Been blocked for SPAM - (need help)

Malware detection, cleaning and prevention
wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Been blocked for SPAM - (need help)

Post by wolfhunter2 » Sun Oct 26, 2008 10:00 am

After being blocked the first time, i was quite worried that a virus had actually infected one of my systems, after virus scanning all computers on my network - with NORTON AV i found absolutly NOTHING. Which got me a bit annoyed. Then i thought someone was hacking my wireless and therefore changed the WEP pw, and then aggreed to exetel's spam notice. Then i got blocked again two days after, and then again another two days after. I have virus scanned everytime, with no result and since I am using NORTON i would have hoped that it should have found the problem.

So anyways,
PLEASE HELP!!
:( :(

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Sun Oct 26, 2008 10:08 am

Despite what you have done with Norton, it is very likely you are still infected, possibly by a root kit, which can evade simple detection. You may have to completely reinstall your system or a backup from an earlier time. Do you periodically image your hard disk (eg, with Norton Ghost)? What Windows operating system are you using?

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Sun Oct 26, 2008 10:13 am

Dazzled wrote:Despite what you have done with Norton, it is very likely you are still infected, possibly by a root kit, which can evade simple detection. You may have to completely reinstall your system or a backup from an earlier time. Do you periodically image your hard disk (eg, with Norton Ghost)? What Windows operating system are you using?
Are you serious?
Is there NO porgram on the internet that can help eliminate rootkits?

dbr
Posts: 493
Joined: Fri Feb 08, 2008 2:33 pm
Location: Sale VIC

Re: Been blocked for SPAM - (need help)

Post by dbr » Sun Oct 26, 2008 10:37 am

An invaluable tool is here
http://www.saferoz.com.au
First Aid * Fire * Safety

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Sun Oct 26, 2008 11:06 am

I wouldn't jump to conclusions yet about root kits, though you certainly should try one of the tools linked to by dbr. There is a discussion of this class of malware here - http://en.wikipedia.org/wiki/Root_kit The whole point of this kind of malware is to evade detection, so the protection companies are always running a race against the authors of this garbage. Since you have Norton, could you use the included Ghost tool in future? A good image makes it trivial to clean up, should it happen again.

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Sun Oct 26, 2008 6:55 pm

I've also got this feeling that outlook is doing something funny, i.e the cause of the SPAM,
http://forums.techguy.org/malware-remov ... -spam.html
What this guy is talking about also happened to me, having recieved a delivery notification failure for an email i did not send.
So now i have stopped using outlook, in the hope that it fixes the problem of the spam blocks,

Is it not possible to recieve any information about the nature of the block, (without paying for a report) only so that it helps solve the problem, which is convenient not only to myself, but exetel as well?

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Sun Oct 26, 2008 7:37 pm

You can try blocking Outlook, but competent malware sends its own mail all by itself. You really will have to identify what processes are running, and what has been changed, in both files and registry. If Norton hasn't found it, it won't be easy. (Just look at the complex Hijack This report noted on your link).

Did any of the tools referred by dbr detect anything? Keeping Windows clean can be hard; cleaning it up can be extremely time-consuming without an image, particularly when you can't identify the villain, which is why I won't recommend WIndows online. You may yet be facing a complete reinstall.

You might, in the short term, try blocking the Exetel email server in your router, provided that is all the malware is using. Do you have a record of the addresses you have been contacting?

Zedy
Posts: 6
Joined: Tue Jun 10, 2008 6:08 pm
Location: Adelaide

Re: Been blocked for SPAM - (need help)

Post by Zedy » Mon Oct 27, 2008 5:27 am

I certainly wouldn't rely on Norton to detect or protect.

The only thing Norton is really good at is taking upto 30% of your system resources for itself.

I once received an email from a friend of my brother asking if I could take a look at his pc because it was playing up.

My antivirus detected 26 virii attached to that email and his antivirus (Norton) didn't detect a single one of them.

There are a few rootkit detection programs freely available from major anti virus companies.

Just Google for them.

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Mon Oct 27, 2008 7:51 am

Btw. if i actually paid the $25 for a report do they give the MAC address of the machine that the spam (from the virus) is being sent from?
Because if they do then i have no hesitation to just pay once and then reformat that machine, as i have around 5 machines on the network and none of them has been detected with viruses with Norton,
Also you say NORTON is bad, but exetel recommend using AVG to detect after the SPAM problem, i would surely assume that NORTON is better in that sense??! ;)

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Mon Oct 27, 2008 8:55 am

If you look at the actual header and text (turn off any html dressing-up) of any of the spam you have received you will not see anything except its last IP address. Exetel know that it came from your address - the computers in your network are hidden behind your router. The easiest way, in my opinion, to detect which machine is misbehaving, if you don't have a high-end modem/router, is to make the network pass through a gateway running Linux, which can block and record traffic, being safe against malware. All you need is a spare superannuated computer, a free lightweight bootable live CD and a little knowledge which you can find on the web. You could also block each of your computers in turn at your router until the trouble stops, though that might be hard to detect if Exetel has you blocked. Otherwise you will just have to check each Windows box out in turn, unless you have firewalls on them which can record all their activity.

austdata
Posts: 629
Joined: Wed Apr 25, 2007 12:38 am
Location: Melbourne

Re: Been blocked for SPAM - (need help)

Post by austdata » Mon Oct 27, 2008 1:30 pm

wolfhunter2 wrote:Are you serious?
Is there NO program on the internet that can help eliminate rootkits?
Yes there is. Remove Windows and install a Linux distribution, it is impervious to root kits. I would strongly recommend Kubuntu, it is also free and there are so many free programs available that all the MS applications can be replaced.

Cheers,

Mike
The views I present here are not necessarily those from my brain.
Exetel's support number outside Sydney: 1300 788 141 NOTE: I do not work for Exetel.

SysAdmin

Re: Been blocked for SPAM - (need help)

Post by SysAdmin » Mon Oct 27, 2008 1:33 pm

austdata wrote:Yes there is. Remove Windows and install a Linux distribution, it is impervious to root kits. I would strongly recommend Kubuntu, it is also free and there are so many free programs available that all the MS applications can be replaced.
Impervious is such a strong word. ;)

Andrew

austdata
Posts: 629
Joined: Wed Apr 25, 2007 12:38 am
Location: Melbourne

Re: Been blocked for SPAM - (need help)

Post by austdata » Mon Oct 27, 2008 1:39 pm

SysAdmin wrote:Impervious is such a strong word. ;)
G'day Andrew,
I'm rather hoping that root kits only exist for Windows. :mrgreen: Besides, most Linux installations only have one fatal short coming, the users. :lol:

Mind you, I still miss my VAXes and VMS very badly. :cry:

Cheers,

Mike
The views I present here are not necessarily those from my brain.
Exetel's support number outside Sydney: 1300 788 141 NOTE: I do not work for Exetel.

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Mon Oct 27, 2008 3:16 pm

Austdata, I am afraid that root kits were invented on Unix systems. But if you are not operating as root, you can't practically install one, hence the safety of most modern distros. Some of the lightweight live CDs, running in root, are theoretically susceptible, but it is hard to modify a CD.

SysAdmin

Re: Been blocked for SPAM - (need help)

Post by SysAdmin » Mon Oct 27, 2008 3:28 pm

Dazzled wrote:Austdata, I am afraid that root kits were invented on Unix systems. But if you are not operating as root, you can't practically install one, hence the safety of most modern distros. Some of the lightweight live CDs, running in root, are theoretically susceptible, but it is hard to modify a CD.
It should be noted that keeping a system upto date with security patches, etc helps make "But if you are not operating as root, you can't practically install one" more reality then fiction. :)

(yes, all OSes have security bugs, but some make them more disastrous then others)

Andrew

Post Reply