Internet Blocked, How?

Malware detection, cleaning and prevention
Post Reply
SteveDave
Posts: 4
Joined: Thu Jul 15, 2010 2:19 pm
Location: Melbourne

Internet Blocked, How?

Post by SteveDave » Fri Jul 16, 2010 3:37 am

I have received a message stating that my internet has been blocked because spam was being sent from my IP.

I have not activated any of my exetel emails, nor have i ever attempted to create one. How is it possible that my IP was sending spam emails? Is there another way?

I have been extremely happy with the service Exetel has provided, but this has come as a complete surprise. All the computers in the household run anti-virus checks everyday.

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: Internet Blocked, How?

Post by jokiin » Fri Jul 16, 2010 7:06 am

SteveDave wrote:I have received a message stating that my internet has been blocked because spam was being sent from my IP.

I have not activated any of my exetel emails, nor have i ever attempted to create one. How is it possible that my IP was sending spam emails? Is there another way?

I have been extremely happy with the service Exetel has provided, but this has come as a complete surprise. All the computers in the household run anti-virus checks everyday.
the message has nothing to do with Exetel based emails, it does mean that there is spam originating from your IP address and it may not have anything to do with any email account you own, more likely a trojan on one of your machines that is pumping out junk, in my experience (from machines I have had to clean for people that have had the spam block) the spam is generally spewing out at more than 100 messages a minute

if you notice any of the machines running a bit slower than usual might be an indicator of which one to look at first, don't rely on just your AV program though as none of them are foolproof, it's not unknown for some of these trojans to disable your AV also and have you thinking you're protected when you're not

also have a look at MalwareBytes http://www.malwarebytes.org/mbam.php download it, after installing do the updates then scan, you might be surprised what this can pickup that your AV has missed

if you still have trouble after this it could be a rootkit (you can Google for more on this) a lot harder to locate and get rid of though

SteveDave
Posts: 4
Joined: Thu Jul 15, 2010 2:19 pm
Location: Melbourne

Re: Internet Blocked, How?

Post by SteveDave » Fri Aug 13, 2010 1:22 pm

Just an update on this. Exetel sent out one of them spam report emails, and in the email it actually pinpointed which one of my computers was sending the spam. So after booting in safe mode, and scanning with at least 4 anti-virus/malware programs, nothing came up, no threats detected at all.

And now recently, I've gotten an email from AOL which has the following...
*
Email Feedback Report for IP ----------------

To aolfbl@exetel.com.au
From: scomp@aol.net
Sent: Thursday, 12 August 2010 11:33:18 PM
To: aolfbl@exetel.com.au
Attachments, pictures and links in this message have been blocked for your safety. Show content | Always show content from this sender

This is an email abuse report for an email message with the message-id of 617016205.75709976098959@aol.com received from IP address ------------ on Thu, 12 Aug 2010 08:12:07 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/tools/fbl.html

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/guidelines/

If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/waters/fbl_change_form.html




--Forwarded Message Attachment--
Date: Thu, 12 Aug 2010 22:12:18 +1000
From: DEANELONDON@aol.com
To: redacted@cs.com
Subject: ACDSee Pro 2.5 $49.95








SPECIAL OFFERS - Adobe PACK - 1 - $149.95

http://78.131.152.140/~bestwin/egblwdq.html
I'm assuming the bottom forwarded email is the spam that is being sent.

I don't know what to do anymore, any help?

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Internet Blocked, How?

Post by Dazzled » Fri Aug 13, 2010 1:46 pm

Anyone who runs Windows and goes online is a target for this sort of thing. If it comes to the worst you will have to repartition and reinstall everything, but before it comes to that, scan for everything, including rootkits, which can get under the Windows system and be nearly undetectable. It is quite possible for one of these to install a zombie mail server that spews out spam.

The top scanner varies from time to time, but at the moment Malwarebytes http://www.malwarebytes.org/ has many supporters.

Another user who was in a similar mess recently and got clean is covered at viewtopic.php?f=284&t=36543 Note that erasing disk files isn't necessarily enough.

When you do get it clean, image the system, rather than backing up files, to save a lot of time if it happens again.

Franpa
Posts: 438
Joined: Thu May 15, 2008 11:44 am
Location: Australia, QLD

Re: Internet Blocked, How?

Post by Franpa » Thu Aug 26, 2010 2:35 am

Try Trend Micro Internet Security, see what it detects.
Windows 10 Pro x64 | Intel i7 920 @ 3.6GHz | ASUS P6T Motherboard | 24GB DDR3 1520MHz RAM | MSI Gamer 1070Ti 8GB | Integrated Sound Card | Corsair AX760 Platinum Power Supply | Exetel ZTE H268 Modem

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: Internet Blocked, How?

Post by CoreyPlover » Thu Aug 26, 2010 11:43 am

Franpa wrote:Try Trend Micro Internet Security, see what it detects.
Nah. I'd agree that MalwareBytes is the leading candidate for spam and rootkit detection. Plus, it is free and doesn't have the overhead of "Internet Security" features like firewall and email filtering. Not sure that Trend Micro stacks up very well (relatively) in circumstances where you are just trying to detect and remove a spam-bot / malware.
I am a volunteer moderator and not an Exetel staff member. As with all forum posts, mine do not constitute any "official" Exetel position. Support tickets may be logged via https://helpdesk.exetel.com.au or residentialsupport@exetel.com.au

tin
Posts: 178
Joined: Mon Jul 28, 2008 5:22 pm
Location: Northwest NSW
Contact:

Re: Internet Blocked, How?

Post by tin » Thu Aug 26, 2010 1:55 pm

Franpa wrote:Try Trend Micro Internet Security, see what it detects.
Probably nothing.

At work, we've got a "virus scan laptop", which has MBAM, Avast and Avira installed on it. We also commonly install AVG on client's PCs... If something seems iffy, we hit the drive with all 3 programs on the laptop, and sometimes also AVG. Very surprising how many viruses will only be detected by one or 2 programs.
The above post is copyright, may be edited at any time, and should not be taken internally. Any breach of these terms may result in legal action or a sore tummy.

Post Reply