• We've upgraded our forums. Please post any issues/requests in this thread.

Spam from my sisters email

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
14,880 (3.45/day)
Likes
5,413
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Dell SK-3205
Software Windows 10 Pro
#1
Hey all.

One of my sisters emails sends out spam. It comes a spam every other day with some shopping offers with links to VERY wierd homepages. She is aware of this, and she has no idea why this is happening. Otherwise she uses her mail like usual, and everything seems to work the way is should. No passwords have been altered or anything.

Is it a virus, trojan or something? What do you think she should do?

Thanks for looking!

/Frick
 
Joined
Dec 6, 2005
Messages
9,802 (2.23/day)
Likes
3,786
Location
Manchester, NH
System Name Working on it ;)
Processor I7-4790K
Motherboard MSI Z97
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) Intel IGP (Dedicated GPU TBD)
Storage WD 320 / 500KS / 500KS / 640KS / 640LS / 640LS / 640LS / 1TBFAEX and a NAS with 2x2Tb WD Black
Display(s) 24" DELL 2405FPW
Case Rosewill Challenger
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750 (love it)
Mouse Logitech G5
Software Win 7 Pro
#2
Could be a virus but depends... what nature of account is it coming from? Is it web based email, ISP or exchange server?
 

Kreij

Senior Monkey Moderator
Staff member
Joined
Feb 6, 2007
Messages
13,817 (3.48/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
Processor Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard Asus Rampage Formula
Cooling ZeroTherm Nirvana NV120 Premium
Memory 8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card(s) 2 x Sapphire Radeon HD6970
Storage 2 x Seagate Barracuda 320GB in RAID 0
Display(s) Dell 3007WFP 30" LCD (2560 x 1600)
Case Thermaltake Armor w/ 250mm Side Fan
Audio Device(s) SupremeFX 8ch Audio
Power Supply Thermaltake Toughpower 750W Modular
Software Win8 Pro x64 / Cat 12.10
#3
If you can, post the full e-mail header from one of the spam messages. It may be spoofed and not actually coming from her.
 

js01

New Member
Joined
Jul 23, 2008
Messages
170 (0.05/day)
Likes
26
Location
Halifax, Nova Scotia
System Name My Computer
Processor i5 2500k@4.2ghz
Motherboard MSI Z77a G43
Cooling Hyper TX3
Memory Gskill 4gb Ripjaws 1.6ghz
Video Card(s) Gigabyte HD 7950
Storage 2TB
Display(s) Samsung 245bw
Case Apevia X-Plorer ATXB8KLW-BK
Audio Device(s) Integrated
Power Supply OCZ ModXStream 600w
Software 7 64
#4
I would advise her to change her password I had the same problem and as soon as I changed my password they stopped, it's actually happened to a lot of people that I know not sure how they get the passwords as I never use webmail It usually says something like "Hope you have a good mood in shopping from their company" in the end of the email.
 

cadaveca

My name is Dave
Joined
Apr 10, 2006
Messages
16,547 (3.88/day)
Likes
10,909
Location
Parkland County, Alberta
System Name Gamer
Processor Intel i7-6700K (ES)
Motherboard MSI Aegis TI
Cooling Custom Dragon Cooler
Memory 16 GB Kingston HyperX 2133 MHz C13
Video Card(s) 2x MSI GAMING GTX 980
Storage 2x Intel 600P
Display(s) Dell 3008WFP
Case MSI Aegis Ti
Mouse MSI Interceptor DS B1
Keyboard MSI DS4200 GAMING Keyboard
Software Windows 10 Home
#5
Key-loggers, or what have you.

First, go to safe machine, change password.

If this does not fix it, then the problem is likely on her personal machine still.

Also do everything else that's already listed, and verify that the header isn't spoofed.
 
Joined
Mar 8, 2009
Messages
1,077 (0.34/day)
Likes
305
System Name Primary Rig
Processor e8500 Q822A549 4.5ghz AIR
Motherboard Foxconn Mars P35
Cooling TRUE
Memory 2 x2GB Patriot Viper 1066 5-5-5-12 @ 1.8v
Video Card(s) Sapphire 5870 Unlocked
Storage 300gb Velociraptor
Display(s) Dell 24" Ultrasharp
Case Coolermaster CM690
Power Supply PC Power & Cooling 750w Quad Silencer
Software Windows 7 Ultimate x86
#6
Yeah change password in safe mode and run malwarebytes (free scan+clean).
 
Joined
Jul 19, 2007
Messages
7,043 (1.85/day)
Likes
863
Location
Sector ZZ₉ Plural Z Alpha
System Name УльтраФиолет
Processor Intel Kentsfield Q9650 @ 3.8GHz (4.2GHz highest achieved)
Motherboard ASUS P5E3 Deluxe/WiFi; X38 NSB, ICH9R SSB
Cooling Delta V3 block, XPSC res, 120x3 rad, ST 1/2" pump - 10 fans, SYSTRIN HDD cooler, Antec HDD cooler
Memory Dual channel 8GB OCZ Platinum DDR3 @ 1800MHz @ 7-7-7-20 1T
Video Card(s) Quadfire: (2) Sapphire HD5970
Storage (2) WD VelociRaptor 300GB SATA-300; WD 320GB SATA-300; WD 200GB UATA + WD 160GB UATA
Display(s) Samsung Syncmaster T240 24" (16:10)
Case Cooler Master Stacker 830
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro PCI-E x1
Power Supply Kingwin Mach1 1200W modular
Software Windows XP Home SP3; Vista Ultimate x64 SP2
Benchmark Scores 3m06: 20270 here: http://hwbot.org/user.do?userId=12313
#7
If you can, post the full e-mail header from one of the spam messages. It may be spoofed and not actually coming from her.
True - although, more than a few emails would seem a little suspicous, rather than just a generated or "logged" email address.


As well - it's quite possible the email isn't coming directly from her account. Some email providers allow one to send email, but use a different "from" address (i.e. gmail) - for example, your primary email address is someone@someplace.com, when you send a message it would appear to come from someone@noplace.com . . .

It wouldn't surprise me, either, that if your sister had registered on a site, that they could be selling off email addresses - sometimes those really shady purchasers of these email lists will use some of these addresses to "mask" where the emails are actually coming from.

Follow the suggestions tha have already been posted, first - defi change the password. Run a good A/V program, and check your rig over for any other malware. Do a good manual cleaning of internet files, too, both cookies, temp files, and any other tripe that ends up in your temp folders. Anything that doesn't want to be deleted nice and easy tends to not bode well . . . if the issue still continues, she may have to give some serious thought to closing the account and picking up a new email provider elsewhere.

It's a PITA, for all involved.
 

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
14,880 (3.45/day)
Likes
5,413
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Dell SK-3205
Software Windows 10 Pro
#8
Right, thanks ya'll, I will forward this to her and get back to you. It's from a hotmail account btw.

Thanks! :D