Internet Blocked, How?

[SteveDave]

I have received a message stating that my internet has been blocked because spam was being sent from my IP.

I have not activated any of my exetel emails, nor have i ever attempted to create one. How is it possible that my IP was sending spam emails? Is there another way?

I have been extremely happy with the service Exetel has provided, but this has come as a complete surprise. All the computers in the household run anti-virus checks everyday.

[jokiin]

I have received a message stating that my internet has been blocked because spam was being sent from my IP.

I have not activated any of my exetel emails, nor have i ever attempted to create one. How is it possible that my IP was sending spam emails? Is there another way?

I have been extremely happy with the service Exetel has provided, but this has come as a complete surprise. All the computers in the household run anti-virus checks everyday.

the message has nothing to do with Exetel based emails, it does mean that there is spam originating from your IP address and it may not have anything to do with any email account you own, more likely a trojan on one of your machines that is pumping out junk, in my experience (from machines I have had to clean for people that have had the spam block) the spam is generally spewing out at more than 100 messages a minute

if you notice any of the machines running a bit slower than usual might be an indicator of which one to look at first, don't rely on just your AV program though as none of them are foolproof, it's not unknown for some of these trojans to disable your AV also and have you thinking you're protected when you're not

also have a look at MalwareBytes http://www.malwarebytes.org/mbam.php download it, after installing do the updates then scan, you might be surprised what this can pickup that your AV has missed

if you still have trouble after this it could be a rootkit (you can Google for more on this) a lot harder to locate and get rid of though

[SteveDave]

Just an update on this. Exetel sent out one of them spam report emails, and in the email it actually pinpointed which one of my computers was sending the spam. So after booting in safe mode, and scanning with at least 4 anti-virus/malware programs, nothing came up, no threats detected at all.

And now recently, I've gotten an email from AOL which has the following...

*
Email Feedback Report for IP ----------------

To aolfbl@exetel.com.au
From: scomp@aol.net
Sent: Thursday, 12 August 2010 11:33:18 PM
To: aolfbl@exetel.com.au
Attachments, pictures and links in this message have been blocked for your safety. Show content | Always show content from this sender

This is an email abuse report for an email message with the message-id of 617016205.75709976098959@aol.com received from IP address ------------ on Thu, 12 Aug 2010 08:12:07 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/tools/fbl.html

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/guidelines/

If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/waters/fbl_change_form.html




--Forwarded Message Attachment--
Date: Thu, 12 Aug 2010 22:12:18 +1000
From: DEANELONDON@aol.com
To: redacted@cs.com
Subject: ACDSee Pro 2.5 $49.95








SPECIAL OFFERS - Adobe PACK - 1 - $149.95

http://78.131.152.140/~bestwin/egblwdq.html

I'm assuming the bottom forwarded email is the spam that is being sent.

I don't know what to do anymore, any help?

[Dazzled]

Anyone who runs Windows and goes online is a target for this sort of thing. If it comes to the worst you will have to repartition and reinstall everything, but before it comes to that, scan for everything, including rootkits, which can get under the Windows system and be nearly undetectable. It is quite possible for one of these to install a zombie mail server that spews out spam.

The top scanner varies from time to time, but at the moment Malwarebytes http://www.malwarebytes.org/ has many supporters.

Another user who was in a similar mess recently and got clean is covered at viewtopic.php?f=284&t=36543 Note that erasing disk files isn't necessarily enough.

When you do get it clean, image the system, rather than backing up files, to save a lot of time if it happens again.

[Franpa]

Try Trend Micro Internet Security, see what it detects.

[CoreyPlover]

Try Trend Micro Internet Security, see what it detects.

Nah. I'd agree that MalwareBytes is the leading candidate for spam and rootkit detection. Plus, it is free and doesn't have the overhead of "Internet Security" features like firewall and email filtering. Not sure that Trend Micro stacks up very well (relatively) in circumstances where you are just trying to detect and remove a spam-bot / malware.

[tin]

Try Trend Micro Internet Security, see what it detects.

Probably nothing.

At work, we've got a "virus scan laptop", which has MBAM, Avast and Avira installed on it. We also commonly install AVG on client's PCs... If something seems iffy, we hit the drive with all 3 programs on the laptop, and sometimes also AVG. Very surprising how many viruses will only be detected by one or 2 programs.