+ 0 Votes Well there could be a Local Infection OH Smeg 3 years ago The best bet is to scan the system in Safe Mode with both an AV Product then things like Spy Bot S&D and Malware Byteshttp://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10878968http://www.safer-networking.org/en/download/index.htmlOf course this is assuming that your Fiend is running some form of Windows which may be dangerous.However if they are install the above apps if they are not already installed Update them and the AV Product loaded and then reboot the system into Safe Mode and run scans on the system.If it shows anything being deleted rescan with that Application till it's either clean or it's not possible to remove the infection. Then move to another Scanner.I always start with an AV Product then use Spy Bot and finally Malware Bytes, but that's my Personal Preference.In severe cases or if Windows isn't involved you may need to use a Rescue Disc like those mentioned herehttp://blogs.techrepublic.com.com/security/?p=3803&tag=content;leftColCol + 0 Votes I am still trying Healer 3 years ago to convince him to take my advice. Your information has reinforced my instinct. He keeps saying his AV hasn't found anything wrong and he was too busy with the computer.Do you think those emails are mostly likely generated from my friend's computer or from other computer that has his email address?By the way, do you think those Linux-based resuce CDs are meant for Windows systems and work well on Windows systems? + 0 Votes Those Nix Based Rescue Disc's OH Smeg 3 years ago Where designed to run and clean up Windows Systems that is their sole point to life and I use them all of the time.Though yesterday they let me down but that was with a Dell NB that has a strange Chip Set as none that I threw at the unit could find the HDD. Actually for that matter none of the Live Linux's could load either but I'll admit to not trying too hard.Most times however they are the only way to clean the system. As for the rest you have to first rule out an Infection on the users system before you can even begin to do anything else and relying on just an AV Product isn't a legitimate way to prove that the system has no infections. AV Products work well most times to prevent Virus Infections but most times that's all that they stop. They are next to useless for anything else and Virus's are just one of the many things specifically written to Infect Windows Systems.While he may be busy if his system does have any infections he could very quickly find himself being Black Listed and no E-Mail that he sends out getting accepted by any people at all as their ISP's will block them. Depending on how Educated that user is their system may be clean but then I suppose the obvious thing to ask would be how was his E-Mail Address Spoofed? He had to be doing something wrong to let that out to the Dark Side of the Web so it's just as likely that he did something wrong and infected his system into the bargain. Col + 0 Votes Unixed based or Linux based? Healer 3 years ago I suppose you meant Unix based or Linux based rescue discs.My friend is away on holiday for two weeks. I shall talk with him again when he gets back.What if the emails are not from his computer? Perhap somehow his email address was stolen and emails have been sent out from somewhere else. Then I suppose the only way to fix the problem is to cease to use the current email address and acquire a new one. + 0 Votes I'd second this - might have a spam bot infection. dave 3 years ago Had an office computer get infected with Rustok-B and had similar symptoms. McAfee virus was completely clueless about the infection. The only way to clean the mess was to do a virus scan with a boot CD. Try the AVG rescue CD. Also, check the packet traffic with WireShark or Nirsoft SmartSniff and see if you can see any outgoing traffic on tcp port 25. + 0 Votes Probably not sent from your friends computer TobiF 3 years ago Spam senders use lists of emails not only for recipients, but also for senders.Seems your friend's address got abused as a fake sender address, and then undelivered spam comes "bouncing back".It is actually possible to double check if the spam originated from his ip address.In the bounced emails, you usually have a copy of the bounced email attached. If you open such an attachment in notepad and look at the delivery headers, then you can see which way the spam was delivered. If the ip addresses listed have nothing in common with your friends email server and/or own public ip, then his address was simply used as a fake sender. + 0 Votes Tobi santeewelding 3 years ago Where does our trust in this new world begin, or end. + 0 Votes Avoid eating GMO chicken... TobiF 3 years ago and your chances will be better. + 0 Votes Like I said about Palmetto santeewelding 3 years ago I take my cues from some few here. + 0 Votes It is a risky world now. Healer 3 years ago Plane tickets are cheap but planes are not as reliable and as safe as before. We hear well-known airlines getting all sort of engine troubles almost every day, let alone possible terroist attacks. + 0 Votes I will check it Healer 3 years ago when I get a chance. It is a very good idea. I am concerned how the email address was taken in the first place though. + 0 Votes Could even be at random TobiF 3 years ago Emails are forwarded to a domains email handler with the SMTP