I cant stop sending viagra spam, please help me

Pereza0

So I kept getting this "delivery status notification (failure)" sent to my gmail. I opened them up and saw I had been sending viagra advertisments and similar stuff to random email accounts.

There were about 8 failure notifications on the received messages section, there were about three pages of spam messages on my sent messages section.

This was the last notification I received

Received: by 10.223.83.4 with SMTP id d4mr3487394fal.59.1298387770624;
Tue, 22 Feb 2011 07:16:10 -0800 (PST)
Return-Path: <pperezvillacastin@gmail.com>
Received: from 236.Red-83-36-230.dynamicIP.rima-tde.net (236.Red-83-36-230.dynamicIP.rima-tde.net [83.36.230.236])
by mx.google.com with ESMTPS id l3sm1900907fan.0.2011.02.22.07.16.07
(version=SSLv3 cipher=OTHER);
Tue, 22 Feb 2011 07:16:08 -0800 (PST)
Received: from ([10.118.57.84]) (HELO QBLVF)
by 236.Red-83-36-230.dynamicIP.rima-tde.net (8.13.4/8.13.4) with SMTP id n166n2Fa011471
for <asjajjhahhsda9@yahoo.com>; Tue, 22 Feb 2011 16:16:12 +0100 (CDT)
(envelope-from test@aol.com)
Message-ID: <000001cbd2a370f619f0ece62453@QBLVF>
From: test <pperezvillacastin@gmail.com>
To: "asjajjhahhsda9" <asjajjhahhsda9@yahoo.com>
Subject: any
Date: Tue, 22 Feb 2011 16:15:12 +0100
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="us-ascii";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962

hmsydiouz

I have already changed my password and security thing question, but Im afraid it might be enough.

Have you guys ever dealt with this bots? What can one do?

bowen

There's a couple possibilities here.

Someone harvested your email address and sent fake messages to yahoo with a reply to (and from) your address. When yahoo tried to deliver, it couldn't, sent it back to you as a delivery failure. (There is no way to prevent this, really, but this is rare)

Though, what it appears is you're using gmail through outlook express. What I'm suspecting is you've got some sort of worm or virus that's sending emails when you use outlook. If you used the web mail specifically, you'd probably notice these to stop. You may want to thoroughly clean your PC, as it appears to me to be infected. Those last few lines indicate that outlook was used to send the mail and not the web mail, or, whoever has compromised your email is using outlook.

Pereza0

I have never used outlook.

Is there anyway to know if someone has been accessing my mail?
Or to know if a message from my account has been sent from a different IP

Yeah, I intended to do a clean up, anyway, but it seems more urgent now

adytum

When you log in to Gmail, scroll to the bottom of the page. It will say

"Last account activity: X minutes ago on this computer. Details"

Click on Details and it will show you the last several logins. It will even alert you if there has been abnormal login activity.

Djeet

Just because it's sent with your email address in the from and reply-to fields doesn't mean that anyone's accessing your gmail account. It's a trivial matter to spoof an email address. If you changed your password and are still getting these bounces then chances are this is just a spam bot running on some poor shmucks home computer.

This (236.Red-83-36-230.dynamicIP.rima-tde.net [83.36.230.236]) is a host in an IP block owned by telefonica. Their whois info does not provide an abuse contact, but you could try hitting the other listed email addresses with a complaint of email abuse; make sure to include the email headers in your message if you choose to do this. They may or may not act upon it (I don't recall having to deal with email abuse from telefonica), but I've had good luck just complaining about it to US ISPs, though it's a bit of work if you're dealing with a lot of them.

bowen

Yeah I noticed that it was a Spanish based ISP of some sort, though, I wonder if pereza is in Spain.

Pereza0

Yup, I am from spain.

It seems to have stopped since I changed my password, so unless I suddenly start getting them again Im done for now. Thank you guys, anyway.

Im pretty sure they were accessing my account though, all the spam messages that were sent were in my outbox. (not sure Im getting it)

Pereza0

adytum wrote: »

When you log in to Gmail, scroll to the bottom of the page. It will say

"Last account activity: X minutes ago on this computer. Details"

Click on Details and it will show you the last several logins. It will even alert you if there has been abnormal login activity.

