My email keep sending out virus

[yungman]

But there is one thing that I thought was very strange
X-Originating-IP: [246.345.21.90]
Received: from 246.0.0.1(HELO qproxy1-pub.mail.unifiedlayer.com) (EHLO mta1024.sbc.mail.ne1.yahoo.com) (246.345.21.90)

This is not a valid IP address, the 2nd octet is 345. I'm assuming you changed this. Otherwise I don't know what's going on with this.

Yes, I change to some random numbers.

Thanks for you detail explanation, I spend some time on it and try the Whois also.

So:

1) "From" is what the email claimed it's from.
2)"MessageID" is the server think where it comes from.
3) Domain name is "****.com"

If the two match, then it is good.

But if in doubt, use Whois to check whether the email address ( domain name) is legit.

thanks

 

[yungman]

The forum's web page is automatically creating a link.
Open the Start menu and type cmd in the search box. You should get something like cmd.exe. Open that and type the command:
ping cnn.com

I just got my Win 8.1 laptop, how do I get the Start menu?

Thanks

 

[yungman]

I want to sum up what I learn here and see whether this is good enough:

(A)

From: PreSonus Audio Electronics <support@presonus.zendesk.com>
The “From” field is what the email say it is from.
The “MessageID” is what the server say the email comes from.

If the two match, it is a good sign. To be safe ,use Whois to check the domain name.
http://whois.domaintools.com
http://who.is/domain-history


(B)

Return-Path: <support@presonus.zendesk.com>
Received-SPF: pass (domain of presonus.zendesk.com designates 123.124.47.3 as permitted sender)

The SPF (Sender Policy Framework) is a basic check that the mail is not spoofed.
If domain from “Return-Path” match “Received-SPF”, That is also a good indication.

 

[Borg]

I just got my Win 8.1 laptop, how do I get the Start menu?

Thanks

I don't have Windows 8 but Google returned this:
How to open the Command Prompt in Windows 8

 

[Routaran]

I want to sum up what I learn here and see whether this is good enough:

(A)

From: PreSonus Audio Electronics <support@presonus.zendesk.com>
The “From” field is what the email say it is from.
The “MessageID” is what the server say the email comes from.

If the two match, it is a good sign. To be safe ,use Whois to check the domain name.
http://whois.domaintools.com
http://who.is/domain-history


(B)

Return-Path: <support@presonus.zendesk.com>
Received-SPF: pass (domain of presonus.zendesk.com designates 123.124.47.3 as permitted sender)

The SPF (Sender Policy Framework) is a basic check that the mail is not spoofed.
If domain from “Return-Path” match “Received-SPF”, That is also a good indication.

Remember, all this does is check if the mail comes from where it claims it comes from. It doesn't mean it's safe.

If the mail doesn't come from where it claims then it's usually not safe.
But if the mail says it comes from (Return Path) infectme@DrEvilVirusFactory.com
and the SPF also says anEvilMailServer.DrEvilVirusFactory.com you still don't want to open it because it will unleash a computer virus that can, amazingly, rewrite your DNA by just looking at it.

Kinda like a bottle of milk that's open and just sitting on the counter, absolutely don't just start drinking.
And even if it's sealed, you still check to see if it's safe first.
Same principle, just because the SPF comes back okay, doesn't mean the contents are safe, you still need to check who it's actually from and if it's normal traffic or something you were expecting.

I just got my Win 8.1 laptop, how do I get the Start menu?

Thanks

https://www.yahoo.com/tech/how-to-get-the-real-start-menu-back-in-windows-8-or-8-1-82641957972.html

You should have a watered down version of the Start button in desktop mode already if you are running 8.1
If you don't then verify that you actually have 8.1 and not 8.0

MS is supposed to be releasing a newer start menu button with more bells and whistles through a patch but I don;t know the details of when. I'm still running Win7 so my information is limited.

 

[yungman]

Thanks everyone for helping. I sure learn a lot.

Where do you get all these informations, is there any books or trusted link that you can suggest? I would like to learn more about internet security.

Thanks

 

[Routaran]

I'm not sure exactly where I learned this from, just IT experience and google I think, probably mostly google what something was and read.

Like what the message-id field in an email is
Google 'messageid email' and see what turns up.

 

[yungman]

I think my computer or server is infected. I just received another email from our insurance company that we sent them a suspicious email and it's from: juangalli@fibertel.com.ar

What can I do to fix this?

Thanks

Alan

 

[Borg]

I think my computer or server is infected. I just received another email from our insurance company that we sent them a suspicious email and it's from: juangalli@fibertel.com.ar

What can I do to fix this?

Thanks

Alan

At this point, I would recommend installing a firewall and think twice before letting any program have internet access of any kind. Until you're used to it, don't give blanket access to any program. It will be annoying at first because the firewall will pop up continuously asking if it should let programs connect to the internet. When the firewall pops up, google the program to see what it is before you accept it. If the first set of hits says it's a virus, it probably is. Once you know what virus you have, you can work on getting rid of it.

You will be surprised by how many programs try to connect all the time even though most of them don't need to get to the internet to run. Usually, they're just connecting to see if they should update themselves. I've been using a free version of ZoneAlarm for years and it has served me well. It never ceases to amaze me how often programs will try multiple ways of getting internet access.

 

[yungman]

At this point, I would recommend installing a firewall and think twice before letting any program have internet access of any kind. Until you're used to it, don't give blanket access to any program. It will be annoying at first because the firewall will pop up continuously asking if it should let programs connect to the internet. When the firewall pops up, google the program to see what it is before you accept it. If the first set of hits says it's a virus, it probably is. Once you know what virus you have, you can work on getting rid of it.

You will be surprised by how many programs try to connect all the time even though most of them don't need to get to the internet to run. Usually, they're just connecting to see if they should update themselves. I've been using a free version of ZoneAlarm for years and it has served me well. It never ceases to amaze me how often programs will try multiple ways of getting internet access.

Thanks for the reply.

I have Norton 360 security suit with firewall. I was asked all the time to allow to connect to outside by any program.

I tried to install MS Security Essential but it said I have it already in Win 8!

What can I do to find the virus? I have 3 computers using this email and is a business email. So can it be in anyone of them?

This problem is not confined to just this email address, the problem in the original post is from another email account. So can I assume this is from the computer, not the server?

 

[Borg]

Thanks for the reply.

I have Norton 360 security suit with firewall. I was asked all the time to allow to connect to outside by any program.

Since you used the word 'was', can I assume that the firewalls don't ask to allow programs to connect anymore? What did you do when the firewall asked to let the programs connect? Did you tell it something like "yes" and "remember my decision"?

I tried to install MS Security Essential but it said I have it already in Win 8!

You just need one virus scanner and one firewall. Installing more than one of either will cause other problems.

What can I do to find the virus? I have 3 computers using this email and is a business email. So can it be in anyone of them?

Yes.

This problem is not confined to just this email address, the problem in the original post is from another email account. So can I assume this is from the computer, not the server?

You can't assume anything. If multiple people in your contact list are getting similar spam emails that appear to be coming from you, then it is probable. But, you can't assume that it is true. Solving these things requires careful examination of your system(s).

One question that I have is how do you access your email? Do you use a program like Outlook or are you using a web-based program like Yahoo mail?

 

[yungman]

Thanks for your answer.

1) The computers still ask me whether to let the program to change anything when I install program.

2) The computers never ask whether programs can send anything out.

3) I never use Outlook. Always use Yahoo and then go to "mail" to access all my emails.

Thanks for your help.

 

[Borg]

Thanks for your answer.

1) The computers still ask me whether to let the program to change anything when I install program.

2) The computers never ask whether programs can send anything out.

3) I never use Outlook. Always use Yahoo and then go to "mail" to access all my emails.

Thanks for your help.

#1 has nothing to do with your firewall.
#2 is what a firewall will do. It doesn't sound like you have a firewall installed or it's turned off.

 

[yungman]

#1 has nothing to do with your firewall.
#2 is what a firewall will do. It doesn't sound like you have a firewall installed or it's turned off.

It said the firewall is on! I just checked. Norton always have firewall on.

 

[Borg]

It said the firewall is on! I just checked. Norton always have firewall on.

I'm not familiar with Norton's firewall so, I did a quick Google for how to configure Norton and it looks like it tries to do everything for you. I use a ZoneAlarm firewall and it doesn't assume anything. I have to tell it what to do for every program - with the option of remembering my decision. But, I like having that kind of control over my computers.

