What do you mean your ISP has been blacklisted? Are all their customers affected the same way?

Or did you mean your IP is blacklisted? An IP and ISP are not the same thing.

What is CBL?

What is the name of the Trojan?

Has it been detected and identified by anti-virus software?

What do you mean Fri-Mon everything ran clear? Do you mean your anti-virus detected no infection? But then on Monday your anti-virus did detect an infection? That seems weird.

Best thing to do would be run antivirus and antitrojan software to detect and remove it.

I would hire a pro to get under the hood and run some diagnostics, there can be stuff hiding in there that your anti-virus will not detect. You need some-one with skills in this area to do a deep clean.

Try manually searching for and deleting it - Tutorial here

Skip installing AVG or delete your antivirus first, can't have two running, sometimes they fight each other.

Oh thanks- I didn't know about the CBL.

I don't have a lot of anti-virus protection on my PC so if I get a problem (happens rarely) then I usually use Google and the name of the file/virus to find solutions.

I believe you don't have a trojan on your computer. I believe you are a victim of spooking.

What I think is happening to you is someone is using your return email address in spam emails being sent out from another server. When people complain you are viewed as the person sending the emails and the bounces come to your server or computer.

The only cure I have found is to delete the from email address you are currently using and use a different email address. The bounces will stop coming back to you and you can then begin the process of trying to get removed from black listes.

Keep in mind the black lists that want to charge you money to remove the black list may not be black lists that very many ISPs use. So you may not want un list from all of them.

I hope this has been helpful,
Steve Yakim

Run Malware Bytes. (You probably already have, but run it again.)

Then go here and request help:
Malware Removal Assistance | MalwareTips.com

I recently had a problem with a virus I just couldn't beat. They had me fixed up in less than 24 hours.

Of course, this will not help you if your address has been spooked.

[DELETED]

Sandy,

There are a number of different ways this can happen. But I DOUBT you mean IP, unless you have a fixed IP address. If you don't, they can't very well block the IP. And they never block the IP of the client anyway, it is of the server. If you DON'T have a fixed IP address, your system is likely the CLIENT. This is usually the case. Outlook, Pegasus, and the like are clients. People DO sometimes infect clients, but servers are often infected as well. Did you check the IP chain in a raw email of the spam? Did you check with the email provider yet? The email provider is NOT always the ISP. I, for example, have a gmail.com, a Reagan.com, outlook.com(NOT to be confused with outlook, which is the client), and OTHER email providers. BTW outlook,com is a Microsoft domain that likely uses a popular email server called exchange.

There IS a good chance the problem is not YOURS! MOST client infections do things like go through the users contact list and send emails via the users email.

Steve

I'm going to be really honest here.

About the only thing I can think of in this situation is to simply wipe the entire hard drive out and start over.

Wish I could help you further, but sometimes starting over is the best thing to do.

You're not going to stop spoofing, outside of tracking the origin, and asking the servers to tighten things. Many servers don't check, and some just check the user. If it checks the user and domain, spoofing will be impossible with that server.

Did you check for the IP in the spams IP list? If it is an IP from your client, the problem is there. If it from your server, it is there. If neither, it is likely spoofed. Of course, there is other evidence there as well. But where it starts is where the problem is. If you don't believe, and the spam is constant, just turn off your client at a given time. If you get spam sent after that time, the problem is elsewhere.

BTW setting up your system from scratch could take a long time.

Steve

03h30 over here and I am flagging, thanks for all the help and advice so far, will get back to you after a couple of hours sleep.

Update:

Activation of SPF has not worked for me. Will now try using DMARC, though feeling a bit confused by it.
If anyone has any other ideas I would greatly appreciated it.

Karen,

With this situation, it has nothing to do with her email address. Someone else ended up using the same IP she had used, and their machine was infected.

Cutwail is a huge botnet that was sending billions of spams daily at one point. Probably still is, although compromised servers are a bigger issue now in that area. If you're ever curious about just how dangerous these things can be, Google Cutwail. It's infected over a million machines.

BTW... Wombat alert: It's spoofing, not "spooking."


Paul