[fishfingers]

Hi
Our home email address is sending out spam. One of our email addresses is like (name)@(our domain).freeserve.co.uk . We know spam is being sent out because we are getting emails saying messsage unable to be delivered, and the original sender was something like [email protected](our domain).freeserve.co.uk or [email protected](our domain).freeserve.co.uk . We are using Outlook Express 6 (or 6.00.2900.2180), and we can log into email on the internet using Orange's website.

Another problem (could be related) is that we cannot send email unless ZoneAlarm is disabled. Although this is probably not related.

Has anyone got any similar experiences, or any ideas on how to stop this. It would be much appreciated. If more info about our computer is needed I can provide it.

Thanks
Dave

 

[1002richards]

hi,
I think you need to post a Hijackthis log and let a qualified member (gold shield) take you through what to do.
Using Hijackthis with the self-installer that puts it into Program Files for the poster:

go to Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
  
• Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Paste the log in your next reply.
  
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Wait for a qualified member to take you onwards from here.

Richard

 

[fishfingers]

Thanks, have posted the HJT log in the security forum - http://forums.techguy.org/security/534376-hjt-log-home-email-sending.html

 

[JohnWill]

Actually, you probably aren't sending any SPAM. This is a very common issue, I get them all the time, and I can assure you I'm certain they don't come from me. I get tons of reject messages, most go automatically into my junk mail. The SPAMMERS spoof the return address to keep the SPAM filters guessing.

 

[fishfingers]

Hi, thanks for that, here's an example message:

From: "Espion Interceptor" <[email protected]> Save Addresses
To: [email protected](our domain).freeserve.co.uk
Date: Jan 09 2007, 09:19 PM
Subject: *** SPAM *** Undeliverable mail Show full header
Attachment(s): Delivery error ... (378 b); Undelivered-mes... (805 b);

Return-Path: <>

Received: from mwinf3304.me.freeserve.com (mwinf3304.me.freeserve.com)
by mwinb3301 (SMTP Server) with LMTP; Tue, 09 Jan 2007 22:19:57 +0100

X-Sieve: Server Sieve 2.2

Envelope-to: [email protected](our domain).freeserve.co.uk

Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf3304.me.freeserve.com (SMTP Server) with ESMTP id 24E941C000BB
for <[email protected](our domain).freeserve.co.uk>; Tue, 9 Jan 2007 22:19:57 +0100 (CET)

Received: from ei.lourdesrmc.com (ei.lourdesrmc.com [208.63.104.10])
by mwinf3304.me.freeserve.com (SMTP Server) with ESMTP id DA8841C000A5
for <[email protected](our domain).freeserve.co.uk>; Tue, 9 Jan 2007 22:19:56 +0100 (CET)

X-ME-UUID: [email protected]

Received: from localhost (localhost [127.0.0.1])
by ei.lourdesrmc.com (Postfix) with ESMTP id 5A677DF03E
for <[email protected](our domain).freeserve.co.uk>; Tue, 9 Jan 2007 15:19:50 -0600 (CST)

MIME-Version: 1.0

Subject: *** SPAM *** Undeliverable mail

Message-Id: <[email protected]>

Content-Type: multipart/report; report-type=delivery-status;
boundary="----------=_1168377590-86958-1"

From: Espion Interceptor <[email protected]>

To: <[email protected](our domain).freeserve.co.uk>

Date: Tue, 9 Jan 2007 15:19:50 -0600 (CST)

X-me-spamlevel: med

X-me-spamrating: 95.280693

This nondelivery report was generated by the Espion Interceptor
at host ei.lourdesrmc.com. Our internal reference code for your message
is 86958-01/3NdD37spycK2.

Return-Path: <[email protected](our domain).freeserve.co.uk>
Your message <[email protected](our domain).freeserve.co.uk>
could not be delivered to:
<[email protected]>:
550 Bounced, id=86958-01 - Invalid Address [email protected]

Ok I don't know why that is so long, I've put in bold the parts that I actually see when I read the email. I have put in (our domain) for the real address for security reasons. What do you think?
Thanks

 

[kiwiguy]

I agree with JohnWill here, the commonly used spammers (and virus) trick is to forge the return address, that way they do not see the bounces and it diverts attention from the real source.

The sooner we have the death penalty for spammers, the better.