I am getting desperate - Advice needed from techy members re spam sending email trojan

35 replies
  • OFF TOPIC
  • |
For the past 6 months My ISP - edit - IP not ISP - has been blacklisted and I have tried everything I can think of, including what CBL advises me to do, in order to clear the spam sending trojan that my computer is apparently infected with.

This weekend I noticed that from Friday evening through Monday late afternoon, everything showed clear, then at about 16h45 (South African time) it started up again which makes me think that there is human intervention rather than a bot of some sort.

I really need some advice.

Thanks
#advice #desperate #email #members #needed #sending #spam #techy #trojan
  • Profile picture of the author onSubie
    What do you mean your ISP has been blacklisted? Are all their customers affected the same way?

    Or did you mean your IP is blacklisted? An IP and ISP are not the same thing.

    What is CBL?

    What is the name of the Trojan?

    Has it been detected and identified by anti-virus software?

    What do you mean Fri-Mon everything ran clear? Do you mean your anti-virus detected no infection? But then on Monday your anti-virus did detect an infection? That seems weird.

    Best thing to do would be run antivirus and antitrojan software to detect and remove it.
    {{ DiscussionBoard.errors[9744358].message }}
  • Profile picture of the author eac113
    I would hire a pro to get under the hood and run some diagnostics, there can be stuff hiding in there that your anti-virus will not detect. You need some-one with skills in this area to do a deep clean.
    {{ DiscussionBoard.errors[9744405].message }}
  • Profile picture of the author HDRider
    Try manually searching for and deleting it - Tutorial here

    Skip installing AVG or delete your antivirus first, can't have two running, sometimes they fight each other.
    Signature

    ~ Ultra Fast Product Creation - Creating your own products is where the real money is... Let me show you how in this step by step guide.

    ~ Get Your Mind Right and Everything Else is Easy! Law of Attraction States...You Attract What You Think About.

    {{ DiscussionBoard.errors[9744411].message }}
    • {{ DiscussionBoard.errors[9744452].message }}
      • Profile picture of the author andreas32123
        stay there and fiht
        Signature

        Entrepreneur 2014

        {{ DiscussionBoard.errors[9744717].message }}
    • Profile picture of the author SandyDuPlessis
      @ HDRider - Thanks will try it on the PC. though I do not send or receive any emails on it. I do all my emailing on my iMac.

      Edit:

      Have checked according to that tutorial, but the PC is clean.

      Whatever the problem is, it is on my Mac.
      {{ DiscussionBoard.errors[9744457].message }}
      • Profile picture of the author Joe Mobley
        Until you clear up your Mac, you can't send emails from your PC?

        Joe Mobley


        Originally Posted by SandyDuPlessis View Post

        @ HDRider - Thanks will try it on the PC. though I do not send or receive any emails on it. I do all my emailing on my iMac.

        Edit:

        Have checked according to that tutorial, but the PC is clean.

        Whatever the problem is, it is on my Mac.
        Signature

        .

        Follow Me on Twitter: @daVinciJoe
        {{ DiscussionBoard.errors[9744802].message }}
        • Profile picture of the author SandyDuPlessis
          Originally Posted by Joe Mobley View Post

          Until you clear up your Mac, you can't send emails from your PC?

          Joe Mobley
          @ Joe - Nope! The only way I can send them at the moment is online via my server so that my IP is not involved..
          {{ DiscussionBoard.errors[9744849].message }}
          • Profile picture of the author seasoned
            Originally Posted by SandyDuPlessis View Post

            @ Joe - Nope! The only way I can send them at the moment is online via my server so that my IP is not involved..
            I forgot to say SOMETIMES ISPs close ports, and disable your ability to send email to other servers. That doesn't mean your system has been sending spam. They do this because SOME people use a promiscuous email server called an OPEN RELAY. Once you do THAT, all servers accepting email from them will blindly accept it from you. Of course, they record the senders IP, and their ISP could get some trouble.

            Steve
            {{ DiscussionBoard.errors[9744880].message }}
            • Profile picture of the author SandyDuPlessis
              @Steve,

              Yikes! Now I am getting confused.

              I do have a static IP address. I have a mac, so make use of Mac/Apple Mail to deal with my emails.

              I don't appear to have any problems using gmail addresses via Apple Mac mail, only with those emails that I send making use of my website email addresses e.g. sandy@mysite.com. On the other hand, if I go into webmail then I am able to send the mails without a problem.

              Thanks
              {{ DiscussionBoard.errors[9744905].message }}
              • Profile picture of the author seasoned
                Originally Posted by SandyDuPlessis View Post

                @Steve,

                Yikes! Now I am getting confused.

                I do have a static IP address. I have a mac, so make use of Mac/Apple Mail to deal with my emails.

                I don't appear to have any problems using gmail addresses via Apple Mac mail, only with those emails that I send making use of my website email addresses e.g. sandy@mysite.com. On the other hand, if I go into webmail then I am able to send the mails without a problem.

                Thanks
                The concept of how email is processsed, and static IPs is the same regardless of the make of the computer, or OS. With the "mac/apple mail", did it ask for a POP or SMTP address? If so, it is a CLIENT. Are you running the "mysite.com" site http server on your mac, or on a remote server? If it is on the remote server, then your email likely is ALSO. BTW if you don't know if it is on a remote server, if it is not on a remote server, your local system would have to remain on to allow round the clock access to your website.

