Friday, April 23, 2010

Spambot infection

My XP operating system computer has been infected with a spambot that hijacks my machine and sends out spam every four or five days. The malware goes through my Outlook Express address book and sends out spam (ten addresses per spam) and the offending emails show up in my sent items box.

I have tried a variety of virus scanners and found nothing. Other than the standard ones, I have also tried:
  • Spyware Doctor
  • Superantispyware
  • Spyware S&D
I ran Microsoft Network Monitor and found all sorts of internet traffic to suspect sites in Latin America, Asia and Europe when the computer was supposedly idle. If you have any suggestions please email me at cam at hbhinvestments dot com.

4 comments:

Unknown said...

I did some research in this area before downloading it and Malwarebytes has got very good reviews:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

You might have to pay to remove something once it's found though. I've never had that come up yet.

Ev0lve said...

install windows defender if your windows XP is legitimate

and install internet security software like kaspersky or Mcafee Internet security solution.

you can always upgrade to windows 7 if hardware is new.

Magilli said...

My wife who maintains several world wide blogs had a similiar infection: we took the laptop to "The Tech Shop" at 1565 George, White Rock (604 541 4644 who insisted on having the laptop on the premises..She is doing an online masters degree in multimedia edu-streaming and needed the machine returned within 30 hours; which they did, with time to spare.And under $200... Failing that action, i often look at the Ask Leo site who also pairs up with Gibson Research for their security blogs: ; .
Good Luck, Bob Cooke

Cam Hui, CFA said...

I want to thank everyone who replied to me, either by comment here and by email. All of your suggestions were very helpful.

I ran several other virus scans and found nothing more serious than a few tracking cookies.

Then on Sunday I discovered the problem: someone had hacked into my email account at the server level and the intrusion does not appear to be on my computer, which is why I can't find the problem.

I had anticipated a possible hack into the email account and I deleted my address book, except for a few selected email addresses to myself and to inoperative accounts. Sure enough, the spambot ran on Sunday and emailed everyone on my test list. Since the test list was highly limited number of addresses, the spambot was contained.

I have since changed my email account's password. The spambot seems to strike every 3-4 days. If it gets past the new password into the email account, I will know it this Thursday or Friday.

Thank you everyone for your efforts.

Cam