Spyware Problem

[clylbw]

Hi,

Recently I keep receiving messages in my email box which say I have sent out certain emails containing virus. Since I have never sent out those emails, I believe the username and the password of my email account have been obtained and abused by someone else, probably through some spyware.

The problem is, I do not know how they have managed to do so. I have installed several anti-spyware software. Moreover, I have changed my password and have since stopped typing in my password. However, my password is still being obtained by someone else despite all the effort.

Can you please tell me how to tackle this problem? Thank you.

 

[oatman]

It's more likely that your name is in the address book of someone who has been infected.
Can you check with your friends?

 

[Sharky]

Clylbw, if it's any concillation, I get this thing all the time - like oatman says it's very likely to be because your name was in the address book of a user that was infected. Unfortunately there's nothing we can do to prevent it as far as I know.

 

[jpwone]

Couple of things spring to mind.

Are the emails you are receiving telling you to stop sending out viruses from people whose address you have in your address book or contacts list?

If yes then you are probably infected and the virus is simply working its way through your address book trying to infect your contacts machines. Anti-spyware and good anti-virus protection will sort this out. You need both together, not one or the other. Try ad-aware (www.lavasoft.de) for spyware protection and Avast (www.avast.com) for a good free anti-virus program.

If no then it is probable that you are not infected but someone has used your email address in the 'From' field when sending out the infected emails. To find out if this is the case you really need a copy of one of the emails that has been sent (without the virus but with the headers). Analysis of the headers will show the path the email took to get to its destination. This is not conclusive as headers can be spoofed and there are anonymous remailers which allow the forwarding of email after stripping out the old headers or putting in new but false headers. The key thing here is that someone has probably picked your email address at random to use in the 'From' field. The simplest solution if this is the case is to change your email address as if it has been used in this way it will eventually be blacklisted on mail servers and you will have difficulty sending email.

HTH

 

[clylbw]

Many thanks to all of you indeed.

Maybe I have not expressed myself clearly. I am getting receipt messages from other email accounts. According to the messages, I have sent out virus-infected emails from my account to other accounts. However, I have never done so. Thus I suspect someone else have obtained my password and used my account to send out virus-infected emails in my name.

Do you think the measures you have suggested still apply under such circumstances?

Thanks indeed.

 

[oatman]

If your firewall is running OK it will alert you if something is trying to get in or out.
Make sure your definitions are up to date. Also have you got SpywareBlaster and SpywareGuard http://www.javacoolsoftware.com/downloads.html
Also WinPatrol http://www.winpatrol.com/winpatrol.html
These should alert you if something tries to enter or alter sensitive parts of your system.
Run Spybot and Ad-aware as well.
If you're worried, run some of the online anti spyware and AV scans as well.
Let us know........

also who is your IP and have you contacted them?

 

[clylbw]

Hi oatman,

Thanks indeed.

I have WinPatrol, Spybot and Ad-ware already, but this is still happening.

What puzzles me is, my password seems to have been leaked, but other sensitive information such as my credit card has not.

BTW, what does 'IP' refer to?

 

[oatman]

Internet Provider or Internet Service Provider
Did you run any online scans to make sure you're OK?
Are you running the latest version of Spybot? 1.3
http://www.safer-networking.org/index.php?page=download
It's got an addition called TeaTimer which does similar to WinPatrol by running real time.
I run them all without conflict. They're a pretty powerful bunch between them

 

[clylbw]

Hi oatman,

Yes I am pretty sure I am running the latest version of Spybot; TeaTimer is one of the startup programmes.

My ISP is Tiscali. Should I contact them about this? I am not sure they will care as my email account is at Yahoo!.

Thanks really.

 

[oatman]

Can't you set up a new email account as Sharky suggested?
Do Tiscali offer email?

looks like you get email in all their packages
http://www.tiscali.co.uk/products/?code=ZZ-NL-11EE

 

[clylbw]

If possible, I would prefer to keep my current email account. But I will try a new account. Thanks for the advice.

 

[MartinD]

This sounds like it is almost certainly someone else who has been infected with a virus.

I receive the same sort of notifications that you have been getting.

Basically, someone out there who has your email address, one of your friends, contacts or business associates, or anyone you have ever had contact with via email will have your email address on their system. One of these people has caught a virus. Modern viruses will go through the hard drive looking for contact lists, inbox/outbox, text files and even internet explorer caches to find email addresses to harvest.

The virus then randomly selects one of these email adresses (yours in this case) and uses it as the fake "sender" and sends itself along with a message to every email address it harvested.

so someone out there, who has your email address has caught a virus and they are unknowingly sending emails out to any number of people in their contact lists that will appear to have come from you.

Naturally, some of the recipients virus filters will pick up these emails and return them due to the virus infection, unfortunately, because the virus hides itself by appearing to have come from you (who doesnt have a virus, and never actually sent the original email) while the original sender who DOES have the virus will not get to know he has one. Thats why the virus does the fake header, to prolong its own life.

So, if you have checked and you dont have a virus, I wouldnt worry about it. Someone else has the virus and is sending emails from their system that look like they came from you, theres nothing you can do about it.

Changing your email wont help either, because you have to let your contacts know your new email address, and its one of them who has the virus.

 

[oatman]

Try Mailwasher and delete them on the server :cheesy:
http://www.snapfiles.com/get/mailwasher.html

 

[clylbw]

Hi Martin,

Thank you really.

So, if I am sure I have done all I can by using anti-spyware and not typing in password, can I assume that my password has not been leaked?

What really concerns me is the safety of my account, and that somebody is always able to obtain my password no matter what measures I undertake. I will be very relieved if that is not the case.

 

[clylbw]

Thanks indeed, oatman.

 

[oatman]

If you've run the scans and had all the anti stuff running, I would think you're clean. Just run the scans regularly and keep updated.

 

[ilia king]

Clylbw, I am rather sure that your password has not been leaked and that no-one has been in your account but instead some virus is being duplicated and sent to others and the 'from' field has your email address, so you are getting automatic responses from the servers.

 

[clylbw]

Thanks really.

 

[rossored]

Just seen this or I'd have replied sooner.

I get about a dozen (or more) of these bloody messages a day. Mailwasher deals with them all - bounce 'em back off the server before they get to the mailbox! Damned effective.

If your email address has ever been posted on a website, or you've ever sent your email address to anyone with a virus infected machine, I'm afraid its more than likely that you can expect a torrent of these damned things at one point or another. Its got nothing to do with passwords being stolen or anything like that - its just what the net has developed into.

Like Oatman, I've got AdAware, Spybot 1.3, Avast AntiVirus and Sygate Firewall installed. The Sygate installation actually runs over the top of the standard WinXP firewall (which is effective on inbound attack attempts, but useless on outbound program requests) and I run all these concurrently with no problems at all.

Clylbw, dont worry about it mate. The Matrix has us all unfortunately.

 

[clylbw]

Thanks indeed, rossored.

I have tried to install Mailwasher, but have encountered a problem as I cannot find the POP3 server address of my email account at Yahoo. I wonder how I can find it out?