• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Where are the messages coming from?

J

jimmyj68

Senior member
I'm getting ready to call it a night so I'll come looking for responses tomorrow - but here's the problem . . .

Every now and then my e-mail gives me a message delivery failure due to a server not excepting the message. The messages were sent to individual's e-mail addresses that I don't know and have sent no messages to. The message subjects sometimes look like porn ads or other spam stuff.

I run ad-aware, spybot, zone alarm, and window's defender and they give my system a clean bill of health. How are these messages being delivered and attributed to my e-mail address as sender?
 
Sounds like something from those PC World articles I read sometimes where someone has their PC hijacked and used as a zombie mail spammer. Maybe it was done w/ a rootkit, which I don't think would be picked up by those normal checks. I think there is a free/trial program called Blacklight you can use to search for that.

It might almost be worth it to reformat and start from scratch if you don't turn up anything. To me anyway, it's better than having my pc doing stuff like that.
 
It is very easy for spammers to Spoof the Sender Address and in some cases, the address
they used turns out to be real, hence you get the failure notice in your Inbox

 
yep, i saw a video from some tech site that explained how they spoof email addresses and such. its extremely easy.
 
I downloaded a Sophos Rootkit eliminating program and fired it up. It gave my hard drives a clean bill of health and my running programs. But when I attempted to scan my registry a warning icon came up saying it couldn't flush the "C" drive because another program or device was using the drive. Turned off everything I could and still got the same warning. Either the rootkit "killer" can't eliminate a rootkit or there is something more devious going on. I was hoping to avoid reformating or anything that exstensive until I got my C2D board and CPU installed. I'm going to see if the Sophos program will run in safe mode.
 
Well ran all computer protect programs in safe mode, Sophos AntiRootkit program still gives me a warnng about a running process that causes it to be unable to flush the file in my registry, prevents it running it's file.

I don't lnow - one thing. I used to keep my computer running 24/7, but now I turn it off at night. My cable modem and wireless router which hardwire connects to my computer and is wireless to my wife's computer downstairs is on 24/7, she often is using her machine after I have called it quits for the day.

I'm going to hold off reformating for a couple more weeks until I get the DDR2 800 ram for my C2D lashup. My wife loves me dearly but she keeps an eye on my spending.
I hope that no-one steals my e-mail address for sending child porno because the way the feds and everyone watches that, they could come knocking on my door.
 
Originally posted by: bruceb
It is very easy for spammers to Spoof the Sender Address and in some cases, the address
they used turns out to be real, hence you get the failure notice in your Inbox
Click to expand...

This is your answer. Every once in a while I get those emails. I have my own domain and an email filter and, most of the time, the emails have an attachment which gets stripped by my popserver because it contains a trojan/worm..

The ones I really like are those that are from the "mydomain.com team" advising me of this error which I chuckle at since I'm obviously the team... 😉

 
Here's a link to http://www.theflyingpenguin.com/penguin_blog.shtml#spyware-removal and click on the spyware removal link. This site suggests "spycatcher" http://www.tenebril.com/consumer/spyware/spycatcher.php as a good possible rootkit finder. It installs as a rootkit, so he installs, scans, and uninstalls after the scan. Caution, as spycatcher identifies some programs you need as suspect, so use google to check them out. He also feels that a reformat is the only sure way to rid yourself of rootkits, but some of us like to try everything before a format.

No very good news here, but it is one more tool for your arsenal.
 
I seriously doubt you have a rootkit on your system because of those emails. Rootkits have more serious symptoms than spam, and spycatcher is not going to delete them. There are different rootkits out there, and some can be very difficult to remove.

Programs like gmer, IceSword, RootkitRevealer, etc., to name a few, are used to delete rootkits' registry keys, and programs like HijackThis' ADS stream, ADS Spy, etc., to name a few, are what's used to delete the rootkits' drivers.

Before you think your email spam has something to do with rootkits, I suggest that you read the following:

1. Windows rootkits of 2005, part one
This three-part article series looks at Windows rootkits indepth. Part one discusses what a rootkit is and what makes them so dangerous, by looking at various modes of execution and how they talk to the Windows kernel.
By: James Butler, Sherri Sparks 2005-11-04
http://www.securityfocus.com/infocus/1850

2. Windows rootkits of 2005, part two
This three-part article series looks at Windows rootkits indepth. Part two focuses on the latest cutting edge rootkit technologies that are used to hide malicious code from security scanners.
By: James Butler, Sherri Sparks 2005-11-17
http://www.securityfocus.com/infocus/1851

3. Windows rootkits of 2005, part three
The third and final article in this series explores five different rootkit detection techniques used to discover Windows rootkit deployments. Additionally, nine different tools designed for administrators are discussed.
By: James Butler, Sherri Sparks 2006-01-05
http://www.securityfocus.com/infocus/1854

Understand that rootkits are evolving. The above reading list will, however, give you a good start.
 
Used to get these all the time. I still do, occasionally. In my case, it was always a spoofed address. No rootkits/trojans, etc.
 
Medea - perused the articles you suggested, Have a better feel for what "could" be going on. Gonna try another rootkit finder/killer and see what happens.

In a couple of weeks I'm going with a C2D 6600 and Intel DP965LT board. I was hoping to make Sysprep work even though I'm switching out motherboard and CPU. Now I'm thinking it might be wise to start over again with formated drives and a fresh reinstall of winXP Pro.

Thanks a lot for pointing me to that rootkit info.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top