I am receiving spam from my own mail adress!

Hello,
I noticed today a spam mail that as a sender appeared to be my own mail adress!
I called my ISP and they tell me it’s trojan but I have scanned with avast and other programs for virus removal like spybots and windows defender and they find nothing.
I detected a virus last month with avast and removed it( I think it was a trojan) but I keep getting these mails.
Could it be a virus that none of these 3 detect?
Anybody can help me with this?

  1. This is a common tactic, by using names from someone’s computer that is infected they send out spam to everyone in the address book they also use the same email address as the sender. This gets past many spam filters as you generally aren’t going to filter out email from your self. Expect to see many more, I even have a spam filter to mark for deletion for email that I supposedly send to myself and it catches lots of spam.

  2. Your ISP is clueless, if they cared to look deeper they could have asked you for the header information of the email and that would have shown for sure that the sending IP address wasn’t their smtp server and by association not sent by you. Perhaps not clueless but lazy if they didn’t ask for the information I mentioned, it is quicker to say it is a trojan.

If however, they asked for that information and confirmed that you actually did send it then you could well have an undetected or hidden trojan, please confirm, did they ask for the information and check it out before saying it was a trojan ?

Do you have a firewall, if so what is it ?

I will wait for these answers before expanding on how to find and deal with a possible undetected/hidden trojan.

I would suggest that you set the Internet Mail providers sensitivity to High as this could recognise that you are sending lots of identical email (spam).

Hi Tone1,

Are you part of a bot net. Check here: http://www.secureworks.com/research/threats/topbotnets/
You could use this free program to check whether you are in one, Trend Micro RUBotted:
http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
TM RUBotted 1.0 is a rule-based bot detection system. It has a lightweight agent that requires no pattern updates and checks for BOTNet traffic on your computer. Upon detecting any BOTNet behavior, RUBotted instructs you to clean up the problem using Trend Micro™ HouseCall.

The tool tests whether your computer is part of a larger network of computers (botnet) to forward spam. The product works like clockwork, and did not find anything on my PC anyway,

polonus

Hello and thank you for your reply.
Let me answer to your questions.
The only thing they asked me was to type cmd in run ,and in that netstat (I think there was some more)
and there when I told them I see : under foreign adress with nothing under the state they told me again it could be a virus cause that thing appears more than 5 times , but that guy was not sure about that as another one there.
Still I can’t really understand how it could be a virus when I don’t open any spam that I get and also I’ve set that account to delete immediatelly mails with attachments.
As for the firewall , I use the windows firewall, I never had a problem with that.
Also I’d like you to tell me how I adjust the internet provider’s sensitivity as I’m really sure how to do that.

Thank you

Thanks Polonus

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Based on their questions, I would have to stand by my first comment about your ISP support. I believe the email you received is related to my comments in the first paragraph.

The windows firewall is like a fire door that will only protect you from fire from one side, so you have to hope the fire will start on that side of the door.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • There are many freeware firewalls such as, Comodo, PCTools Firewall Plus, Jetico, etc. - Zone Alarm free works fine with avast and has a reasonably friendly user interface, however, the free version is becoming bloated with trial ware and is also crippled as far as outbound protection goes In the Program Control, configuration area, the slider will only goes as far as Medium protection, if you want more you have to buy the Pro version.

See A Forum discussion on free firewalls http://forum.avast.com/index.php?topic=30808.0
See http://www.matousec.com/projects/firewall-challenge/results.php.

Double click the avast ’ a ’ icon, from the pop-up on-access scanner window, if you see a button called Details… click it. You will now see down the left side the different providers, select the Internet Mail and you see the slider move it to High (the middle) and click OK, job done.

If you haven’t already got this software (freeware) it is worth a further check as confirmation, download, install, update and run it, preferably in safe mode (and report the findings).

  1. If using winXP or Vista SUPERantispyware On-Demand only in free version.

DavidR ,
thank you for your detailed reply.
I was reading again your first post before and I believe it’s exactly what you said in the first paragraph.
I don’t know if it’s of any importance but I forgot to mention that I found that spam mail in my spam folder and not in my inbox.
As for my ISP support , today I realised I may actually have to change them, cause what they offered is far away from support the way I perceive it.
About the firewall, actually in the past I had tried quite some firewalls like comodo and others but all they gave me was problems, so I feel cool with windows firewall.
Also I had the internet provider sensitivity and everything else in high from the beginning so I misunderstood that before.
I use avast for 3 years or more and I never had a problem in fact I’ve recommended it to many people, also I believe having spybots, windows defender and spywareblaster makes a very good combination of protection software, and add the fact to that , that I am very careful surfing online and also that I never open any suspicious mails, I think I shouldn’t worry .
I think I’ll give superanthispyware a try although I have the feeling that it won’t find anything, I forgot to mention I already have scanned with avast , spybots and the defender and found nothing.

Thanks again,

Tone1

Thank you for your suggestions Tech.

One more question, does cleaning my temporary files from
C:\Documents and Settings\Local Settings\Temp
can affect any program? I see files from avast and other programs there.

I don’t think so; this is what Ccleaner does, so you might not end up messing your PC whenever you get rid of temporary files…

Your welcome. The fact that it is in your spam email folder pretty much confirms that its spam but not the originators location. That is why I had hoped that your ISP would have asked for more info about the email.

Unfortunately, you will find many are not much different as some of the support staff are simply working from on-screen scripts, they enter the problem, up pops the default list of questions for the user, to more or less say it isn’t the ISPs problem.

Lets assume that this was a trojan spambot on your system, a) it could be able to go on-line and download more malware and I’m not joking when I said that about loss of personal, confidential, passwords, etc. There are almost as many trojan downloaders as any other type of malware to download more malware if one of those is on your system undetected it can have unrestricted access to the internet because the XP firewall doesn’t check outbound connections. Your system your choice.

The only two providers I have on High are, Internet Mail and the Web Shield, the rest are on Normal, some providers although the slider is there there is no effect by moving it to high as it only has one sensitivity (running) like the Network Shield.

Spybot S&D has a limited resident functionality otherwise it is on-demand, no point in the immunisation if you already have SpywareBlaster as that will take care of that.

SAS is head and shoulders above windows defender and S&D in the detection and dealing with what it detects, although it provides no on-access protection with the free version.

Cleaning with CCleaner if you check the option not to delete anything less than 48 hours old then it shouldn’t impact on running programs that are using files in the temp locations. That is in the advanced section and should be enabled by default.

I just finished scanning with superantispyware and I am happy to say I found no infected files.
Actually after a first complete scan at the system drive with 0 detected threats , I did another one at all the drives even scanning files larger than 4mb, and using other options as well , like scan non exe files to ensure that my computer is clean and everything is checked , 0 threats detected again.
So problem solved, or better said my worries gone.
The only thing that bugs me is the time and energy I wasted on this and also the irresponsibilty of my ISP’s support who could have helped me a little or a lot more than just let me wondering what was that thing.
I would like to thank DavidR and everybody else who replied to my post for their help.

Tone1

No problem, glad I could help.

The time I would say wasn’t wasted, as you probably learned a great deal in the process and discovered a good anti-spyware to back-up avast.

I guess you are right on that. I was talking more about how tired this whole situation made me feel.
But you are right, I learned quite some, and knowledge is power.