[dieterschmied]

Last week my ip shut down my service and told me that I was sending out thousands of emails. I told them that they were crazy but now maybe they weren't.

I installed AVG Anti-virus 8.0 which has an email scanner. I was looking at the reports and saw the number of scanned email counting one every 3/4 of a second. I clicked off the scan on outgoing mail and the numbers stopped.

My friend, who hosts an e-mail business looked at it and said that someone is using my computer to send out bulk e-mail. He suggested that I run Trend HouseCall, which I did but it did not work. As soon as I clicked on scan , the numbers started climbing again only on the outgoing mail , of course..

Outside of just unplugging my machine , how can I make certain what is happening because I can't see anything on my task manager. And how can I stop it? I leave my machine on 24/7.

I have installed some virus checkers and I have a firewall from roadrunner and I think I have one in my Belkin router; the fact is, I don't really know what firewall I have but my internet connection shows it is firewalled.

I have three other computers on the same lan but they aren't affected, I think though that one could be.


Dieter Schmied

[lunarlander]

Block outgoing port 25 on the firewall. That will stop all outgoing mail. If you use web based email like hotmail or gmail , then you don't need port 25 and you can block it to stop the email from going out.

What model is your Belkin router ?

[TOGG]

I think you would be well advised to click on the 'Report' option and ask a Moderator to move this to the Malware Removal Forum, since you appear to have a spambot.

Interesting story on this subject can be found here (particularly Lesson 4); http://isc.sans.org/diary.html?storyid=4822

[ferrija1]

Go to the thread you created in the Malware Removal forum and click Report on the bottom of the post. A malware removal expert will then help you.

http://forums.techguy.org/malware-re...tacked-me.html

[dieterschmied]

Quote:

Originally Posted by lunarlander

Block outgoing port 25 on the firewall. That will stop all outgoing mail. If you use web based email like hotmail or gmail , then you don't need port 25 and you can block it to stop the email from going out.

What model is your Belkin router ?

The Belkin Router is an 80211b wireless router model # F 5d6231-4 , ver 2003.

I do have a gmail account but seldom use it. My one.net account is now owned by nuvox, which seem to be a first class company and had never given me any trouble in over ten years.

[dieterschmied]

Quote:

Originally Posted by TOGG

I think you would be well advised to click on the 'Report' option and ask a Moderator to move this to the Malware Removal Forum, since you appear to have a spambot.

Interesting story on this subject can be found here (particularly Lesson 4); http://isc.sans.org/diary.html?storyid=4822

Yes, that was interesting, thanks.
I am one of those that haven't a clue about what he knows other than I know he is right.

I have did what ferrija1 suggested below. Is that what you have essentially suggested?

[TOGG]

Yes, the 'infection' you appear to have means that one or more of the computers on your network is constantly sending spam emails and it looks like people with programs such as Mailwasher (or their ISP's), are using the 'bounce' feature to reject them and send them back to you. That must be a very appealing thing to do if you are the victim of spam, but all it achieves is to double the traffic without bothering the people responsible for the spam because they are using malware on other peoples computers to send the stuff!. The 'Delete' option is much better for spam.

I am not qualified to comment on HJT logs so I can't be much help on that score. It would help to avoid confusion if you were to mark this thread as Solved and continue with the one ferrija1 referred to In Malware Removal. Keeping both threads going is unlikely to bring a solution any closer.

[dieterschmied]

I marked this as solved. I have removed the mail server from my outlook express account that I suspect is the problem and went to their webmail site and forwarded all mail to another address on another server after talking with the owner of the second server and it seems to have stopped the flow.

Mailwasher was not bouncing anything for me; I felt long ago that bouncing was a futile act with spammers.

[TOGG]

I may not have expressed myself clearly in my last post. I wasn't suggesting that you had used Mailwasher to 'bounce' anything,

I had assumed, maybe incorrectly, that the source of your returned mail was due to something similar to Mailwasher being used by people that had received spam from your infected computer(s).

You are right about the futility of bouncing though!

[dieterschmied]

I really don't know what has happened. I thought there might be some kind of loop that was inadvertently closed, but that is speculation. I don't know enough about the tools that are available such as logs.
I had another computer that was just used to replace another computer on the same lan yesterday and I establish a new mail account on Outlook Express using the mail server that was suspect. I sent myself a test email and when I went to read it, a stream of emails flowed and I pulled the ethernet connector until I could stop the flow and remove the account using the roadrunner server.

It could have been something I did but for now everything seems quiet.

[ferrija1]

I've reported you HJT thread and someone should be about to help you soon enough.