I have a terrible problem!

Discussion in 'other security issues & news' started by Rita, Dec 31, 2004.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    I had been receiving emails from mailer dameon about emails i supposedly sent that couldnt be delievered,which I never sent in the first place.I looked in my sent emails and there were probaly 200 emails there I had supposedly sent.They were porn emails sent to people i'd never heard of.I have never sent that many emails in 3 years!But there in my sent folder like I sent them and they have been sent--but not by me.What should i do.I'm in a panic :'( someone is using my email address somehow.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi rita,

    It sounds like you are infected with either a worm or a trojan. What AV and/or AT do you use?
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is this the sent folder in your e-mail client on your system or a web based account?

    If it is the client on your system, you may want to deny it access to the Internet until you figure out what is going on.

    Regards,

    CrazyM
     
  4. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    I have Panda platium and ewido and both are updated regularly
     
  5. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    It's my email account on aol
     
  6. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    I contacted aol about this and changed my password and I am going to contact there fraud dept.That was their suggestion.
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi rita,

    Here is what I would suggest.

    First be sure your AV and AT are up to date.

    Then download McAfee AVERT Stinger as you will need it in a later step.

    Then reboot into safe mode.

    In the following scans, please make note of whatever if found and what actions are taken.

    Run Stinger and then click the Scan Now button to begin scanning the specified drives/directories. You want to scan your entire C: drive. Let it fix whatever it finds.

    Then run your AV and after it finishes, run your AT and let them fix whatever is found.

    Reboot and then post back your findings.

    You may also need to clean out your system restore depending on what is found.

    Regards,
    Kent
     
  8. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks Kent
    I will do that now!I will post back with results
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Rita :) i dont want to get in Puff and CrazyM's way, but, if it were me i'd run as much as possible just to be on the safe side. there's the avast cleaner and the MicroWorld Anti Virus Toolkit.

    http://www.avast.com/eng/down_cleaner.html

    the MicroWorld Anti Virus Toolkit, below, is a very good scanner, i dont think it will remove anything like it did in the past, but it will let you know what it finds

    http://www.mwti.net/download/tools/mwav.exe

    i hope Puff and CrazyM dont mind me posting these links :doubt:
    Good Luck :)
     
  10. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Kent
    First i made sure all apps.were up to date--I was sure they were but checked and they were.I then downloaded stinger.Then I rebooted in safe mode,ran stinger,it found nothing.Then I ran my av--nothing found.I ran ewido also nothing found.system seems to be clean.
     
  11. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks Iceni
    I ran avast cleaner also--nothing found.thanks for link
     
  12. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    OK... Back to the question CrazyM asked.... When you access your e-mail do you use a mail client on your system and the sent folder is on your system? Or do you use a web based e-mail account where your e-mail are stored on a server?
     
  13. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    An Overview for you..and you did the right thing by contacting AOL and also changing your password.


    AOL phishing email - "Checking Account Payment Notification"


    http://www.fraudwatchinternational.com/fraud_alerts/040605_468_aol.htm


    and


    How do Spammers make money?

    Its tough, but spam does pay if you keep at it long enough

    Spammers are paid for selling known email address lists

    Downloading images in email can tell spammers that you exist

    Performing “Rumplestiltskin” attacks tell spammers who the real users are

    Most spam is used to deliver other attack vectors, such as phishing scams, viruses, trojans, etc, but there is still some money to be made for selling products or services

    Spammers sell lists of email addresses to other spammers

    Spammers sell lists of open email proxies and compromised spam/virus
    infected proxies


    Personal Information Theft

    Most worms over the past year have opened backdoors to allow attackers to harvest personal information from users by installation of keyloggers and trojans

    Most attackers want serial numbers for games

    Stealing credentials for online banking, Porn Sites, AOL account info, job search info, Search Engine Queries and web based email such as hotmail and yahoo

    Steals credit card numbers by recording input into online purchase forms

    http://64.233.161.104/search?q=cach...il account porn&hl=en&ie=UTF-8&client=googlet
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I wish not to take this too far off topic....but there are many that will simply disagree with that perspective. Your right....this is not a competition....but....from someone who has been assisting for quite a few years....I can state unequivically that once a few qualified posters have showed up....it is best to become a spectator(something I have been on numerous occasions) and let those few throw suggestions at the user....not a whole army.

    Also for the record....so there's no mis-understanding my above comments....all who have posted so far are qualified....IMHO.
     
  15. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    they are stored on a server.
     
  16. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks for the info,whoever sent these emails were trying to sell something,I'm sure although i didnt click on the link in the emails--was afraid to
     
  17. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi rita,

    It looks like you have done all you can do. I am glad your system is clean. There is one other possibility and that is someome that you have e-mailed has stored your address in their address book and they are infected. But you have done all the right things. You have verified your system is clean and have changed your password after notifying the correct authorities. Since you use a web based e-mail service, it was doubtful you were infected, but it was best to be sure anyways....
     
  18. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    I trust you followed best practice for a good/tough new password ;)
    Just monitor the account closely for the next while and follow up with their suggestion.

    Regards,

    CrazyM
     
  19. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks for all your help Kent,I sure appreciate it!
     
  20. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    thank you CrazyM
    I will monitor it very closely for sure now.
     
  21. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Sure it helps those in need and Perhaps it would help if you re-read my post. I simply fed off your comment...."And the More ppl who can provide Positive +"....which implies to me a bunch of folks.

    After a few members show up to assist it is best....IMHO....if others become spectators....which then helps "those in Genuine Need"

    You and I simply have a difference of opinion and I erred by not making my opinion known to you via an IM....so as not to take the discussion off topic.
     
