I think my email has been hijacked!

Viruses and worms
1

This is the second time I have started receiving “Undeliverable mail” emails for things I never sent. The first time, I did a thorough scan with Avast, tidied up some stuff, and figured we were good. (This was about weeks ago - the full scan took quite a while!)

Today I again had a bunch of “Undeliverable mail” emails - What, exactly, is up? I had Avast set for normal sensitivity for incoming and outgoing mail, and it has never flagged a thing. I have since bumped it up to high, in hopes of catching whatever is going on.

BTW, I use Mozilla Firefox and Thunderbird, both current versions.

Thanks!

KJ

Example ensues:
This is an automatically generated Delivery Status Notification.

Unable to deliver message to the following recipients, because the message was forwarded more than the maximum allowed times. This could indicate a mail loop.

   ergio.turco@capitalia.it

Reporting-MTA: dns;reldmc02rmmolf.relay.corp
Received-From-MTA: dns;farxfe16rmmolf.farm01.corp
Arrival-Date: Sun, 4 May 2008 23:47:41 +0200

Final-Recipient: rfc822;ergio.turco@capitalia.it
Action: failed
Status: 4.4.6

Subject:
81% meds discount.
From:
“don nondet” xxxxxx@xxxxx.com (<–My address here!)
Date:
Sun, 04 May 2008 19:28:10 +0000
To:
ergio.turco@capitalia.it

Hello ergio.turco, visit the most reliable provider
http://www.google.it/pagead/iclk?sa=l&ai=vJiiKk&num=87520&adurl=http://marchedistribuzione.it/redir.html
Coupon #IaTz
iggie chandler

2

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.
3

Cool. I’ll give it a try.

I have also downloaded Comodo firewall and am installing that as well.

Thanks for the quick reply!

KJ

4

If I were you, I’ll try to get clean before installing the Comodo firewall.
Keep Windows firewall until there.

5

Good thinking! I’ll do that.

6

In response to your first post just delete the responses you didn’t send them.

It is dumb email servers sending email back to the from address most likely to have been sent by friend, colleague, etc. someone you have communicated with and their system is infected. Spam can be generated using email addresses in the infected system and not only sent to those addresses but also using those addresses in the faked from address.

I would recommend you set the avast Internet Mail to High, that way it will detect if large numbers of identical email is being sent in a period of time. That can be an early indication of your system sending spam. Obviously installing comodo should assist in blocking unauthorised outbound connections as well.