 

[AlephZero]

It said the firewall is on! I just checked. Norton always have firewall on.

... unless the virus (if you have one) turned it off, and produced a fake message when you asked Norton.

If a "successful" virus gets on to your PC somehow, it is probably going to mess with your antivirus protection software, whatever that is. That's why you usually need to boot the PC from a known virus-free disk (for example a read-only DVD) to clean it up.

 

[Chronos]

You need to isolate the source. Each computer should have a unique IP address.

 

[Routaran]

I think my computer or server is infected. I just received another email from our insurance company that we sent them a suspicious email and it's from: juangalli@fibertel.com.ar

What can I do to fix this?

Thanks

Alan

Okay, let's assume this system is infected and sending out spam. It needs cleaning.
This is how I suggest you start, we'll start doing the easy stuff first. If that doesn't work you can decide if you want to try using the more advanced tools or just wipe your system.

First, let's blow out norton from the system. It's fantastic when your system is clean but once an infection occurs, it's your worst enemy.
Norton Removal tool - http://goo.gl/uOYmWX
Make sure you have a digital copy or a disk to reinstall it, IF you want to keep using it after.

Next download the following:
Malwarebytes (Free version) - https://www.malwarebytes.org/antimalware/
Spybot Search and Destroy (Free version) - http://www.safer-networking.org/dl/

Any one of:
Avast - http://www.avast.com/en-ca/index
AVG - http://free.avg.com/ca-en/free-antivirus-download
MS Security Essentials - http://windows.microsoft.com/en-CA/windows/security-essentials-download
Those 3 antivirus programs were popular on our PF Poll
https://www.physicsforums.com/showthread.php?t=758839

Next reboot your system to safemode with networking
http://goo.gl/zXwZEE

Once in safemode
Install and update malwarebytes, then scan the system with it. Clean whatever it finds.
Repeat with Spybot Search and Destroy. Install, Update, Immunize, Clean.
Do not scan with both at the same time, use one of them, wait till you're done, then close the program before starting the next one.

After scanning once with both in safemode, reboot your computer and come back into normal mode. Do the scans again to see if the two programs see anything. If they do, clean again and reboot to normal mode again.

Then install one of the antivirus programs you selected (Avast/AVG/MSSE)
Again, update and scan. If anything comes up, clean/quarantine it.

Finally, reset your browser settings (it's like brushing your teeth every morning, just good form)
IE - http://support.microsoft.com/kb/923737
Firefox - https://support.mozilla.org/en-US/k...vcd0BQA.0&utm_referrer=https://www.google.ca/
Chrome - https://support.google.com/chrome/answer/3296214?hl=en

You can now remove all the programs we installed and go back to using Norton if you so desire. But make sure you remove the other things we installed and reboot before installing Norton.
Norton WILL go batshitcrazy on you if it thinks you cheated on it by using another antivirus program. It's a very jealous lover, so best to keep the affair with malwarebytes/spybot/avg/etc. a secret.

Now that you are done, it's time to play the waiting game. See if you get any more alerts from other ppl saying you're still spamming.

If it doesn't work, then we'll be spending more time in safemode and working with tools like
Autoruns - http://technet.microsoft.com/en-ca/sysinternals/bb963902.aspx
Hijackthis - http://sourceforge.net/projects/hjt/
Both these tools give you a detailed look at all the programs that are in your computer's startup routine. Basically, you'll need to go through the list (sometimes very large numbering hundreds of items) and figure out if there is anything malicious that is starting up when your computer runs.
Essentially, you take the filename and it's location and find out if it's legit.
This can be a very time consuming process and often, you can come across a program/dll that google doesn't tell you very much about, you may be forced to make educated guesses and if you turn off/disable the wrong entry, you can potentially kill windows.

Using those tools does require a fairly high level of familiarity with how the windows OS works and the things it does in the background, what's required, what's optional, stuff the average user never sees.
If you're not that familiar, then I very strongly suggest simply backing up important data from the system and wiping it clean. Because if something bad happens while using those tools there's a good chance you're going to be forced to wipe it anyway so save yourself the headache.