Something is sending email from me...and it ain't me!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Wuf4Wds, Feb 3, 2010.

  1. Wuf4Wds

    Wuf4Wds Private E-2

    Hi!

    :cry"Something" is sending email to folks in my address book and that something is not me. You may have even received an email from me that was not from me.

    It just started this afternoon, which makes me think I must have visited a not-so-nice website (looking up "name-meanings"). Then again, there was a strange issue with Java last week and AVG seemed strange yesterday. Maybe there is a connection. Maybe it is something else. Either way, it is definitely something! :(

    I realize that I have to go through all the steps before I'll know if I need help getting rid of the critter. However, I have a couple of questions that I hope you can answer before I get started.

    :confused Since copies of these messages are in my sent folder, does that seem to indicate that I can see to whom all the emails went? More importantly, if I disable the automatic send/receive on windows live mail, will that prevent more automatic email that is not really from me? I ask because getting off the internet is not an option right now as I will need to be online for a bit as I download the programs that I need to run. Finally, if I switch computers, will the critter follow the email to the next computer? (It is also running AVG.)

    Thanks! I'm hoping to hear from you soon!
     
    Wuf4Wds, Feb 3, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All this did was delay you by about 3 days from possibly getting your problem fixed while you are waiting for us to be able to answer your questions with incomplete answers since we don't know what your problem is.

    Maybe and maybe not. We have no way of knowing if it logged everything being sent.

    Don't know since we don't know what infection you have, thus we don't really know what abilities it has.

    Not likely unless the other PC has the same infection or you take it with you byopying files to the other PC.
     
    chaslang, Feb 6, 2010
    #2
  3. Wuf4Wds

    Wuf4Wds Private E-2

    Auto Unauth Email--"Read Me" Programs Completed

    Hi!

    Ouch! :( I should have explained the AVG issue better than I did as it was part of the reason I had not started the scans. I tried updating AVG 8.5 (free) to AVG 9.0 (free). There was a problem during the process. I presumed that AVG 8.5 was okay as it appeared to be working and the definition files were current. However, once I got the bug, I figured it was due to the AVG issue. I tried uninstalling AVG but it will not uninstall. I looked at the AVG free forums and gave up after an hour or so of reading what was "almost" my issue. So, I posted my questions to you and the AVG question on the software forum.

    I did run Avira, thinking that would help. Avira picked up a few things and I though it took care of those things. However, the computer started sending out more email last night. Obviously, Avira did not get rid of it. I uninstalled Avira in order to run the "read me" programs. AVG is presumably running in the background but I don't know how well it is running because of the error messages.

    Duh! :-o I guess I was so frustrated with everything that I completely forgot there is more than just one bug and that there is no way you could know how the bug acted if you did not know which bug.

    At any rate, I doubt any of the above information is necessary, so I will hush now. Please accept my apologies for not posting correctly the first time.

    Now for the problems:

    I ran all the files in the order indicated. The names that popped up on these reports do not match the names as listed on Avira. Don't know if that is important to know or not. The ComboFix seemed to stall a few times; therefore, I am unsure if it ran correctly.

    Thank you so much for your help! You are appreciated more than you know!

    My files are attached!
     

    Attached Files:

    Wuf4Wds, Feb 7, 2010
    #3
  4. Wuf4Wds

    Wuf4Wds Private E-2

    Auto Unauth Email--"Read Me" Programs Completed

    This is the combofix file.

    Also, whilst "we" are fixing this mess, what do I do about an anti-virus program? Is AVG fixable?

    Thanks for all your help!
     

    Attached Files:

    Wuf4Wds, Feb 7, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Other than some minor items which were already removed, you do not appear to be having malware problems. Perhaps you have allowed someone to have access to your PC via the VPN software or other remote software you have setup and maybe they are sending emails from your PC...... that is if this is really occurring. Another possibility is that someone has your email account login info and is sending emails via another PC.

    Try using the below removal tool for your AVG problem:

    http://www.avg.com/us-en/download-tools
     
    chaslang, Feb 9, 2010
    #5
  6. Wuf4Wds

    Wuf4Wds Private E-2

    Thanks for checking everything out for me. It is possible that whatever I had was removed by Avira. The last set of emails went out during the Avira scans. I remember Avira found something but for the life of me, I cannot remember what it was. I thought I had written it down but it seems I did not. Unfortunately, there is no log because I had to uninstall Avira before I could complete the "read me first" stuff. (Only one antivirus was allowed and avg would not uninstall.)

    I do have one question. I think it was the rootreal that found three files that were "locked." What does that mean?

    As for the emails, I figured it was some sort of spam email as it was being sent without a subject and only contains links. Examples of the emails are as follows.

    **example 1 of email:
    http://hotxmodem.webs.com?1ljp28us40m
    _________________________________________________________________
    Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
    http://clk.atdmt.com/GBL/go/201469229/direct/01/

    **example 2 of email:
    http://allstacey.webs.com?1g9y
    _________________________________________________________________
    Hotmail: Trusted email with powerful SPAM protection.
    http://clk.atdmt.com/GBL/go/201469227/direct/01/

    -------------------------------------------
    Anyway, thank you so much for your help. It sounds like whatever I had is gone. I will try the link you provided for the AVG. I'll let you know how that goes.

    Thanks again! You guys are the best!
     
    Wuf4Wds, Feb 9, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Most frequently it just means that they are being used by the operating system and are not to be touched.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Feb 11, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds