Darn, got a worm or virus on my home system

[jonra01]

A few minutes ago I noticed some failed delivery messages in Outlook. I thought someone was probably spoofing my return address. Turns out to be more serious than I thought. I checked the message headers and found out that the ip address of the originator is correct. The mail is being sent out from my system to my domain mail server and then out from there. Have no idea when this started or where I got it from.

[webado]

Ouch! I hope you get rid of it quickly.
Go to your server and use webmail to change the password, so your pc won't be able to send through that anyhting until you get rid of it.

[hdtvtechno]

http://www.avast.com/eng/avast_4_home.html

[jonra01]

Avast is pretty good, although I prefer AVG. With bitdefender 8 as a backup. The free version of bitdefender doesn't have an active shield so I use it to check the accuracy of AVG. I did a full system scan with both and neither one found anything.

[Brisguy52]

John,
there's a couple of free online virus scanners, symantec and pcpitstop are a couple that spring to mind.

[webado]

John, I'm curious as to how sending an email to your server from your pc (thus using an email client) can result in it getting resent elsewhere without you having forwarders or auto responders on the email account on the server.

At least this is what I understood you said was happening.

[jonra01]

Quote:

At least this is what I understood you said was happening.

It'd be nice is someone understood what was happening. I sure don't.

I opened my mail client and noticed 5-6 bounced messages from mail servers. My first thought was that omeone was using my domainname for the spoofed return address. This happens every once in awhile. However, a look at the headers showed the return addresses weren't spoofed - they were real. The header showed the originating machine was mine - ip address - and the name on the account was the one I use for my main accoiunt. From there it went to my mail server and then out. Everything was in order, except I didn't send any of the messages.

The messages were obviously part of a spam broadcast. All of the addressee names began with 'p'.

A virus scan with 2 different av programs found nothing on my system. It's difficult to believe that something got through my firewall, active anti-virus shield, and running ms anti-spyware.

One strange thing I've noticed is that a system with an ip number that belongs to comcast is trying to make a direct connection to my system. This may be a server for comcast or it could be another comcast broadband customer. There are actually 2 of them. One has an ip number that is similar to mine and that one appears to be a customer's machine. The other one is completely different, but still belongs to comcast.

I've got both of those ip addresses blocked. Nothing seems to be out of the ordinary now. I'll watch for new bounced messages. If I get anymore of them then I'll have to try to figure out what the heck is going on.

[webado]

OOOOOOOHHH! I see ... said the blindman

I don't really, but maybe you're right - they are trying to relay through your pc. Get that firewall tight.

Why don't you run the Sygate firewall tests to see how tight it is or it isn't. Maybe you have an open port somewhere that you shouldn't have.

[jonra01]

I was thinking of reinstalling sygate since it won't block ms outlook no matter what setting I use. It's a nusiance, because I'll have to authorize each program again the first time I use them.

[webado]

Outlook or outlook express?

I know in OE it pops a window saying that something's trying to send email through it, do you want to allow it or not. Not related to Sygate. Not even sure if it's a setting or just that's the way it is. No idea how to turn that off even if I wanted to.