Subscribe now and choose from over 30 free gifts worth up to £49 - Plus get £25 to spend in our shop
It appears that my email has some sort of virus in it that's sending out emails to my contacts. I have no idea how to stop it.
90% of the time I reply to emails from my iPhone and most of the last 10% from my work PC wich is firewalled to the max on our central servers. I can't remember the last time I accessed it from my PC or laptop at home, it must be a month or two at least.
It's a Google Mail address (As in my profile) and my main one, so I don't want to stop using it.
Any ideas will be gratefully appreciated. 🙂
email can be spoofed to appear from and to anybody. It's not necessarily you who has the virus. It could also be that you've put it on the web somewhere and a scraper has found it.
Have a look in the headers. In the GMAIL web UI, open one of the message, click the arrow next to reply, go to show original.
Paste headers here
UI? What's that? Sorry, you'll have to use words a numpty can understand! 🙂
I've just cleared out all my sent, deleted, spam and trash folders
As above it's not necessarily you, it could be someone else who has you in their Email address book - the virus picks two random names from the address book, one to send to the other used to spoof the "from" address.
Run a full virus scan.
Run a full virus scan.
Work PC - Not possible
iPhone - Not possible
Not keen on opening my email from the PC right now, either! 😕
You don't run an AV scanner on your work PC?? As for firewalling, if you do have a virus using it's own SMTP engine then depends how your sys admins have configured those firewalls. If they've not done a good job they'll probably just allow anything outbound and only filter inbound. Assuming they have firewall logging on they should at least be able to tell if your PC is sending stuff over port 25. Also running netstat -a -b at a command prompt (with admin rights) will give you some basic info about what your PC is connecting to, interpreting it is a different issue though 😉
UI? What's that? Sorry, you'll have to use words a numpty can understand!I've just cleared out all my sent, deleted, spam and trash folders
sorry still in work mode 🙁
I just meant the normal Gmail webpage, ie gmail.com 8)
open one of your messages, then click the arrow and go to "show original" then paste it here. Might give some clues as to the originator
What form do the emails take? Are they adverts, spam, do they contain attachments? Do you have one of the emails you're supposed to have sent?
You know, to me it sounds more like someone has just hacked into your googlemail account. Did you have a good password on it?
You might want to change the password for something nice and strong.
You don't run an AV scanner on your work PC??
Nope. All done centrally. You'd be amazed how locked down this PC is. I'm amazed they still allow facebook and Ebay. Youtube is bloked, most of the control panel is blocked, I can't even change the time or run a disc cleanup!
open one of your messages, then click the arrow and go to "show original" then paste it here. Might give some clues as to the originator
Hmm. I've deleted EVERYTHING apart from about 6 recent emails. A couple of people have told me they're getting spam of me - WorldClassAccident is for example!
I take it you want to see one of the spam emails?
What form do the emails take? Are they adverts, spam, do they contain attachments? Do you have one of the emails you're supposed to have sent?You know, to me it sounds more like someone has just hacked into your googlemail account. Did you have a good password on it?
You might want to change the password for something nice and strong.
I'll see if WCA can foreward one back to me.
They are adverts for clothes and stuff I think
Peter have you tried changing your gmail account's password?
Spam like this is mainly from compromised accounts.
Here's an example of PP's work
[b]
from Peter Atkin <peterpoddy@aol.com>
to cyberstation.emailnotif@neopost.com,
[i][email addresses of contacts][/i]
date 27 May 2010 18:11
subject That's the latest fashion? a-
mailed-by aol.com
hide details 18:11 (15 hours ago)
Allow me to introduce a website,wto-sell.com,which offers many kinds of handbags (LV,Hermes,D&G,Chanel,Prada and so on)
and shoes including christian louboutin &UGG boots and Rolex,Omega,IWC,ect watches.They are all world brands and brand new,
you can retail or wholesale on our website,competive price and good quanlity what we can assure,and we accept papal and credit
card payment which are safe and fast,
Don
r
t miss .
( wto-sell.com)
y-
[/b]
My last job was antispam and virus control, but I've no idea how an aol address can be used if its not a virus on one of the computers. There's no obvious spoofing info in the header.