protocol.When SMTP is used in this way, there is no checking of the sender address. It could be random (and some spammers even do use random from address).But, more probably, the address was picked from some kind of list of email addresses. Maybe someone managed to steal the user database of a site where this address was used? Or the site owner decided to sell the user database.I have a special (proactive) way of tracking this.On my own domain, I can set up email aliases, and set them to deliver emails to my main account. (So at this site, I was visible as techrepublic@.... until I changed my screen name)If I receive spam on any alias, then I'll know from where they got the address. I can also easily discard that alias to stop spam to that address. + 0 Votes I was about to say Healer 3 years ago the address sending from could be random in order to hide the real source. I am sure that can be spoofed too.I know that yahoo mail provides an option of creating some sort of alias to an email account. When needed the alias could be dumped and a new alias to be created. However in my mind that would be the same as creating another email account and we still have to inform every one of the new email address.I am not too sure what screen name you are referring to. Moreover even you set up an alias I suspect we still can't be sure where it could be stolen from. + 0 Votes Some clarifications TobiF 3 years ago Spoofed sender's address: When emails are forwarded to a domains server for incoming mails any address can be entered in the "from" field.Alias: I just tried to explain that I have a setup where some 60 different addresses on my domain all point to my main email account. Maybe you could do something similar with parallel accounts on Yahoo, that I don't know.My screen name here is TobiF, but I got it just a couple of months ago. + 0 Votes More clarification sought! Healer 3 years ago Are you forwarding your emails one by one manually?Are you saying you are delaing with 60 different addressress?What do you mean by "all point to my main email account"? Do you mean auto-forward?I do use the yahoo account with the alias for some purpose.When I registered with Techrepublic years ago I was asked straight away what user name I used. I used "healer" which is the meaning of my first name, I suppose. So I suppose the user name is the screen name you are referring to. I don't know how you could register without a user name? Perhaps you meant you joined TechRepublic a couple of months ago.How do you read your email with notebook by the way? + 0 Votes Here ya go! TobiF 3 years ago <i>Are you forwarding your emails one by one manually?</i>Of course not. If you have your own domain name, then you're free to define any email addresses in that domain. The provider I use, allows me to define any number of aliases/autoforwards. And I use this to create a specific email address whenever I register on a site where I don't want to give my usual email directly.<i>Are you saying you are delaing with 60 different addressress?</i>I'm saying that there are about 60 different addresses you could use, that would get your message delivered into my main email account. But I will still see, which address you sent to. <i>What do you mean by "all point to my main email account"? Do you mean auto-forward?</i>You'd typically call it auto-forward if the mail is sent further to another domain. If the "auto-forward" is within the same domain (as in my case) then the term "alias" is used more often.<i>Perhaps you meant you joined TechRepublic a couple of months ago.</i>As you can see in my profile, I joined a couple of years ago. And I'm not sure whether i left the user name empty, or entered that same email address in the user name. After all, the address was a "disposable one" so it wouldn't be too a big problem, should it become visible. But later I realized that for user names that look like email addresses, the site hides the domain portion of the name. So I become one out of several techrepublic@... users here. When I started frequenting the site more often, I changed my user name.<i>How do you read your email with notebook by the way?</i>In general, I don't like webmail. I want to compose and read emails on my local system (which happens to not be a laptop). So I download the emails from the server to my computer. (and then delete them on the server.)For me, webmail is a dirty workaround for those cases, when I need to check pending emails on the server because my own computer is off line. + 0 Votes Response to "Here ya go!" Healer 3 years ago So you still need to manually set up aliases or filters in advance. I had supposed you had some automated system. I suppose auto-forwarding is part of the whole system.Downloading email to local computer, not every email reader let us read in text format. At least I can't find exporting to notebook option on my 2010 Outlook. If the email in HTML format, reading it could be a bit of drama. + 0 Votes I don't like Outlook, for these reasons TobiF 3 years ago - It notoriously replaces mentions of email addresses with data from the address book, so that you can't see what was originally in the email itself.- Unless "hard coded" via registry or policies, it will always try to render html emails.- By default, the preview pane is on, rendering whatever email happens to be on top of a folder you open.