My Thunderbird Attacked

I use W7. A few months ago I installed Thunderbird. It worked well, incoming and outgoing - until yesterday.

Now I can't send email. The popup says it can't reach the server, for unknown reason. I can receive mail. My server is prodigy.net.mx

I checked the settings. Seemed okay, but port numbers seem suspicious. I always thought default ports for POP3 and SMTP were in two digits, I think they were 10 and 25. If that changed, I'm unaware of it.

Settings show POP3 - Port 995, SMTP - Port 587.

So, before I go on, can you tell me what those default ports should be?

If these ports are wrong, returning the correct ones could solve half of my problem.

The other half. I went to Mozilla to utilize its forum.

My password didn't work. I knew it, but it didn't work. The stars for the password would not allow themselves to be changed. I asked to reset my password, and it WAS reset.

Still, I can't log on to Mozilla. Those stars still won't let themselves be changed.

So I know this is a hostile attack. It wants to read my email, so it allows incoming. But it thwarts me in sending.

If you can, could you convey this question for me to Mozilla, and get back to me here? I consider this a VERY serious matter.

Thank you!

 

For POP3 those settings are correct.

In Mozilla Thunderbird, open Options and remove your password for the Mozilla forums. Then visit the forums and type your password.

 

For SMTP port 587 is commonly used by ISPs, including outlook.com, so probably correct but you should visit the prodigy website where you should find and be able to properly check all server settings.

 

My modem-router lists ports 25 SMTP mail service, 110 POP3 mail service, 995 POP3S secure mail service, but nothing indicated for 587.
However, it seems 587 is used for mail submission. http://www.pcmag.com/article2/0,2817,1838667,00.asp

 

HERE it suggests 465 or 587 when using IMAP or 465 when using POP3, so definitely worth trying 465. prodigy.net is 2/3 way down list.

 

For years, my POP3 port has been either 10 or 110.
I changed the port to 110 in Thunderbird. It still works.
I changed the SMTP port to 24, which I think was the one I had originally. It worked better, but every mail I send times out. Even that's an improvement over the false port.
I'm not sure 24 is correct, but it's close. I'll check prodigy, and they'll tell me what it should be.
What's important is that these ports were changed against my will and without my knowledge, and the purpose can only be a destructive, greedy one.
YOU need to know there are people out there who can change the ports used by your PC, invisibly. It may be a malware, but I doubt it. It's more like a focused hack.

This is a very serious offense. Under the Interstate Commerce Commission, it's a federal felony to meddle with communications between one state and another state or country.

 

Yeah, I do know that even paranoids can sometimes have enemies, but why haven't you tried the solution I found for you, port 465?

 

And don't use port 24!
http://www.speedguide.net/port.php?port=24
http://www.auditmypc.com/tcp-port-24.asp

 

I did try it, earthling. Below, I ask if I can send you a .txt file of my registry search.

I can change my POP3 to 110, and it becomes the default. And I get mail. When I changed the port number, it became the default. But not on SMTP

When I change my SMTP port - to ANY number - the default remains as 587.

When I tried to send mail with any port other than 587, it tells me it isn't configured to send mail from an anonymous sender.

Even if I make the port 587, it still says it can't send for an anonymous sender.

My settings SAY who the sender is. But I cannot change the default of 587. I can change the port number, but NOT the default, and the default number is for an anonymous sender.

I can try uninstalling and reinstalling, but I already know it won't work, because I've already tried. Thunderbird is infected, and I downloaded it from Mozilla, but it's more than that, because the same bug prevents me from logging on to Mozilla to ask what to do.

I'd like to share what I discovered in the Registry. It'll be a .txt file. I searched for 587 - naturally there were gobs of them, but I did find something extremely pertinent about port numbers, and naming 587 as default.

May I please send the file?

 

That appears to be the norm in TBird. I can change the SMTP on one of my IMAP accounts from 587 to 465 but the default remains 587. I can still send using 465 though where it seems you cannot. Your default of 587 looks like the default for IMAP, not for POP3. What server name is set for outgoing?

There wouldn't be any point in sending me your registry search - I wouldn't even know what to look for.

 

Thanks again! Yes, I can change the SMTP port (now 25), but default remains 587. I'd have noticed if this had been true all along. Now, with 25, the server responds. But using 25, it fails, claiming my account is not configured for anonymous user. I am NOT anonymous!

Using 587, it does the same thing - anonymous user.

So I tried your 465, and it ALWAYS times out.

I use POP3 and SMTP - does that include IMAP? Don't think I've ever had to use it - no recollection of it.

SMTP still won't send mail. Now, the server responds, but refuses to send. Until the day before I first posted, it DID send.

How did I get to be an anonymous user on my OWN PC? Nobody else uses it. Only an anonymous can send mail on my account, but the server rejects it. I'm not considered to be a user, I guess.

My server is prodigy.net.mx - I've used it over 15 years.