Here it is -
[i]---------- Forwarded message ----------
From: Peter Atkin <peterpoddy@aol.com>
Date: 27 May 2010 19:12
Subject: That's the latest fashion? s-
To: member@ebay.co.uk, michael@chainreactioncycles.com, michael@innovation-productions.com, michelle@ras-publishing.com, mickledore@waitrose.com, mikedav4@hotmail.com, milesgoff@tiscali.co.uk, mjt105@soton.ac.uk, mollieoke@yahoo.com, monkeytennis42@yahoo.com, mrcarlpeachey@hotmail.com, mtloved@yahoo.co.uk, mtnbiker4life@hotmail.com, mukluk@ntlworld.com, nclarksouthampton@googlemail.com, neil.wilkinson@hotmail.co.uk, neil@dezign.me.uk, news@wiggleeurope.com, newsletter@ampworld.de, newsletter@planet-x-bikes.com
Allow me to introduce a website,wto-sell.com,which offers many kinds of handbags (LV,Hermes,D&G,Chanel,Prada and so on)
and shoes including christian louboutin &UGG boots and Rolex,Omega,IWC,ect watches.They are all world brands and brand new,
you can retail or wholesale on our website,competive price and good quanlity what we can assure,and we accept papal and credit
card payment which are safe and fast,
Don
wt miss .
( wto-sell.com)
b- [/i]
Just noticed it seems to be coming from my AOL account which I only keep open for Ebay purposes....
I'll change the password
Had the same thing with aol, my email addresses sending each other different spam adverts usually drugs and viagra.
Found how to show full headers in Gmail:
Received: from imr-da01.mx.aol.com (imr-da01.mx.aol.com [205.188.105.143])
by mx.google.com with ESMTP id 7si92682qwb.24.2010.05.27.10.12.13;
Thu, 27 May 2010 10:12:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of PeterPoddy@aol.com designates 205.188.105.143 as permitted sender) client-ip=205.188.105.143;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of PeterPoddy@aol.com designates 205.188.105.143 as permitted sender) smtp.mail=PeterPoddy@aol.com
Received: from imo-da01.mx.aol.com (imo-da01.mx.aol.com [205.188.169.199])
by imr-da01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o4RHBj9U015301;
Thu, 27 May 2010 13:11:45 -0400
Received: from PeterPoddy@aol.com
by imo-da01.mx.aol.com (mail_out_v42.9.) id 7.bb9.6b6e514c (34959);
Thu, 27 May 2010 13:11:43 -0400 (EDT)
Received: from smtprly-mc01.mx.aol.com (smtprly-mc01.mx.aol.com [64.12.95.97]) by cia-da06.mx.aol.com (v129.4) with ESMTP id MAILCIADA068-d3ce4bfea7c8dc; Thu, 27 May 2010 13:11:42 -0400
AOL does have a web portal so it's possible the spammer is using compromised details to login and send the emails.
The AOL account I NEVER open anymore. It's set up to foreward everything onto my Googlemail account. I can't use the Googlemail account on Ebay because you're not allowed to have the same email name as your ebay user name anymore: Despite the fact I already have! I can't change from Peterpoddy@aol.com to Peterpoddy@googlemail.com...!
Must have been hacked. I'll change it.
Your going to get plenty is spam no thanks to the number if times your email addy is on this thread.
Yeah, like it will make a difference!
Drac, Googlemail spam filters mean I never see any of it! 🙂
Told you about this ages ago.... I dont think theres much you can do. Az had the same thing happen to his Hotmail account I think he shut it down in the end.
You can remove all the contact details for your AOL account.
See if you can delete your AOL account?
Googling for a bit of the text in the email returns this link;
[url= http://windowslivehelp.com/thread.aspx?threadid=44ed4929-4bc9-45f5-b5b0-48a2698a671b ]http://windowslivehelp.com/thread.aspx?threadid=44ed4929-4bc9-45f5-b5b0-48a2698a671b[/url]
Which in turn links to these possible solutions;
[url= http://windowslivehelp.com/searchresults.aspx?query=recent%20reports%20of%20account%20hijacks ]http://windowslivehelp.com/searchresults.aspx?query=recent%20reports%20of%20account%20hijacks[/url]
Although they're Hotmail-centric the principals should be the same for Gmail.
Sorry Rich.
I'm not shutting it down yet. I'll see if I can delete all the contacts first
[i]Drac, Googlemail spam filters mean I never see any of it[/i]
Maybe you won't but all others emails you've posted will. 😆
Peter,
On websites you are better using peterpoddyATaolDOTcom instead of the full address. Google trawls so many websites and these results are available to anyone who knows the correct search queries to find them.
example below
People spend ages crafting these to search the internet for gmail, aol etc accounts you get added to spam lists and they can spoof your email address to send spam that looks like it can come from you or guess your password reminder etc.
Definitely change your passwords and also change any that are the same as your email passwords. Paypal would be a real bummer if they got that 🙁
Good Luck
On websites you are better using peterpoddyATaolDOTcom instead of the full address.
Good point. Will do.
Address book on the AOL account is now empty, all the sent and trash emails deleted and password changed. If that doesn't work I'll shut it down.
The spam emails were all there in my 'sent items box' so I guess it's been hacked somehow.
Thanks for the help everyone, sorry to those who've had spam off "me" 🙂