- Almost every month, MS pushes out updates to their junk filter and flag them as important, so they are included by default. I don't know how these things work themselves, but to the user, the only exposed options for junk mail sorting is blacklisting email address and sender domain, which is a useless way to catch junk mail. + 0 Votes Response to "I don't like Outlook, for these reasons" Healer 3 years ago I have thought about that. Actually I believe that the replacement of the email addresses with the name is done at the sender's side using the address book of the sender's, not the recipient's. + 0 Votes It is possible LocoLobo 3 years ago the notices of undelivered emails are spoofing SPAM from others. Is he SURE the notices are legit? Unless he has evidence that his computer is a spambot, I would ignore and delete them. + 0 Votes I suppose the only way Healer 3 years ago to find out if the computer is a spambot is give it some thorough virus scans and look up the returned emails and see where they originate.It is a worry though if we can't stop it and don't know whether they are from one's own computer. + 0 Votes That's the question. LocoLobo 3 years ago Are they really returned emails or are they spoofing attempts to get you to open their SPAM? Yes, run virus scans, ccleaner, spybot, etc, but I suspect the "returned" emails are not really returned.For instance, lets say one of my contacts is Jane Doe, email@example.com. My inbox will show email from her as "Jane Doe". But sometimes SPAM gets thru showing as from "firstname.lastname@example.org" usually something "urgent".That's my first warning, the email doesn't "look" right. If I suspect the email is legit, I will personally call Jane and ask her what it's about. I don't open her email until I am sure she sent it. So far that hasn't happened. Every case I've checked (I don't check many) has been fake. + 0 Votes When I get those I just e-mail them to myself OH Smeg 3 years ago On a account that is only opened on a Linux Box. Makes things much safer to look at if nothing else. If they are not from the computer of your friend there's very little that can be done particularly as Optus got hit recently and had at the very least some of their customers E-Mail Addresses lifted. I'm currently getting Spam on a Account that I don't use but is the Master Optus Address.The only reference to that Account is from Optus as they are the only ones who send me anything on it, generally things like You have used 80% of your Available Bandwidth this month when you exceed the limit your Speed will be slowed to whatever. I normally get those type of messages before the 10 of the month. Anyway if you are certain that it's not from that computer it's not really safe to open them on a Windows System as they will likely infect it. Stick a Live Linux Disc in the system and boot off that to do any investigation. Col + 0 Votes Depends on how you open them TobiF 3 years ago I open such emails on my windows computer...But in NOTEPAD. + 0 Votes How do you Healer 3 years ago open in notepad?Don't tell me you export every email to notepad. What a hassle? Actually I can't see an export option for each email on my Outlook 2010.What about setting the mail reader whatever it is to receive and read text email only? That would be very safe, wouldn't it? How are we going to deal with those emails with media files in text format? I suppose they could come in attachments. Well, opening the attachments could still be a risk. + 0 Votes Are you saying Healer 3 years ago checking email with a Linux system is safer? However doing that with a Linux live system would be very troublesome if you have to set up the email account every time. Though we can have some setup save with some live system, we would only check the emails in smtp mode or pop mode without deleting the emails in order that we still can retrieve the email at the real system. Then how can we stop new emails from coming in when we use the real system? Did you say you were forwarding email to yourself? Oh! You have given yourself a lot of work, haven't you?Is that the investigation you meant? + 0 Votes I have a Nix box running all of the time in addition tot he Gateway here OH Smeg 3 years ago It has it's own Mail Account on it and I just forward to it anything suspicious. As most E-Mail Infections are aimed at Windows Systems it's considerably safer and if there is something that tries to install Under Debian I'm asked to enter the Root Password which is a dead give away that something not right is happening.I suggested the Live Linux simply because not many people have 5 computers running 100% of the time and use them so the idea was to make it easier at least a bit. As part of my work involves Security it's all fairly basic stuff to me at least, but when I get E-Mail coming into the Nix Box I know that's it's suspect as I only use it to check things. If someone else gets access to that account it wasn't from me or Legitimately so anything received there is most defiantly Suspect. Col + 0 Votes So you ... Healer 3 years ago manually check every email and forward those suspicious ones to the Nix box, or you set up the system somehow automatically detects and forwards suspicious emails to the Nix box. I like the automatic system but do not know what software provides that. If it is a manual job, then checking them would be a hassle and a risk too. Don't you think so? + 