Help! I’ve been compromised. Amnet just called. The guy asked if I use Outlook for email. I do… how did he know? Then he said the Saratica account was sending out 10,000 spam emails via Outlook. This has been going on since yesterday.
So… whaddya do about that? Wolfie? Anyone?
I closed Outlook, I’m doing an AVG scan. The Amnet guy told me to get WireShark so I did and installed it. Sadly, I have no clue what to do with it.
Do I have to give up Saratica? Would I survive that? Do I have a keylogger on my computer? How would you find out if you did? How does a hacker get your email account to send out 1,000s of emails??? And will I get one of them?
I just checked my email account online at gmail and there’s 756 spam messages. I swear I just checked that yesterday or the day before and emptied it. I’m lost. I need to go around changing all my passwords but I’m afraid someone is e-following me and will get them and my last $2.
So… what do I do now? I’m sitting, staring at my computer, watching the AVG spyglass go round and round. Surely there more I can do.
UPDATE: No viruses found. The Amnet guy called back. Apparently someone set up a virtual email account on my computer or on one of our computers using the Saratica account… so it doesn’t go thru Outlook or gmail on line. It just resides on a computer in the house and sends out boatloads of emails. If my virus software doesn’t find it… how do I find it? Just throw away this computer? Ack.
Must be some kinda money being made with spam.
Hey Sally, I guess that’s why the techno-geeks all tell us that we need to back-up everything every so often. Or should buy a ‘way-back’ program.
With the first option you can wipe your memory and reinstall everything from what you saved, files, applications, etc.
With the second option you can tell the program to set your computer back to the way it was on some previous date before you started having the problem.
Either that or I have no idea what I’m talking about. (I won’t say which!)
Or you could buy a Mac!! [protects head with arms]
Ahhh, that’s “Restore Point.” I know how to do that!!! You are a genius. The boys’ computer had a couple of trojans on it… don’t know if that was it, we’ll know tomorrow if it’s still sending.
what a freaking idiot this amnet guy (Sorry but cant think of a more accurate way to put it)
yeah you can put in wireshark (a packet analyzer) and then exactly WHAT does the average user do?
how are they going to be able to interpret the output into something useful? what a dork
honestly the only way to deal with a computer that has been compromised is …..total wipeout, you may be able to get away with a mere restore point if you can pinpoint exactly what change was that created the mess, otherwise is restore…..and then pray that you went back enough
now for the tips part, you could do something like this
a) open a dos prompt
b) type something like netstat -ao
that will show a bunch of crap
we are interested here in the stuff that says :25 under the foreign address (Each line is a connection or potential connection, if your computer is sending email there will be outgoing connections to other computers…..showing as xxx.yyy.zzz.www:25 )
now for the interesting part , the line will show the PID (process id)
THEN with the PID you go to task manager , view/select columns, add the PID click ok
THEN you will be able to see exactly what the process is that is sending the email and terminate it
a process like this is probably set to autostart, then go to start/run put msconfig , click enter go to startup tab and try to locate it and uncheck it
restart the computer and pray
(See, its not that easy if its not picked up by antivirus or spybot) 🙁
Sorry to hear about the virus. Maybe you could use Task Manager to see which processes are active – it might even say which processes have network connections open.
Uvita, Costa Rica
First of all, please don’t send me any emails. Unfortunately when your email address is out in the public domain, people will often use your address as the “sender” when they send out spam advertisements that have no link back to them, only a link to an order form for items like Cialis, vacuum pumps and hair loss meds. About every 3 months or so I turn on my email to discover that someone used our domain to run a spamvertisement, using a fictitious person like email@example.com as the sender. Cisco said yesterday that 90% of all emails in the world are spam. I suggest you set up an auto responder rule, if the email is not to you as the recipient, to reply with some get rich quick advertisement that you and Hal may stand to benefit from. Perhaps you can set up a ponzi scheme or run a poker site out of your house :’)
Thanks, Wolfie. I think I can actually do that – I’m going to give it a try. After my virus run and eliminating the zillion cookies, I went into the control panel and unchecked everything that was an exception to the firewall. My computer runs so much better now! The boys had a couple of trojans on their computer and got rid of those. I haven’t heard from Amnet today so guess it’s not still sending…Yeah, what did he think telling me to get wireshark??? All gringos are rich AND techno geeks? He hasn’t met my mom.
