I think I have a bot in my pc :s Just don't know how to kill it!

By Jose_49
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

Jose_49

Posted
Posted

Guys, since yesterday (13 hours ago) I noticed my email to flood by "Delivery Status Failure" from emails I supposedly sent (Hotmail). The bad part of this is that I DID NOT SEND ANY of those messages. I even checked the 'Sent' status at the Hotmail page but it doesn't show up any of the sent emails.

I've already sent scanning my PC with MS Essentials and nothing has shown up.

The problem seems to be with Outlook because when I run it, email start to flood my inbox about a failure delivery.

What should I do? :s

Grand Master

Scorbing

Posted
Posted

Guys, since yesterday (13 hours ago) I noticed my email to flood by "Delivery Status Failure" from emails I supposedly sent (Hotmail). The bad part of this is that I DID NOT SEND ANY of those messages. I even checked the 'Sent' status at the Hotmail page but it doesn't show up any of the sent emails.

I've already sent scanning my PC with MS Essentials and nothing has shown up.

The problem seems to be with Outlook because when I run it, email start to flood my inbox about a failure delivery.

What should I do? :s

Download this. Install it, update it and then scan your computer, Use FULL scan.

www.malwarebytes.org

Grand Master

Jose_49

Posted
  • Author
Posted

Change your password would be a good start, does it happen with other email programs like Windows live mail ?

Maybe its an Outlook issue ?

Anything stuck in the outbox ?

Nothing stuck in the outbox, and from the 3 accounts I have in Outlook, there's just one which is sending the mass email. I have the messenger program running and nothing fishy pops up.

I'll try with malwarebytes as Scorbing suggested.

Grand Master

Detection

Posted
Posted

Nothing stuck in the outbox, and from the 3 accounts I have in Outlook, there's just one which is sending the mass email. I have the messenger program running and nothing fishy pops up.

I'll try with malwarebytes as Scorbing suggested.

Check the server side too, ie hotmail.com

I definitely recommend changing your password though

Grand Master

Detection

Posted
Posted

I'll be doing that now. It's better to prevent than to be sorry later.

Yep, this is exactly why we were asking the hotmail team to add 2 step verification to hotmail email accounts then the worst you would have got was an sms requesting a log in code (If this is what has happened)

Grand Master

Jose_49

Posted
  • Author
Posted

I've checked again, and seems is Outlook that has the problem. All of my emails are sending the delivery notification failure. F*ck. I want to know how did I get it, because I never visit strange websites nor open strange or ****ty emails. Maybe outlook downloaded it without concern and infected the system.

Grand Master

c3ntury

Posted
Posted

Maybe outlook downloaded it without concern and infected the system.

It doesn't work like that.

I'd change your email password, personally, swap to Gmail (you can still have the same addresses and have your mail forwarded, use it with outlook etc), do a full virus scan.

What anti-virus do you use?

Grand Master

Jose_49

Posted
  • Author
Posted

It doesn't work like that.

I'd change your email password, personally, swap to Gmail (you can still have the same addresses and have your mail forwarded, use it with outlook etc), do a full virus scan.

What anti-virus do you use?

I have MSE installed. I used to have Kaspersky but let my subscription fade away.

Proficient

matt4pack

Posted
Posted

Could just be someone spoofing your address from somewhere else so you end up getting all the undeliverables or logging into your account remotely. I don't know if hotmail allows you to see IP addresses that have accessed your account but I would check that if they do.

When you logon to hotmail through a browser do the failures still show up or is it only happening when outlook is open?

Grand Master

Jose_49

Posted
  • Author
Posted

When you logon to hotmail through a browser do the failures still show up or is it only happening when outlook is open?

It only happens when I have outlook opened. But when I browse the email I do have recorded the failure delivery messages. (But can't see the sent ones)

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

^ exactly.

Outlook seems to just be downloading your bounces.

You rarely see spam sent from a legit address ;) Its always someone else so all the bounces don't clog up the sending server..

Its childs play to send an email saying it came from address Y. If I send out a million random spam messages to all kinds of bogus email addresses, lots of them will get kicked back to what the return address says it is.

So I am spamming how to enlarge your penis and send to [email protected] and say it came from your address at Y, be it sent from that server or not. So somedomain.com says hey we don't have a lsjfdsf mailbox.. Lets make sure that Y knows that -- and sends it back to Y.. These now fill up your mailbox.. Nothing to do with infection, nothing to do with your mailbox being hacked, etc. Look at the kickbacks -- does it say it was sent from your server? Or somewhere in china or Ukraine, etc.. etc..

Grand Master

Jose_49

Posted
  • Author
Posted

^ exactly.

Outlook seems to just be downloading your bounces.

You rarely see spam sent from a legit address ;) Its always someone else so all the bounces don't clog up the sending server..

Its childs play to send an email saying it came from address Y. If I send out a million random spam messages to all kinds of bogus email addresses, lots of them will get kicked back to what the return address says it is.

So I am spamming how to enlarge your penis and send to [email protected] and say it came from your address at Y, be it sent from that server or not. So somedomain.com says hey we don't have a lsjfdsf mailbox.. Lets make sure that Y knows that -- and sends it back to Y.. These now fill up your mailbox.. Nothing to do with infection, nothing to do with your mailbox being hacked, etc. Look at the kickbacks -- does it say it was sent from your server? Or somewhere in china or Ukraine, etc.. etc..

I don't think that's the case :s. I'm actually getting emails sent from my email address.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Post the headers of one of these emails or a kickback and we can tell you where it came from exactly! Until you post some details there is no way to know if being sent from your machine or not.

But I can tell you one thing for SURE!! I have not seen a virus/bot/anything that actually uses the local email address when sending anything in years and years and years - its TOO easy to track.. They pull an address from your contacts to use, or make up ****.. They don't actually use your email address when sending. Because that kind of points to the infected box now doesn't it!

Grand Master

Rippleman

Posted
Posted

first things first, instead of going on and on and on about this, start at the easiest thing to do and work backwards. You should have already done this but guessing you havent yet.

STEP 1: download and install malwarebytes, update the definitions, and run a full scan.

step 2 will depend on the out come of step 1. So do step 1 and tell us if it found anything.

Grand Master

Jose_49

Posted
  • Author
Posted

I already did a full scan and did found something in the recycle bin. Deleted and afterwards I had no problems (until now) with the Outlook.

@BudMan:

Here's what had in the body of the email:

(DO NOT CLICK IS SPAM!!!)

http://josephdupnik....fg.htm&dfh=rhcj

And the Subject was left in blank, plus it had my email name on it. Yes, it also came from my email address. Even my uncle asked me what the hell did I send.

BTW: Thanks a lot for the help! :p Malwarebytes did a great job!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.