                Steve
                {{ DiscussionBoard.errors[9745104].message }}
                • Profile picture of the author SandyDuPlessis
                  Originally Posted by seasoned View Post

                  The concept of how email is processsed, and static IPs is the same regardless of the make of the computer, or OS. With the "mac/apple mail", did it ask for a POP or SMTP address? If so, it is a CLIENT. Are you running the "mysite.com" site http server on your mac, or on a remote server? If it is on the remote server, then your email likely is ALSO. BTW if you don't know if it is on a remote server, if it is not on a remote server, your local system would have to remain on to allow round the clock access to your website.

                  Steve
                  Yes, mac/apple mail is a client

                  and yes, my sites are all on a remote server .
                  {{ DiscussionBoard.errors[9745134].message }}
  • Profile picture of the author onSubie
    Oh thanks- I didn't know about the CBL.

    I don't have a lot of anti-virus protection on my PC so if I get a problem (happens rarely) then I usually use Google and the name of the file/virus to find solutions.
    {{ DiscussionBoard.errors[9744430].message }}
  • Profile picture of the author yakim1
    I believe you don't have a trojan on your computer. I believe you are a victim of spooking.

    What I think is happening to you is someone is using your return email address in spam emails being sent out from another server. When people complain you are viewed as the person sending the emails and the bounces come to your server or computer.

    The only cure I have found is to delete the from email address you are currently using and use a different email address. The bounces will stop coming back to you and you can then begin the process of trying to get removed from black listes.

    Keep in mind the black lists that want to charge you money to remove the black list may not be black lists that very many ISPs use. So you may not want un list from all of them.

    I hope this has been helpful,
    Steve Yakim
    {{ DiscussionBoard.errors[9744514].message }}
  • Profile picture of the author Dan Riffle
    Run Malware Bytes. (You probably already have, but run it again.)

    Then go here and request help:
    Malware Removal Assistance | MalwareTips.com

    I recently had a problem with a virus I just couldn't beat. They had me fixed up in less than 24 hours.

    Of course, this will not help you if your address has been spooked.
    Signature

    If you want me to go on arguing, you'll have to pay for another five minutes.

    {{ DiscussionBoard.errors[9744684].message }}
  • Profile picture of the author seasoned
    Sandy,

    There are a number of different ways this can happen. But I DOUBT you mean IP, unless you have a fixed IP address. If you don't, they can't very well block the IP. And they never block the IP of the client anyway, it is of the server. If you DON'T have a fixed IP address, your system is likely the CLIENT. This is usually the case. Outlook, Pegasus, and the like are clients. People DO sometimes infect clients, but servers are often infected as well. Did you check the IP chain in a raw email of the spam? Did you check with the email provider yet? The email provider is NOT always the ISP. I, for example, have a gmail.com, a Reagan.com, outlook.com(NOT to be confused with outlook, which is the client), and OTHER email providers. BTW outlook,com is a Microsoft domain that likely uses a popular email server called exchange.

    There IS a good chance the problem is not YOURS! MOST client infections do things like go through the users contact list and send emails via the users email.

    Steve
    {{ DiscussionBoard.errors[9744874].message }}
  • Profile picture of the author Floyd Fisher
    I'm going to be really honest here.

    About the only thing I can think of in this situation is to simply wipe the entire hard drive out and start over.

    Wish I could help you further, but sometimes starting over is the best thing to do.
    {{ DiscussionBoard.errors[9744975].message }}
  • Profile picture of the author seasoned
    You're not going to stop spoofing, outside of tracking the origin, and asking the servers to tighten things. Many servers don't check, and some just check the user. If it checks the user and domain, spoofing will be impossible with that server.

    Did you check for the IP in the spams IP list? If it is an IP from your client, the problem is there. If it from your server, it is there. If neither, it is likely spoofed. Of course, there is other evidence there as well. But where it starts is where the problem is. If you don't believe, and the spam is constant, just turn off your client at a given time. If you get spam sent after that time, the problem is elsewhere.

    BTW setting up your system from scratch could take a long time.

    Steve
    {{ DiscussionBoard.errors[9745162].message }}
  • Profile picture of the author SandyDuPlessis
    03h30 over here and I am flagging, thanks for all the help and advice so far, will get back to you after a couple of hours sleep.
    {{ DiscussionBoard.errors[9745175].message }}
  • Profile picture of the author SandyDuPlessis
    Update:

    Activation of SPF has not worked for me. Will now try using DMARC, though feeling a bit confused by it.
    If anyone has any other ideas I would greatly appreciated it.
    {{ DiscussionBoard.errors[9767712].message }}
  • Profile picture of the author Paul Myers
    Karen,

    With this situation, it has nothing to do with her email address. Someone else ended up using the same IP she had used, and their machine was infected.

    Cutwail is a huge botnet that was sending billions of spams daily at one point. Probably still is, although compromised servers are a bigger issue now in that area. If you're ever curious about just how dangerous these things can be, Google Cutwail. It's infected over a million machines.

    BTW... Wombat alert: It's spoofing, not "spooking."


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[9880987].message }}
    • Profile picture of the author Karen Blundell
      thanks, Paul, for the clarification -
      I've been reading up on it - holy moly - crazy stuff!
      Signature
      ---------------
      {{ DiscussionBoard.errors[9884402].message }}

Trending Topics