|
|
#1
September 7th, 2007, 12:43 PM
|
||||
|
||||
HKLM\SECURITY\Policy\Secrets|SAI*
Someone using this IP is sending e-mail out in my name:
80.12.242.139 canonical name smtp2a.orange.fr. aliases addresses 80.12.242.139 I used Rootkit Revealer and found the following Registry Key: HKLM\SECURITY\Policy\Secrets|SAI* How do I get rid of this? I don't know how I got it.   
__________________
The Hackmaster Hacking 101 |
|
#2
September 7th, 2007, 02:44 PM
|
||||
|
||||
Re: HKLM\SECURITY\Policy\Secrets|SAI*
Hi dlevere
 Read this please: http://forum.sysinternals.com/forum_posts.asp?TID=8882 This is not related to your email problem. Give us more details...
__________________
Claude LaFreničre |
|
#3
September 7th, 2007, 06:13 PM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
I received a bunch of E-mails that said Mail undelivered, returned to sender, and I know that I didn't send them out. I'll see if I can get one of the headers, I deleted most of them.
__________________
The Hackmaster Hacking 101 |
|
#4
September 8th, 2007, 10:36 AM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
dlevere;
I could be wrong on this, but seems to me that I read somewhere recently about getting "undeliverable" mail returned with something attached in hopes that users would just click/open them... which they'd have cause to regret. SG1 (Pat) |
|
#5
September 8th, 2007, 10:57 AM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
Also Orange.fr have blocked port 25 which many mail severs use.
A couple of posts about it here http://monaco.angloinfo.com/forum/to...topic_id=99439 http://monaco.angloinfo.com/forum/to...topic_id=99439 Of course this may not be your problem as you say you didn't sent the original emails |
|
#6
September 8th, 2007, 02:19 PM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
No, I don't open attachments, even from people that I know.
I only opened one of them, it had no attachment, and I deleted the rest, and blocked smtp2a.orange.fr
__________________
The Hackmaster Hacking 101 |
|
#7
September 8th, 2007, 02:57 PM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
Hi dlevere
May be your email address is known and used by spammers as phony email source. When spams reach some of their targets they are bounced to you. The same trick was used about 2 years ago with email from phony "Microsoft": these mail have malware attached and hide their real source by forging the headers with the real Microsoft address... Why don't send an email to your email provider about this? Just to protect your butts... If your email address is in the spammers list I guess the best solution is to cancel this address and create a new one. You may also create more than one email addr.: personnal: only know by people you know personnaly (e.g. familly members, well known friends) professionnal: only for job or business purpose "social" : other contacts... Example: 3 gmail account and centralised with an email client ... Some references: wikipedia: E-mail_spam
__________________
Claude LaFreničre |
|
#8
September 8th, 2007, 06:32 PM
|
||||
|
||||
|
Re: HKLM\SECURITY\Policy\Secrets|SAI*
Thanks, I'll take your advice and notify my E-mail provider.
__________________
The Hackmaster Hacking 101 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
