Outlook sending spam

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

FrankB

Thread Starter
Joined
Mar 19, 2001
Messages
221
I am on XP with Outlook 2002 SP2. I have been getting Mailer Daemons returned to me on messages I haven't sent. Today when I checked my mail for the first time I saw Norton scan an outgoing message and I received a Daemon back. The message has to do with printer cartridges. There are no new messages in my sent folder. In the body of the Daemon I see a file winmail.dat. I did a search in my pc and only found a winmail1.dat 1kb. Is this a normal file in XP? Is there a way to find the program that's sending this spam from my pc? I ran spybot and adaware with the latest updates. I also ran Norton and found nothing. I asked for help from my ISP but they haven't helped. Are there any mail trace programs? Any suggestions?
 
Joined
May 28, 2003
Messages
2,366
One of the newer techniques spammers are using is to hijack many individual machines to avoid be traced. The fact that you said Symantec was scanning something going out leads me to believe you may very well be a victim. Sounds like it anyway.

I'd suggest a couply of omnine scans that are sometimes able to find this type malware. Try Pest Patrol's PestSCan and GFI's online trojan scan

If you find nothing, then it is time for a Hijack This log review I believe.
 

FrankB

Thread Starter
Joined
Mar 19, 2001
Messages
221
These found 0 problems. I had already run adaware, spybot and norton. This seems to be a problem for others also. It may be the tip of the spam iceberg. Others have tried many things and found nothing in their logs that gives a clue.
Thanks again
 
Joined
May 28, 2003
Messages
2,366
Golly...a mystery indeed. Well, if something is being sent, an application has to be sending it. Look in your Task Manager and see if anything looks new or unusal to you. Trouble is, for me, most things in Task Manager look unusual!

Also, check the properties of the "returned" mail to see if that might shed some light.

The new Zone Alarm Pro has a mailsafe feature that allows you to block mailings that exceed a number you pick like 'x' messages in 'y' seconds. This was designed for this exact reason. Zone Labs says:
Too many e- mails are sent at once: Zone Labs security software displays an Outbound MailSafe protection alert when your computer attempts to send more than the specified number of e-mails within the specified time interval.

A message has too many recipients: Zone Labs security software displays an Outbound MailSafe protection alert when your computer attempts to send an e-mail message with more than the specified number of recipients.
It's a thought.
 
Joined
Oct 15, 2003
Messages
1
Glad others are having this problem. Happily the problem, at least on my machine, isn't a trojan but a tag in a spam that I received.

Disposition-Notification-To: <[email protected]>

(email address is ficticious)

I'm running Outlook 2002-sp2 on XP pro with ZoneAlarm pro.

My spam filter (Cloudmark) picked up the spam and moved it to a spam folder. When I periodically delete the contents of the spam folder, it seems to send these disposition notification messages.

So the message gets sent, even if I never open it. Deleting the spam triggers the send.

Outlook allows blocking of read receipts, but I haven't figured out whether it can block Disposition-Notification-To: messages.
 
Joined
Dec 2, 2004
Messages
1
Great numbers of these e-mails are being sent from my home PC.
I have traced the address of where the HTML in the e-mail redirects you - it is smartinfosite.info on mine - go there and you get a lovely "unsubscribe" box - the WHOIS data points it to an Australian user who I have contacted with extremely nice words.
ZoneAlarm's MailSafe feature should be preventing mail from being sent in this fashion but nothing is flagged.
 
Joined
Jan 10, 2004
Messages
268
I may have misread this thread but I see a program on a local hardrive sending spam. ZoneAlarm and Norton both have a switch that requires authorization to send mail. After you approve Outlook etc. the spyward program can be denied permission permanently and you never see it again. Spybot/PestPatrol/Weboot/Adaware can then sniff out and delete the bad program.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top