha

Collapse -
Apparently, more than one way to fake email address.
by Super Neutrino / June 11, 2004 1:14 AM PDT

I'm sending out spam in a way that is a little different from what is posted here by most people. I know spammers use my yahoo email address because those trash emails have occasionally bounced back to me from recipient addresses that does not exist. However, I have a mac, and I have always disabled the feature of sending email from my mac without manual login via a web browser. The pop mail feature for my yahoo account is explicitly disabled on my mac for the sole purpose of avoiding a virus/parasite hijacking my email address from my desktop. But spammers are sending virus, porn, and ***** enlargement drugs and viagra with my email address anyway.

To be sure, these bounce backs are not as prevalent for me right now as it was a few months ago. Nevertheless, it is quite frustrating because there doesn't seem like much one can do to stop them, short of blowing their brains to pieces with a shot gun. While I don't see a quick solution to this problem any time soon, I'm complaining here not to make people paranoid, but to let everyone know that, apparently, faking email addresses is not all that difficult, virus or not. So don't be shocked if your email address is used without your permission, even when your computer is uninfected.

Collapse -
Re: Apparently, more than one way to fake email address.
by sarrob / June 11, 2004 9:27 AM PDT

It is common for spammers to use other peoples' addresses. It is important that when an email is bounced back to your address, which clearly has not originated from you, that you do not, if you use a mail washer, re-bounce the message. This only clogs up the internet. Simply ignore and erase it.

Collapse -
Re: Apparently, more than one way to fake email address.
by wolfman6 / June 20, 2004 11:16 AM PDT

I have had the same thing happen over the past year. I have never found copies of the sent emails anywhere in my Outlook Express not even the deleted folder. Somehow someone has gotten my email address and is spoofing with it. I get the non-deliverable notices occasionally. I suppose changing to a new email address could put a stop to it. But, I'm sure it would end up happening again. It sucks that people have to take advantage of innocent people for their dirty work.

wolfman6

Collapse -
Re: Help! I'm Sending Out Spam!
by jrobino / June 11, 2004 4:45 AM PDT

Sure, you could have a virus ... but not likely one that's continually sending out spam.

Check the most obvious stuff first.

You've probably left port 25 open and someone is routing through you.

-robino

Collapse -
Using port 25.
by Kees Bakker / June 11, 2004 5:40 AM PDT

But would that explain they appear in the Outlook folders? Without any malicious software present on the machine being used?

Kees

Collapse -
Re: Using port 25.
by jrobino / June 11, 2004 7:59 AM PDT
In reply to: Using port 25.

It could. Let me know more of your situation and I'll give you a lot of specifics.

Most of the spam being sent is being routed through other people's computers, the hotel-room-in-canada stuff, notwithstanding.

I'm at jrobino@mail.omsoft.com

Collapse -
Re: Using port 25.
by CA-49er / June 14, 2004 11:27 AM PDT
In reply to: Re: Using port 25.

What can you do if your ISP happens to use Port 25 for outgoing SMTP mail server as with Cox.net?

Collapse -
Re: Help! I'm Sending Out Spam!
by wombat / June 11, 2004 10:59 AM PDT

There are a couple of things I would suggest. Firstly, go to www.grc.com and have your ports checked to see whether they are all stealthed or not. Secondly, download "Highjackthis" and see what that brings up, but be careful before deleting anything. This may or may not help but worth a try.

Collapse -
Yes , I have ZoneAlarm ( free version )
by Pcfreakske2000 / October 11, 2005 11:31 PM PDT

Hi all,

Yes , I do have ZoneAlarm ( free version ).

I use Panda Platinum Internet Security 2005 , it has a built-in firewall , but it didn't work well, so I deactivated it.

I'm using ZoneAlarm again now.

It works well.

Maybe in the future I will start using ZoneAlarm Pro or any other product of their site.

I don't know yet , though.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.