Am I a Zombie?

Hello.

Some weeks ago I got a message from a company spam filter rejecting spam from my address - my address but somebody else’s name in front of it. It’s this that made me switch to Avast on a computer technician at work’s advice. He said use your boot scan capability, and sure enough I found a virus/Trojan that AVG had been missing. Problem solved I hoped. Yet yesterday about 50 messages rejecting mail that had apparently come from me appeared. I looked for more advice. My internet company said to go through the list on “Task Manager/Processes” and Google each and I might find the culprit. I did and the only one that seemed to suggest a problem was AGL.exe. But then there were other opinions and I don’t know who it was writing that this was a virus.

So I guess my questions are: a) Should using all of the options of Avast find this virus/Trojan? I’ve set the scan for the most thorough I can - boot scan, archives, etc. 2) If things can get around Avast is there something else I can do? Should I be trying to get rid of AGL.exe, for example? Perhaps there a program that will scan these “Processes” for example.

Any advice will be appreciated. I hate the thought that someone has invaded my computer and is sending crap out under my address.

Canada John

Ignore it, most spam filters are dumb and ones that bounce or report spam are even dumber. It is most common that from email addresses are forged, why would a spammer give his or her real email address. The different name in front of it basically confirms it was forged and a dumb spam filter bounced the email back to a faked address.

It is more likely that a friend, colleague or someone with your email address in their address book is infected and sending out spam. The address book is where they frequently get the email address to fake the from address.

There are occasions that this could also be a malicious attempt to get you to open an attachment to see what has been sent from your email and then you could be in trouble.

If you are using the Internet Mail provider (you should) set the sensitivity to High, as this will be able to detect multiple identical emails (spam basically) in a period of time and may be your first indication that you are sending spam.

No necessarily. It could just simulating your email address and not using your computer.

Anyway, I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.