About to be blacklisted for sending spam! Need suggestions please.

Forums › Spark New Zealand (including Skinny and BigPipe) › About to be blacklisted for sending spam! Need suggestions please.

1 | 2

TechSol

299 posts

Ultimate Geek

Technical Solutions Aust

#640020 13-Jun-2012 09:16

johnr: Telecom did warn you

If you read above JohnR it mentions there was a note on the customers account to not disconnect him and that they would investigate further.

djrm

191 posts

Master Geek

#640024 13-Jun-2012 09:27

Just to go back over this:

If you remove your account from Outlook and don't use it anymore will this stop the spam? I was under the impression that a trojan/malware needs an email client to be sending the spam in the first place so if you in effect disable the email client will this not mend the problem?

Then you could use webmail etc instead.

keewee01

1737 posts

Uber Geek

Trusted

#640039 13-Jun-2012 09:59

djrm: Just to go back over this:

If you remove your account from Outlook and don't use it anymore will this stop the spam? I was under the impression that a trojan/malware needs an email client to be sending the spam in the first place so if you in effect disable the email client will this not mend the problem?

Then you could use webmail etc instead.

To heck that they need an existing client. All the really cleaver ones come with their own client built in (it only needs a command line interface, no GUI interface required) and they fly completely under the radar. Disabling or even deleting Outlook will do nothing to mend the problem.

Ruphus

465 posts

Ultimate Geek

#640392 13-Jun-2012 20:46

I'm not sure what router you use but could the logs in the router provide you with more info?

mattwnz

20141 posts

Uber Geek

#640412 13-Jun-2012 21:29

The OP really should have got a professional in to help them, as it doesn't sound like they had the technical knowledge to fix or find the problem themselves. The ISP is really doing the responsible thing, by protecting their network and other cusomters. But it is surprising that it has been going on for so long.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#640419 13-Jun-2012 21:42

Ruphus: I'm not sure what router you use but could the logs in the router provide you with more info?

Most routers couldn't. Anything that provided access to connection tracking would show vast numbers of outbound SMTP requests if something was sending emails. Assessing whether this was actually happening would be a 30 second job with something like a Mikrotik router.

djrm

191 posts

Master Geek

#640619 14-Jun-2012 11:41

keewee01:
djrm: Just to go back over this:

If you remove your account from Outlook and don't use it anymore will this stop the spam? I was under the impression that a trojan/malware needs an email client to be sending the spam in the first place so if you in effect disable the email client will this not mend the problem?

Then you could use webmail etc instead.

To heck that they need an existing client. All the really cleaver ones come with their own client built in (it only needs a command line interface, no GUI interface required) and they fly completely under the radar. Disabling or even deleting Outlook will do nothing to mend the problem.

If you look at my response properly you will see that I was asking a question. The big hint was the question mark at the end of the sentence!

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#640638 14-Jun-2012 12:21

djrm:
keewee01:
djrm: Just to go back over this:

If you remove your account from Outlook and don't use it anymore will this stop the spam? I was under the impression that a trojan/malware needs an email client to be sending the spam in the first place so if you in effect disable the email client will this not mend the problem?

Then you could use webmail etc instead.

To heck that they need an existing client. All the really cleaver ones come with their own client built in (it only needs a command line interface, no GUI interface required) and they fly completely under the radar. Disabling or even deleting Outlook will do nothing to mend the problem.

If you look at my response properly you will see that I was asking a question. The big hint was the question mark at the end of the sentence!

No.. removing your Outlook like won't help the fact that you have a Virus / Malware installed on your machine.

You need to clean it and remove the Virus / Malware. Removing the Outlook Client or anything else won't make any difference as keewee01 rightfully said most if not all Virus / Malware these days has it's own client and server built into the Virus/Malware itself...

So...

You need to clean up your computer to get back onto the interwebs...

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#640776 14-Jun-2012 14:56

OP, what part of NZ are you in?

Perhaps we can suggest a GZ'er or computer store near you that could come out to your place and resolve this for you for at a reasonable price.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

Gordy7

1906 posts

Uber Geek

ID Verified

Lifetime subscriber

#640796 14-Jun-2012 15:36

Surely it couldn't be too hard to see where the mails are coming from.

7000 emails an hour.... that's about 2 per second.

Looking inside the ADSL router might show some traffic related to network IP.
I guess if the guy is using a wireless ADSL router, then breaking up the system for analysis would be harder.

Just looking at the Lan port lights may give some indication of the source of email activity.

I have to agree with one guy about Anti-Virus products.
Definitions can be up to date but the application can be screwed.

In a situation like this I would have to agree that cleaning up machines with freshly installed copies CCleaner, Spybot, MS Sec Ess, MBAM or GMER etc. and see what is discovered.

Cheers

Gordy

My first ever AM radio network connection was with a 1MHz AM crystal(OA91) radio receiver.

Batman

Mad Scientist
29760 posts

Uber Geek

Trusted

Lifetime subscriber

#640860 14-Jun-2012 17:09

mattwnz: The OP really should have got a professional in to help them, as it doesn't sound like they had the technical knowledge to fix or find the problem themselves. The ISP is really doing the responsible thing, by protecting their network and other cusomters. But it is surprising that it has been going on for so long.

+1 million ... as they either fix it or lose it ...

keewee01

1737 posts

Uber Geek

Trusted

#640871 14-Jun-2012 17:21

joker97:
mattwnz: The OP really should have got a professional in to help them, as it doesn't sound like they had the technical knowledge to fix or find the problem themselves. The ISP is really doing the responsible thing, by protecting their network and other cusomters. But it is surprising that it has been going on for so long.

+1 million ... as they either fix it or lose it ...

+1 - If you don't know what you are doing then you need to get a professional in!!

Gordy7: Surely it couldn't be too hard to see where the mails are coming from.

7000 emails an hour.... that's about 2 per second.

Looking inside the ADSL router might show some traffic related to network IP.
I guess if the guy is using a wireless ADSL router, then breaking up the system for analysis would be harder.

Just looking at the Lan port lights may give some indication of the source of email activity.

I have to agree with one guy about Anti-Virus products.
Definitions can be up to date but the application can be screwed.

In a situation like this I would have to agree that cleaning up machines with freshly installed copies CCleaner, Spybot, MS Sec Ess, MBAM or GMER etc. and see what is discovered.

Cheers

Some of the trojans etc that do this are installed as root kits - so they sit underneath EVERYTHING on the computer, even Windows. This means they can easily evade detection by most things in windows that might be looking for them. Plus the mail client and server are effectively operating outside of Windows also.

If you have multiple machines running on your home network, turn them all off and have only 1 running at a time to try and isolate which one is generating all the traffic. Then you know which one to get looked at by the professional.

If you are really unlucky then you've caught something that look at the other computers on your home network and infected them too. Fun, fun, fun.

KiwiTT

122 posts

Master Geek

#640886 14-Jun-2012 18:01

I bought paid version of Malwarebytes, with Realtime always on protection. It is the belt and braces to my AVAST.

1 | 2