It seems an IP different from mine entered the account back on the 17th, I dont recall login in on anyone else's computer but I guess it can be explained if the IP changes every time the rooter is rebooted, because it does right?

bowen

Yeah seems like a low level spam of some sort. They probably got your password from a compromised PC somewhere, be it yours or on a WIFI hot spot or something. Then they set up an outlook account and sent emails from it. If it happens again it's probably your PC that is compromised.

bowen

Pereza0 wrote: »

adytum wrote: »

When you log in to Gmail, scroll to the bottom of the page. It will say

"Last account activity: X minutes ago on this computer. Details"

Click on Details and it will show you the last several logins. It will even alert you if there has been abnormal login activity.

It seems an IP different from mine entered the account back on the 17th, I dont recall login in on anyone else's computer but I guess it can be explained if the IP changes every time the rooter is rebooted, because it does right?

Sometimes, this is not always the case. A lot of ISPs do do DHCP, but they are statically linked to a mac-address of the router or device on the other end. Rebooting the modem often gets a new IP.

L Ron Howard

bowen wrote: »

Though, what it appears is you're using gmail through outlook express. What I'm suspecting is you've got some sort of worm or virus that's sending emails when you use outlook. If you used the web mail specifically, you'd probably notice these to stop. You may want to thoroughly clean your PC, as it appears to me to be infected. Those last few lines indicate that outlook was used to send the mail and not the web mail, or, whoever has compromised your email is using outlook.

You really should change your password on another computer. You should also really, really start some antivirus and antimalware scans on your computer right now.

Pereza0

But Im not using outlook!!

I have AVG too, it does stuff, right?

Id rather wait till I have to reformat (soon) than doing scans and stuff.

Im lazy, and its not like I use my mail for anything important yet

dzenith

Do you have messages in your sent mail folder showing that you have been sending these messages? If you do, then you should be doing scans asap as you could have a keylogger on your computer. If this is the case, your passwords for a lot of other stuff may be stolen or at risk to be stolen as well, not to mention any personal information, credit cards numbers, etc.

If there are no messages in your sent mail folder, then like has been said, your email address has been spoofed. There isn't much you can do about it except wait until they quit using your address.

Pereza0

It was on sent messages.

Thankfully, im pretty young, so there is not a lot of personal info or money related stuff coming from me out there

L Ron Howard

The issue is if you've ever signed into your bank. Whoever has compromised your computer can get access to that stuff, if they're logging your keys. It doesn't matter how old or young you are, what matters is what you've visited since you've become infected. If you've logged into your bank, it's possible that the keylogger has captured the URL you use to log into your bank, so they know which bank you use, and then your username and password. They can then do things with your bank account. They can also use the name on your account to find more information on you and steal your identity that way. It's also quite likely they have other email accounts of yours, even serious ones - unlike your gmail, that they can use to send out spam email, or do attacks on websites, among many other things.

Make sure your virus definitions are up-to-date, and then boot into Safe Mode and do a full virus scan. If that doesn't find anything, or you have more questions, ask us. Like half of us here can help you get rid of it. Though, to be honest, the only way to be sure it's gone is to reformat and reinstall.

Infidel

I knew what the issue would be but I hoped for the much more humourous problem that the title made me picture.

You'll want to clean your computer and be sure of it. You don't want to be a keylogged zombie machine, and no one else wants you to be either. It's all fun and games until your ISP blocks you for activity until you clean things up.

Pereza0

Ok guys, I am doing the scan hope something comes up.

Still, really need to clean this thing up, the amount of useless stuff I keep in here is overwhelming. Its pretty slow

Buttcleft

Theres no way of being safe even if hte scans show nothing.

The only solution is to reformat your computer, then change your passwords.

Unless you can live with "What if.."

bowen

Pereza0 wrote: »

Ok guys, I am doing the scan hope something comes up.

Still, really need to clean this thing up, the amount of useless stuff I keep in here is overwhelming. Its pretty slow

The telltale signs of a computer infection. The telltale signs of any infection, really, human or computer.