 

Since you post that you have now tried all configurations that have been suggested without success, and that you have suggested several times that you believe some kind of malware may be the cause, perhaps now is the time to carry out ALL the steps in the Read & Run Me First Malware Removal Guide. When you have completed every single step that you can (keep a note if you can't complete any particular step) post a new thread in the Specialist Malware Forum and attach the scan logs.
Carry out the steps carefully and fully.
You will be helped there by an expert.
At the very least this will confirm whether or not malware is the cause.

 

I was asking for the name you have assigned to the outgoing (the SMTP) server. It could be something like smtp.prodigy.net or outgoing.prodigy.net but it can't be simply prodigy.net.mx

 

---------

Thanks for the reply. I have been referred to the same guide for other issues I have, and I have a lot of them. However, it is just too extremely intricate and complex, but also, I will NOT use certain programs that don't let me choose each and every action they will make. CCleaner once erased all my videos, and I think I'd rather reinstall windows than use something like that again..

 

You started a new thread in the specialist malware forum here 8 weeks ago but despite being urged to, you never submitted the logs.
If you don't do that, either yourself or with the help of a friend, relative or colleague, then you simply can't be helped with malware on an online support forum.
Doing a full format and reinstall is obviously always an option. Saved crucial personal data to a USB drive or DVD-Rs first.

 

It is set at smtp.prodigy.net.mx - sorry, I thought you just wanted the name of my ISP provider. The other POP3 port says pop3.prodigy.net.mx. I GET mail, but can't send any.

You may be thinking of defaults for the American prodigy service. I'm in Mexico, and I guess they have their own ports. I seem to remember they were 110 for pop3 and 25 for smtp. I've never had the least inclination to change ports in over 15 years. Something else did.

Remember, I WAS sending mail on Tbird till about a week ago. I'd changed nothing, but things WERE changed.

 

MaxTurner
This thread was moved from the Specialist Malware Forum. See post #2.

faster
Is this your email service provider?
http://telmex.com/

 

I don't dare use the method suggested. I'm sure it is good, but I don't trust powerful programs that change things all at once. CCleaner once erased ALL my videos.

The problem may be that I'm not expert enough to use them, but I can't risk another incident like that. I know my system is riddled with malware, and most scans, except Clamwin, find nothing but PUPS. Even Clamwin doesn't nail everything. But last month it found 57 problems that no other scanner found, including Malwrebytes.

Looking right now at my screen, the whole thing is dimmed by a pale whitish blue wash, and it affects everything; even the black area around the screen turns bright blue, where cursors can't go. This comes and goes, and is a terrible nuisance, but no scan has yet found it.

I DO think formatting C is a good idea, but my problem is how to save all my data. I can use CDR-RW disks for most files, but not for my videos, some of which are in gigabytes.

Can you recommend a way to save them? That would help a lot. And is there a way to get back my passwords? I've got a lot of them. Ditto bookmarks.

Thanks for your help.

 

It used to be telmex. A LONG time ago. Telmex is the phone company. Prodigy is the Internet Service Provider. My phone bill includes the charges for prodigy each month. My internet access and email IS from prodigy. But your guess showed me you dig deeply! I appreciate that.

To access the ISP, I have to do it through Telmex, but it still Prodigy that I'm dealing with. It would be different if I used an ISP that doesn't bill through Telmex.

I'd love to go thru that complex set of fixes, but I'm not expert enough to use many of them. CCleaner once erased ALL of my videos. These are powerful programs. I don't dare try these things. I'm out of my depth.

 

Try repairing Windows 7.
http://www.pcworld.com/article/243190/how_to_repair_a_corrupt_windows_7_installation.html
All your files and programs will be intact - you might have to re-install software like your printer program.
You'll have to re-download all the Windows updates.

 

You are completely misunderstanding the RRMF steps. They are not programs that 'change things'. They identify malware and, on guidance from a trained expert, they remove them.
As for CCleaner, if you used it correctly in its default settings it doesn't wipe anything such as saved videos or pic or documents. So if you did lose videos it was because you must have altered the default settings, and weren't paying attention to the settings when you ran it.
If you have a genuine and evidential belief your system has malware, short of taking it directly to an IT malware specialist in person, then solving it online (whether here or on any of the other well known support forums) involves scans.
Not prepared to do that? Then you take it to a business or just put up with it.
If you save all personal data first, then you can reformat and reinstall safely.
I have read in depth about a 'reset' and malware and there is no clear advice that in terms of malware it is as effective as a reformat and reinstall.
The choice is yours.

 

I already knew that full well but no it wasn't 'moved' to here at all. They were advised to post here about a different issue as they refused to do the RRMF steps. But I also read the OP state again and again and again in this thread, that they believe their system has malware. If a person repeats that ad nauseam then the simple and quicker answer is to run the RRMF steps to rule it out. They are suggesting completely wrongly now, like they did in the malware thread in March, that they no better than the trained experts about how the scan tools work. I know the OP is wrong about that, you know that as well, but a horse can only be led to water not made to drink.