0 Votes I manually forward the suspicious E-Mails to the remote address OH Smeg 3 years ago And no it's not dangerous forwarding them on as I don't actually open them. If there where going to do any damage they would do it when they hit the In Box and as there are only a few a month it's not overly time consuming. I also have a half way decent Spam Filter in place which catches all of these things and it's only when I go looking at what's been caught that I see most of this. I suppose I could just as easily configure the Spam Filter to forward them on but as I'm Inherently Lazy I just can not be bothered. Col + 0 Votes The problem is Healer 3 years ago when it is supposedly a notice from a mail server saying the email can't be delivered. I do not think we can phone up somebody to verify the veracity. + 0 Votes You can, but it's difficult LocoLobo 3 years ago When we first set up our new Exchange Server 3 yrs ago, some of our users got email from an ISP service saying exactly that.We didn't open the emails. Instead we sent test emails to accounts of people we knew using that ISP and verified they weren't receiving mail from us. Then we called the ISP to notify them of this. It took a couple of days to get ahold of somebody. For some reason our new email server had been tagged by their servers as "unreliable". The person I talked to fixed this but warned me they would be "watching" us. Que Sera. Since then the ONLY such notices we have received are fakes.BTW: Oh Smeg has a good idea. You don't do this with all your email, just the suspicious ones. + 0 Votes I get the same. Kenogami 3 years ago Are you using MSN and hotmail? If so, Microsoft has failed to implement or activate the blocking in their system. I think that once you block an un-wanted E-mail, It should be blocked, not even go into your junk mail. Only my opinion! But go figure, you can never delete your information from FaceBook.P.S. all illegal WEB sites collect and sell your information. Beware of any videos that want you to download a new codex version. This is a scam. DON'T GO NEAR IT @#@#@#@# Done it, regret it. Randy + 0 Votes Optus mail Healer 3 years ago It is an email account with Optus, a company in Australia dealing with connection for telephones, mobiles/cell phones, Internet broadband and so on. + 0 Votes Optus seems to have been hit recently OH Smeg 3 years ago I'm getting a lot of Spam now on a Optus Account that I don't use. It's the Master Optus Address for this Account and I only receive notices from Optus about my Net Usage and adds about new announcements like 100 MBS Connections. Lately I've got a lot of Spam into this account and it's growing if that means anything. Col + 0 Votes Unless he dumps the provider Healer 3 years ago My friend's account is also the primary Optus email account so he can't dumpt it unless he dumps the provider. I have been advising him to use GMail or someting similar instead of getting tied up with one's ISP.Is your SPAM similar to what my friend has got. + 0 Votes No I'm just getting the normal OH Smeg 3 years ago Run of the mill type spam Pharmacopeias from the US, Student Loans and that type of thing.OH and Readers Digest which is a constant nuisance. Col + 0 Votes Switching will not serve to avoid spoofing. deepsand 3 years ago Spoofing neither knows nor requires favorites. + 0 Votes Overwhelming prevailing cause is SPOOFING deepsand 3 years ago SMTP provides no mechanism for authenticating the Sender of an e-mail, making it easy to impersonate another by forging the Sender's address.This is commonly known as spoofing.There is nothing that you can do to stop it. + 0 Votes Probably not sent from your friends computer TobiF 3 years ago Spam senders use lists of emails not only for recipients, but also for senders.Seems your friend's address got abused as a fake sender address, and then undelivered spam comes "bouncing back".It is actually possible to double check if the spam originated from his ip address.In the bounced emails, you usually have a copy of the bounced email attached. If you open such an attachment in notepad and look at the delivery headers, then you can see which way the spam was delivered. If the ip addresses listed have nothing in common with your friends email server and/or own public ip, then his address was simply used as a fake sender. + 0 Votes It is possible LocoLobo 3 years ago the notices of undelivered emails are spoofing SPAM from others. Is he SURE the notices are legit? Unless he has evidence that his computer is a spambot, I would ignore and delete them. + 0 Votes I get the same. Kenogami 3 years ago Are you using MSN and hotmail? If so, Microsoft has failed to implement or activate the blocking in their system. I think that once you block an un-wanted E-mail, It should be blocked, not even go into your junk mail. Only my opinion! But go figure, you can never delete your information from FaceBook.P.S. all illegal WEB sites collect and sell your information. Beware of any videos that want you to download a new codex version. This is a scam. DON'T GO NEAR IT @#@#@#@# Done it, regret it. Randy + 0 Votes Overwhelming prevailing cause is SPOOFING deepsand 3 years ago SMTP provides no mechanism for authenticating the Sender of an e-mail, making it easy to impersonate another by forging the Sender's address.This is commonly known as spoofing.There is nothing that you can do to stop it.