My son uses Windows Vista and is one of the users of my Total Protection (which is up to date).
(I have downloaded and run, as suggested in one of the discussions in the forum, SuperAntispyware but can not do the HiJackThis as it does not appear to be for Windows Vista.)
Spam emails have been sent from my son's hotmail account.
He received notifications that emails had not been delivered from addresses he does not know, though they were sent from his address.
I received one of these emails (which I deleted immediately!)
A recent occurance of this spam mail (I got him to forward to me a returned mail he had not yet deleted, and unfortunately do not have a copy of the previous lot sent out)
- was sent to multiple addresses, all begining with "doc".
- subject was "re: genuine brand electronics"
- the message has references to
- our company www (.llkf66.)com
- you can contact our msn message llkf66(@hotmail.)com or send email to llkf66(@gmail.)com
Full scans do not pick up anything.
I know very little about viruses/spam/etc.I know very little about viruses/spam/etc. So have spent 2 days trying to work out what virus and what to do.
(Unfortunately I have established with McAfee that I can not use their chat virus removal service and I can not use the phone one as our phones do not work. So that option is out. Where I am there really isn't the expertise around to take the machine to.)
I would really appreciate some guidance as what to do now. I am at my wits end.
(I sincerely hope I have done this all correctly and "posted" it in the correct place. Am open to corrections.)
That's Vista SP2 I trust...always a good idea to keep the operating system and any software up to date.
Receiving notifications of undelivered mail apparently from oneself is not unusual and is often nothing to worry about.
It means that someone, somewhere, who has your son's email address in their address book, has an infection which is spoofing a random address from that list, in this case your son's, to send spurious spam emails willy-nilly across the web.
Do you know for sure that they definately were generated at his email address - do they show in the outbox or sent folders?
It's been a while since I used Hijackthis but I believe one can run it in Vista and Windows 7 for that matter by right-clicking the installer .exe and selecting Properties and under the Compatibility tab select "Run in compatibility with Windows XP", but I can't guarantee that.
If SuperAntiSpyware found nothing you might want to run the free version of this tool too as it often finds obscure stuff that major anti-virus and anti-spyware applications overlook for whatever reason. Update it before running and let it remove anything it finds and reboot immediately when asked to do so.
If you do manage to get Hijackthis installed and want its log analyzed then follow these guidelines:
For stubborn infections that nothing seems to budge try using an application called "Hijackthis" and posting its log on one of the forums below. They will check it and help you get rid of whatever ails your machine.
Do not post the log here, we can't help!
Post the logs at a specialist Forum:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
Thank you, much appreciated, that has been most helpful.
I have followed the links suggested.
Clarification of one point, please.
Referring to the comment "... do they show in the outbox or sent folders?"
- If the sent emails do not show up anywhere on his computer does that confirm the spam emails were definitely not sent from his computer?
- Would this then mean that the spam mail came from a machine
- with his address
- as well as my address on it (as I received one of the spam mails sent from his address)
If the emails don't show anywhere on your son's computer, there are two possibilites:
1. They are sent from elsewhere, because someone has access to his hotmail account. Ask him to change the password just in case.
2. His account is not stolen, spammers are faking his address in the From field.
It's very likely you are not infected with anything in either case.
Hope that helps,