  22. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Spanner, you are over reacting on the comments above, and as a consequence this thread keeps going further and further off topic which is not helping the original poster.

    Bubba's comment simply goes back to the old saying that "Too many cooks spoil the broth." That's all. And it is true. Yes, while all good advice is welcomed, when too many people start giving advice at the same time it can get messy and confusing. That's all this meant. I also am not saying that happened in this thread, but now this has turned into an off topic debate of who, what, where and how many can post replies...

    People - there is no need to make so big a debate over this, so let's just leave it.
     
  23. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As I said earlier....and this will be my final reply in this thread....I should have shared my opinion to you via an IM.

    As for the above quote....you are intitled to your opinion....but factually it's way off from reality IMHO....and it was never my purpose to put a number on how many is too many and it's also silly to imply Wilders would have a cut off. Also....my post above was not as a Mod but as Member that has always had the user in mind when attempting to help and the one way I help sometimes is to be a spectator when a few qualified posters have showed up....nothing more nothing less.

    Other than that,
    Happy New Year Spanner
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Ritaann, you have done the right thing by confirming that your system is clean and now monitoring the situation. The following is part of a document that we send to customers when they purchase Anti-virus software and we have secured their computer.


    Safe Practices / Viruses / Hoaxes etc


    1. Viruses and Anti-virus Programs

    Update your Anti-virus program. As it can only protect you from what it knows about. New viruses are written, distributed and found daily, it is very important for you to update and check that your Anti-virus program is being updated regularly. We advise that at least once a day you check and know for sure that it is actually up-to-date, just to be sure, it is a man-made program and one day it will fail, you DO NOT want to find out there was a problem with updating 3 months ago. This is just an additional security step to make it that little bit safer.

    Use your Anti-virus program to scan EVERY new file that you download from the internet, or that you place into your computer by disk or other means. Make a routine WEEKLY scan of your computer.

    NO ANTI-VIRUS PROGRAM IS PERFECT, nor can it compensate for: UNSAFE SOFTWARE PRACTICES.

    No anti-virus program will ever detect all viruses all the time; viruses are being written and distributed daily.

    PRACTICE SAFE COMPUTING; be cautious when opening files. DO NOT OPEN obvious file extensions typically used by viruses and sent by email to you, such as .pif .scr .bat

    Have you ever heard or said, “I only ever open attachments from people I know”, well this is one of the best ways to receive a virus, the infected email more than likely has NOT been sent by your friend, their email address has been harvested by a virus and the virus is sending emails as though it is coming from your friend.

    Never open software from "warez" sites or “peer-to-peer” programs like Kazaa until they have been scanned with a fully up-to-date Anti-virus program.

    Pay attention to files with multiple extensions. Generally, the last extension is the relevant one. For example, a file named song.mp3.exe is an executable program (.exe) and not an MP3 file.

    Note, however, that if you are using Outlook Express and see a file with three extensions, Outlook Express may consider the second extension to be relevant, so that a file named song.mp3.exe.jpg is an executable program (.exe), it is neither an MP3 file nor a JPG file.



    2. Did you send a Virus?

    If you get an email returned (bounced back) saying that “your email was undeliverable”, and you didn't send it, and more than likely you have never heard of the person, don't worry about it, you did NOT send it.

    Usually what happens is a virus on an infected computer sends emails, from email addresses found on that computer. The addresses come from such things as “Forwards”, where people don’t remove the previous email address(s), this can be seen when an email arrives and you can see who the email has come from and/or who it is going to, usually a very big list of people. The virus on the infected computer then picks one email address to be the fake sender, and sends copies of itself (the virus) to other email addresses found on the same infected computer, as though it was coming from you.

    Understand this VERY CLEARLY; You have NOT sent the infected email, a virus on an infected computer has harvested and used your email address as the sending address, to forward infected emails.

    The virus or Trojan didn't use the real email address of the computer's owner because any undeliverable email that bounced directly back to that computer would tip the owner that they had a problem.

    Again, to be clear, it is extremely unlikely your computer has sent the email, so long as you have followed and maintained good sensible and safe security practices.



    3. Hoaxes

    Don’t pay attention to virus warnings unless you subscribe to an anti-virus companies newsletter and know for sure that the warning is authentic, and please do NOT forward the “so called warnings”.

    Most so called virus warnings are HOAXES and usually try to have you action something where part or ALL of your operating system is disabled. The other reason they are sent is to see how fast they can spread panic around the globe, don’t partake in these “Chicken Little” instances, THE SKY IS NOT FALLING.



    4. Privacy

    Never use the "Unsubscribe" feature of spam emails

    Never reply to spam mails, in doing so you confirm the validity of your email address and the spammer can keep on sending you unsolicited commercial email (spam), which you don't want.

    The proper way to deal with spam is to delete it.

    Never select the option available on web browsers for storing or retaining user name and password.

    Never disclose personal, financial, or credit card information to little-known or suspect web sites.

    Never use a computer or a device that cannot be fully trusted.

    Never use public or Internet café computers to access online financial services accounts or perform financial transactions.



    Hope this helps...

    Cheers :D
     
    Last edited: Jan 1, 2005
  25. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Blackspear
    Thank you for all the helpful info.aol thinks someone,somehow fraudntly used my email address to send spam emails-there were about 250 sent from my email address that i didnt send!I changed my password and reported it to aol's fraud dept.So far no more have been sent.I am watching closely now.thank you for your post!
     
Loading...
Thread Status:
Not open for further replies.