Outgoing mail lost in cyberspace

Discussion in 'Malware Help (A Specialist Will Reply)' started by cesnur, Sep 13, 2006.

  1. cesnur

    cesnur Private E-2

    I am on the road and unable to test the computers with problems until next week but three experienced users of different computers (not connected in a network) in my company report the same problem: when using Outlook Express they do receive messages regularly but messages sent are "lost" in cyberspace and never reach the intended destination, although they do show up in "mail sent" as regularly sent, and no message alerting of any problem is received. The problem DOES NOT seem to involve the company managing the E-mail, Italy's largest (virgilio.it), because they are able to send mail via Webmail. The same company say they see nothing wrong with their E-mail and suggest this may be due to Norton's latest updates. Disabling and even disinstalling Norton did not solve the problem, however. Norton assistance claims a worm or Trojan may make this and I wonder whether this is a real possibility nad what to do. Two of these computers use Outlook Express and one the new Outlook, one has Norton 2004 with updates and one has Norton 2006.
    Thanks for any assistance
    Best
    CESNUR
     
    cesnur, Sep 13, 2006
    #1
  2. cesnur

    cesnur Private E-2

    PS One of the employees found his computer is infected by ratorefaci\sysrtmvs.exe and other malware/spyware in the ratorefaci folder.
    While these may be otherwise annoying, can this really cause the outgoing E-mail to disappear?
    Best
    CESNUR
     
    cesnur, Sep 13, 2006
    #2
  3. cesnur

    cesnur Private E-2

    Help in this tricky matter would really be appreciated
    Best
    CESNUR
     
    cesnur, Sep 13, 2006
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    To fully rule out malware as th e culprit of this amomaly, its best to run throught the guide below and attach the requested logs,

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Sep 13, 2006
    #4
  5. cesnur

    cesnur Private E-2

    Will do as soon as I return home in all three computers. This may be either next week or beginning of October so do not be surprised if you do not hear from me before

    Best

    CESNUR
     
    cesnur, Sep 14, 2006
    #5
  6. cesnur

    cesnur Private E-2

    Apparently, a national cat is out of the bag and has nothing to do with malware (perhaps). The story is this: Fastweb and Tin arethe two largest Italian high-speed ISPs. There are also political questions between the respective owners. Many users left Tin (a branch of Telecom, the largest Italian phone company) for the speedier Fastweb. We did and get weekly call fron Tin to return home. Apparently now a hidden part of this campaign is that Tin has found a way to block outgoing messages from their (paid for) accounts virgilio.it sent from computers connected to a Fastweb network.
    Of course we have the outgoing mail correctly set with "server authentication needed" duly crossed.
    Evidence that this claim by Fastweb is true is that the same laptop is able to send mail from a virgilio.it account when connected to a non-Fastweb LAN while when a Fastweb connection is used the mail is registered as sent but never reaches the intended destination. Vice versa, with a Fastweb connection mail sents from non-virgilio.it accounts duly reach the destination.
    The question is legal and political but the problem is that while lawyers work virgilio.it users connected via Fastweb should either switch to another E-mail address (which Fastweb would even provide for free) or switch to another ISP (which Virgilio/Tin would compell us to do).
    Question you may perhaps answer in your wisdom: how does Tin/Virgilio do it? and is there a way to trick Virgilio into NOT recognizing the mail sent by a virgilio.it account as coming through a Fastweb connection?
    Hope the whole mess is clear
    Best
    CESNUR
     
    cesnur, Sep 15, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds