Been blocked for SPAM - (need help)

Malware detection, cleaning and prevention
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Been blocked for SPAM - (need help)

Post by CoreyPlover » Mon Oct 27, 2008 10:27 pm

wolfhunter2 wrote:Also you say NORTON is bad, but exetel recommend using AVG to detect after the SPAM problem, i would surely assume that NORTON is better in that sense??! ;)
I second Zedy's advise: Norton is a terrible product to install and, in general, actually causes more problems than it prevents. It uses high amount of system resources doing unnecessary operations.

wolfhunter: The issue is that Norton is a firewall and virus scanner in one. The problem is that software firewalls are useless if you are already using a modem / router which has a firewall in built. Plus there is already Windows' firewall. So Norton's firewall is the third firewall in a chain of firewalls, hence redundant. Lightweight virus/spam scanners without built-in firewalls (like AVG anti-virus) are much better because they perform operations that the modem and operating system don't or can't perform.

However, root-kits are much more difficult to find. I still think that some anti-virus programs (AVG, Avast, etc) should be able to ferret them out. Sophos is another free anti-rootkit detection program that might be helpful but there are many similar products out there. Check http://www.antirootkit.com/software/index.htm for a good list of them. It would probably make more sense to concentrate of software detection to find the cause / root-kit rather than requesting the spam report. These reports won't provide much additional information to locate the cause but they often provide confirmation that your spam block is not a false-positive.

austdata
Posts: 629
Joined: Wed Apr 25, 2007 12:38 am
Location: Melbourne

Re: Been blocked for SPAM - (need help)

Post by austdata » Mon Oct 27, 2008 10:51 pm

The AVG v8 Internet Security 3-Pack (Paid Licence) has an Anti-Root-Kit module. Don't know if it's available on any other version or not. It has one small program that uses far to many resources but that stops running fairly soon after starting and only runs a few times each day. It is avgnsx.exe and has used 27 mins, 40 secs since the computer was last rebooted, 4 days and 29 minutes ago.

Annoyingly it has to be run manually.

Last time I had Norton's on a computer was my new laptop about four weeks ago. Apart from using so many resources it should have been the only thing running, it's very difficult to get off the machine and others have reported problems when the trial period is over. (Lost access to e-mail is one I remember and there are others).

Cheers,

Mike
The views I present here are not necessarily those from my brain.
Exetel's support number outside Sydney: 1300 788 141 NOTE: I do not work for Exetel.

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Wed Oct 29, 2008 12:57 pm

I am still trying to pinpoint which computer needs the reformatting after picking up little by using rootkit detections softwares,
So does anyone know how long it takes for the block to be implemented?
I'm asking how long it takes after a complaint for spam for the user to be blocked?
(only asking to find out which computer it was)

Thanks

SysAdmin

Re: Been blocked for SPAM - (need help)

Post by SysAdmin » Wed Oct 29, 2008 12:59 pm

wolfhunter2 wrote:I am still trying to pinpoint which computer needs the reformatting after picking up little by using rootkit detections softwares,
So does anyone know how long it takes for the block to be implemented?
I'm asking how long it takes after a complaint for spam for the user to be blocked?
(only asking to find out which computer it was)
A few seconds. :)

Andrew

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Wed Oct 29, 2008 1:56 pm

You could use a gateway in your network that can quickly detect and shut offenders. If it is not an ordinary Linux box, perhaps there is value for your company in this ready-made setup - http://www.untangle.com/. There is a review here http://www.enterprisenetworkingplanet.c ... hp/3720661

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Wed Nov 12, 2008 5:56 pm

It's not a company, merely a home network with 5 computers on it.
Which does make it a little hard to pinpoint he problem.
And btw the exetel staff member who said a few seconds, is totally wrong.
Most of the time the internet is working fine, but slow at nights (as it is) and then in the mornings bam been spam blocked
The other thing that is happening like clockwork.
the first day its after being re-enabled it works fine, second day slow as hell, third day block
Going through this procedure again and again is really starting to get annoying.
and if u dont believe me, here:
Image
is that acceptable for an adsl 2 connection?

I really want some answers, how long does it take for the spam to be initiated, by that i mean the complaint, and cant i get any details on the complaint???!!!!

Gidget
Volunteer Site Admin
Posts: 1813
Joined: Wed Jan 28, 2004 4:33 am
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Gidget » Wed Nov 12, 2008 6:10 pm

The reason your internet goes slow is precisely because you have at least one compromised computer which is hammering your connection.

The reason that you keep getting blocked is because you haven't yet found the source of the problem.

You can't keep getting the service re-enabled without getting rid of the infection. You need to take all 5 computers off-line until you can clean them up (chances are they are all infected by now). If you don't know how to search for and destroy the infection then you will have to get a knowledgeable friend to help you, pay a professional to do it, or format the computers and start again.

Gidget
Log a fault ticket here
or call Exetel VOIP numbers (02) 8030 1000 or 1300 788 141 (log faults 24x7)
Exetel Support Portal

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Wed Nov 12, 2008 8:41 pm

Gidget wrote:The reason your internet goes slow is precisely because you have at least one compromised computer which is hammering your connection.

The reason that you keep getting blocked is because you haven't yet found the source of the problem.

You can't keep getting the service re-enabled without getting rid of the infection. You need to take all 5 computers off-line until you can clean them up (chances are they are all infected by now). If you don't know how to search for and destroy the infection then you will have to get a knowledgeable friend to help you, pay a professional to do it, or format the computers and start again.

