I think i’ve been infected by some malware which is sending spam through my Outlook 2007.
2 things have made me think this, firstly gmail has blocked my IP and whenever I send to a gmail account i get the following NDR:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
XXXXX@gmail.com
SMTP error from remote mail server after end of data:
host gmail-smtp-in.l.google.com [209.85.229.27]:
550-5.7.1 [My IP ADDRESS HERE 1] Our system has detected an unusual rate of
550-5.7.1 unsolicited mail originating from your IP address. To protect our
550-5.7.1 users from spam, mail sent from your IP address has been blocked.
550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review
550 5.7.1 our Bulk Email Senders Guidelines. f17si12285967wbe.17
Also periodically the Avast mail scanner goes crazy for a few seconds in the system tray, flickering on and off rapidly.
As this is happening loads of .tmp files are being created in my C:\Documents and Settings\username\Local Settings\Temp folder. They all begin ADA and then have a series of random numbers e.g. AdA306E.tmp. The size of these range from 1kb to 5Mb. At last count there were over 5000 of these files in this folder and totalled about 5Gb. Outlook has been running a lot slower since this started happening and I’ve though of but stopped short of re-installing it for now.
I’ve ran a boot time scan which found and quarantined a trojan or two, i’ve since ran a 2nd boot time which was completely clean, i also use spybot, ad-aware, bitdefender(online) and sophos rooktit detectors and they are all currently saying i’m clean, but the tmp files keep coming and the mail scanner still goes nuts.
I’ve ran a repair on Office and on all my pst files.
Not sure what to do next.
I hope that someone out there can help or suggest what to try next.
I’ve been told it’s fairly easy to unblock yourself from gmail, but want the issue fixed before I do so.
You could check at virustotal.com:
O4 - HKCU..\Run: [MemoryOptimizer] memtuneup.exe
File Name: memtuneup.exe
File Type: EXE File
Also Known As: memtuneup
Associated Process: Memory Optimizer
Status: Possible AdWare
memtuneup.exe, and it’s process, Memory Optimizer, have not been tested thoroughly enough yet to state definitely if they are harmful or not.
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxtp://www.vexcast.com/download/vexcast.cab
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Could be a trojan downloader:
Also meant to ask, does anyone know what the .tmp files in the C:\Documents and Settings\username\Local Settings\Temp folder are?
Can I just delete them?
basically a temp file or .tmp is a file that were used but are no longer being run. Mostly exes that you run during Internet Explorer are mostly saved there. So i would advise that you could delete all files in the temp as it is safe to delete.
Check your system for potential SMTP senders:
Hit WinKey+R, type “cmd”, then…
“netstat -b” - see what programs use the network
“tskill someprogram” - to stop those which you don’t want
example: “tskill virus” (NOT “tskill virus.exe”)