Hi Peter, I opened the task manager and looked at the processes. OMG. There really are zillions of things going on – how do you know what’s what? I guess I could probably do what I did in the firewall exceptions: just turn off everything and see what happens. OK, not that brave.
Steve, are you trying to get me in trouble? I thought only the US gov could run a Ponzi scheme. We can, too? Good news! I promise I won’t send you any emails. At least until I have something really good to sell to you!!
The first question is: are you using a router with wireless capability? If so, is wireless access disabled or secured?
If the answers are yes to the first question and no or I don’t know to the second, it’s quite possible that someone else is “borrowing” your Internet connection. Turn off wireless access if you’re not actually using it, and secure it if you are.
If you don’t know how to secure it, find someone familiar with your router to guide you. If it’s the nearly ubiquitous Linksys WRT54G, here are instructions for securing it. (While those instructions are good, there are still a couple obscure ways for things to go wrong; I recommend having a “geek on call” just in case you find yourself unable to access the Internet. This is especially important if you either have no wired connection — all your computers use wireless — or if you can’t get in with the default password and are contemplating resetting the router: if you can’t get in, someone has already set it up in some way other than the default, and you shouldn’t reset it without knowing what they did, and why.)
I recently cleaned a spyware program off of someone’s computer and it’s my least favorite computer job. You’re right about that process stuff–I’ve been a computer tech support guy since around 1984 and *I* couldn’t tell you (without a fair bit of research) what *all* those different processes are that are running on your PC. Plus the smarter viruses & such disguise themselves well.
I booted into “Safe mode + networking” and then used a couple of free online antivirus scanning tools. Had to use two because the first one (Kaspersky) reported no problems, even though the computer was obviously infected with something. Then I used Norton’s (http://security.symantec.com). They told me what was infected and I moved it to a separate folder to isolate it and make it dormant (and, in case I screwed up, I could move it back). That seemed to do the trick. Oh, and the first thing I did (which I read in a list of recommendations) was to temporarily turn off System Restore, in case the problem had already gotten itself backed up, and to prevent it from coming back. (Of course now I’m wondering if I remembered to turn it back on afterwards!)
I recommended to my customer that if it looked like it was really OK, that he back up his important files and write down his settings, and then reformat the hard disk and start over, installing a good antivirus program as one of the first steps.
And I’m trying to figure out a sly way to slip the word “whisker” into this post, but can’t think of a way to do it….
P.S. I (again) took an incomplete in my self-paced Spanish class, so (again) I’ve got a second semester to finish less-than-a-semester’s work.
P.P.S. Another way to solve 99% of your virus & creepware problems is to get a Mac (posted from my beautiful new 24″ iMac). But I like Windows computers too–I’m no bigote.
P.P.P.S. OK, I *did* figure out a sly way to slip the word “whisker” in here. Sort of.
Coises, we used to have the wireless secured (all wireless here) and I think we took that off. I will put it back on – I’ve done it several times before so fairly familiar even though I have to read the instructions every time. I will check that.
Chuck, nice job with whisker. You know, we used to be mac-ophiles but when I started selling real estate, the MLS software only worked on Windows… we cried when giving up our macs. But now we are heavily invested in Windows. In a perfect world, everyone would only use macs! So: what’s the best anti-virus? I have avg.
Happy New Year! Next time you get a computer, consider going back to Mac but this time add Windows to it as well (the new ones can run Windows, but you do have to buy a copy & install it). Then use the generally safer Mac side for ordinary stuff like Internet use & word processing, and use Windows when you have some program that won’t run on a Mac. For a bit of extra money you can buy a program called VMWare Fusion and run Windows simultaneously (in a window!) with your Mac stuff. Otherwise, Apple provides for free something called Boot Camp, but you have to reboot to switch to the “other computer.”
I’m using avast for antivirus in Windows and it seems to work well (never had a virus–that I know of–since using it). There are at least 3 free-for-home-use antivirus programs out there that all have decent reputations, and all start with “a”: avast, Avira, and AVG. I also really like to use Mozilla FireFox combined with AdBlock Plus and CS Lite (a cookie manager).
Did you ever track down your virus?
Hola Chuck, I did not ever track the virus… once it stopped bugging Amnet, it stopped bugging me. But it’s on my to-do list. Next computer could be a Mac – that would be lovely. I have an old ibook here but it hardly works. That would be fun though, get used to it again. We’ll see… it’s my first cup of coffee. Everything is possible!