Gidget
The problem is every time i get blocked, i scan all computers and nothing comes up,
taking your suggestion of using AVG, i have also tried avg and again nothing is comming up
I have tried numerous anti-rootkit software without any affect.
I've reformatted 2 and only have one left that might actually be the infected one (only problem is that one is too important to reformat). (don't really use the other 2)

And btw i can definatly see that you are not doing anything to help.
The best advice that you and your colleges could provide is "reformat computers".

"If you don't know how to search for and destroy the infection " and you are suggesting that you do?
so why don't you say something???
Ill even list the softwares that i have tried to date for you:
Norton AV, AVG AV, UnHackme, AVG rootkit removal, spybot, adware 2008, sophos anti-spyware 2
any other suggestions???????

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Dazzled » Wed Nov 12, 2008 10:01 pm

It's no wonder you are so frustrated, but if you wish to run something online as readily compromised as Windows, you should keep a clean image (Ghost, Acronis, Partimage etc) for just this purpose. However, that little sermon is no help now, as the main problem is to identify the offending machine. If you haven't a high-level router which can individually segregate and log the traffic, and you won't set up a Linux gateway (only needs a slow machine with 2 NICs), why don't you just put all the machines offline at night, that is unplug them, and let them back one at a time when you are able to observe their activity. When Exetel pings you, you will at least know which box it is you have to reinstall. Does the spam get sent at any time, or only at night?

I am sorry that the malware advice given has been so general, but when the anti-malware packages fail, there is not much specific to say without seriously examining your machines - the coders of this stuff know what they are doing. Have you tried Hijack This to check the registry?

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Been blocked for SPAM - (need help)

Post by CoreyPlover » Wed Nov 12, 2008 10:10 pm

wolfhunter2 wrote:And btw i can definatly see that you are not doing anything to help.
so why don't you say something???
It is your responsibility (and no one else's) to ensure your computers are not sending spam. Let me see if I understand you: You are saying that the volunteers in this forum are not trying hard enough to fix your problem for you?

My advise for you is to simplify things. The best way of diagnose an issue like this is to isolate your computers completely and reintroduce them one at a time (although by the sound of it, you have to isolate them for about 2-3 days at a time so you may wish to do them in pairs or something). Alternatively, ring a few computer stores and ask them if they have the technical know-how to place your computers on their networks and monitor the outgoing traffic for you to identify the culprit.

wolfhunter2
Posts: 20
Joined: Wed May 10, 2006 8:34 am

Re: Been blocked for SPAM - (need help)

Post by wolfhunter2 » Wed Nov 12, 2008 10:29 pm

Dazzled wrote: When Exetel pings you, you will at least know which box it is you have to reinstall. Does the spam get sent at any time, or only at night?
I've got this feeling that it is only being sent at night, 90 % of the time the internet is blocked in the morning, as apposed to in the middle of the day.
Dazzled wrote:I am sorry that the malware advice given has been so general, but when the anti-malware packages fail, there is not much specific to say without seriously examining your machines - the coders of this stuff know what they are doing. Have you tried Hijack This to check the registry?
Yes, nothing suspicious comes up.
I'm sorry about my negative attitude, its just it's quite frustrating when you really need the internet to do critically pending work and its either so slow or blocked.
thanks.

Gidget
Volunteer Site Admin
Posts: 1813
Joined: Wed Jan 28, 2004 4:33 am
Location: Sydney

Re: Been blocked for SPAM - (need help)

Post by Gidget » Wed Nov 12, 2008 10:40 pm

wolfhunter2 wrote:And btw i can definatly see that you are not doing anything to help.
The best advice that you and your colleges could provide is "reformat computers".

"If you don't know how to search for and destroy the infection " and you are suggesting that you do?
so why don't you say something???
I am not trying to be judgemental or unhelpful. I know that you have tried heaps of things to get rid of the infection but, clearly, it isn't working. Without being mean, it is time to admit that you are out of your depth. It is very hard to find infections and get rid of them if you don't have the right skills and experience to know how to go about it. Volunteers giving you advice here can only do so much and the advice we offer can only be general - we can't see the activity on your machines etc etc.

The point you are at is getting someone to physically help you in the presence of the machines (friend, computer shop) or reformatting the machines. You might not like the advice, but please don't shoot the messengers, and don't blame everyone else (including Exetel) for the position you have found yourself in.

Gidget
Log a fault ticket here
or call Exetel VOIP numbers (02) 8030 1000 or 1300 788 141 (log faults 24x7)
Exetel Support Portal

dbr
Posts: 493
Joined: Fri Feb 08, 2008 2:33 pm
Location: Sale VIC

Re: Been blocked for SPAM - (need help)

Post by dbr » Thu Nov 13, 2008 9:05 am

http://www.saferoz.com.au
First Aid * Fire * Safety

Orkon
Posts: 81
Joined: Sat Sep 29, 2007 12:38 pm
Location: Sydney, Australia

Re: Been blocked for SPAM - (need help)

Post by Orkon » Fri Nov 21, 2008 9:39 am

I had similar issues on a pc (thread is sitting in this forum still).

I had success with Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam.php)

Version 1.30 is there. You can install and use free of cost (but realtime protection requires $$).

But installing and running the tests normally might just find the root kit which it sounds like you have.

Scott

Post Reply