E-mails I never sent bounce, do I have a problem?

Discussion in 'Malware Help (A Specialist Will Reply)' started by D28, Apr 28, 2006.

  1. D28

    D28 Private E-2

    Greetings-

    We've been receiving for the past couple of weeks 5-20 bounced e-mails a day for e-mails we never sent. The bounced message usually says "undeliverable" and will have our e-mail address, but someone else's name (multiple names). Does this mean we have malware, or has someone simply stolen my e-mail name and att thinks I sent it so it sends it back to me?

    PC is Dell Dimension 4550, Windows Home XP SP2, Oultook Express, att is ISP & e-mail. Running AVG (free), BlackICE firewall, spybot, ad aware and pest patrol. They all don't seem to find anything.

    If you all say there is no problem (fingers crossed), I'm done.

    If you think there might be a problem, I'll run all the recommended malware removal stuff and get back to you.

    Thanks!
     
    D28, Apr 28, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it would be best to complete the below.

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
    .
     
    chaslang, Apr 28, 2006
    #2
  3. D28

    D28 Private E-2

    Done and Done... files attached
     

    Attached Files:

    D28, Apr 30, 2006
    #3
  4. D28

    D28 Private E-2

    Sorry, I should replied more appropriately...

    Chaslang wrote: "Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc."

    Yes, I was able to download and run all the tools and scans. I had to run the on-line scans in normal boot, but everything else was run in safe mode. No tool found any problems to speak of (a few tracking cookies removed), except the on-line scans and I have attached the logs. I did not run the "Special Removal Procedures" and I have not turned off and on the system restore.
     
    D28, May 1, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is your copy of PestPatrol a paid version or a free trial?

    I see no problems in you HJT log but we have a few things to cleanup from Panda.

    Use Windows Explorer to locate and delete the below (boot to safe mode and delete if you cannot delete them in normal boot mode):
    c:\windows\system32\FLEOK
    c:\windows\system32\cache32_dsktptr
    C:\I386\mcinsctl.dll
    C:\Program Files\PestPatrol\Quarantine\20060425211126.zip
    C:\Documents and Settings\sarah\Local Settings\Temp <--- delete all files in this Temp folder. A couple will from the current date will be in use by Windows and cannot be deleted.

    Are you still seeing these emails! Perhaps it is just someone spamming you and spoofing your IP address.
     
    chaslang, May 1, 2006
    #5
  6. D28

    D28 Private E-2

    OK, have deleted everything suggested and reset system restore.

    I bought Pest Patrol last year after I got hit by a browser hijacker that Spybot & Ad aware didn't catch.

    We got a few bounced e-mails over the weekend, but at least its not the 20+ per day we've been seeing.

    What does "spoofing my IP address" mean?
     
    D28, May 8, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 8, 2006
    #7
  8. D28

    D28 Private E-2

    Ok,that is helpful. Now, is the spoofing (assuming there is spoofing) a danger to my machine and data? Or is it simply an annoyance to me (but a danger to others who might trust communications from my e-mail address)? What can/should I do about it?
     
    D28, May 8, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is more of an issue for the people who could be getting emails that look like they are from you but are not.

    Get your ISP to change you IP address or use the suggested info in those links to change your visible IP address.
     
    chaslang, May 8, 2006
    #9
  10. D28

    D28 Private E-2

    Will do. Thank you so much for all your kind assistance. Keep up the good work!
     
    D28, May 9, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 9, 2006
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds