Spyware Problem

clylbw

Well-known member
454 4
Hi,

Recently I keep receiving messages in my email box which say I have sent out certain emails containing virus. Since I have never sent out those emails, I believe the username and the password of my email account have been obtained and abused by someone else, probably through some spyware.

The problem is, I do not know how they have managed to do so. I have installed several anti-spyware software. Moreover, I have changed my password and have since stopped typing in my password. However, my password is still being obtained by someone else despite all the effort.

Can you please tell me how to tackle this problem? Thank you.
 

oatman

Senior member
2,879 22
It's more likely that your name is in the address book of someone who has been infected.
Can you check with your friends?
 

Sharky

Admin
5,615 370
Clylbw, if it's any concillation, I get this thing all the time - like oatman says it's very likely to be because your name was in the address book of a user that was infected. Unfortunately there's nothing we can do to prevent it as far as I know.
 

jpwone

Well-known member
254 3
Couple of things spring to mind.

Are the emails you are receiving telling you to stop sending out viruses from people whose address you have in your address book or contacts list?

If yes then you are probably infected and the virus is simply working its way through your address book trying to infect your contacts machines. Anti-spyware and good anti-virus protection will sort this out. You need both together, not one or the other. Try ad-aware (www.lavasoft.de) for spyware protection and Avast (www.avast.com) for a good free anti-virus program.

If no then it is probable that you are not infected but someone has used your email address in the 'From' field when sending out the infected emails. To find out if this is the case you really need a copy of one of the emails that has been sent (without the virus but with the headers). Analysis of the headers will show the path the email took to get to its destination. This is not conclusive as headers can be spoofed and there are anonymous remailers which allow the forwarding of email after stripping out the old headers or putting in new but false headers. The key thing here is that someone has probably picked your email address at random to use in the 'From' field. The simplest solution if this is the case is to change your email address as if it has been used in this way it will eventually be blacklisted on mail servers and you will have difficulty sending email.

HTH
 

clylbw

Well-known member
454 4
Many thanks to all of you indeed.

Maybe I have not expressed myself clearly. I am getting receipt messages from other email accounts. According to the messages, I have sent out virus-infected emails from my account to other accounts. However, I have never done so. Thus I suspect someone else have obtained my password and used my account to send out virus-infected emails in my name.

Do you think the measures you have suggested still apply under such circumstances?

Thanks indeed.
 

oatman

Senior member
2,879 22
If your firewall is running OK it will alert you if something is trying to get in or out.
Make sure your definitions are up to date. Also have you got SpywareBlaster and SpywareGuard http://www.javacoolsoftware.com/downloads.html
Also WinPatrol http://www.winpatrol.com/winpatrol.html
These should alert you if something tries to enter or alter sensitive parts of your system.
Run Spybot and Ad-aware as well.
If you're worried, run some of the online anti spyware and AV scans as well.
Let us know........

also who is your IP and have you contacted them?
 

clylbw

Well-known member
454 4
Hi oatman,

Thanks indeed.

I have WinPatrol, Spybot and Ad-ware already, but this is still happening.

What puzzles me is, my password seems to have been leaked, but other sensitive information such as my credit card has not.

BTW, what does 'IP' refer to?
 

oatman

Senior member
2,879 22
Internet Provider or Internet Service Provider
Did you run any online scans to make sure you're OK?
Are you running the latest version of Spybot? 1.3
http://www.safer-networking.org/index.php?page=download
It's got an addition called TeaTimer which does similar to WinPatrol by running real time.
I run them all without conflict. They're a pretty powerful bunch between them ;)
 

clylbw

Well-known member
454 4
Hi oatman,

Yes I am pretty sure I am running the latest version of Spybot; TeaTimer is one of the startup programmes.

My ISP is Tiscali. Should I contact them about this? I am not sure they will care as my email account is at Yahoo!.

Thanks really.
 

clylbw

Well-known member
454 4
If possible, I would prefer to keep my current email account. But I will try a new account. Thanks for the advice. :)
 

MartinD

Active member
105 2
This sounds like it is almost certainly someone else who has been infected with a virus.

I receive the same sort of notifications that you have been getting.

Basically, someone out there who has your email address, one of your friends, contacts or business associates, or anyone you have ever had contact with via email will have your email address on their system. One of these people has caught a virus. Modern viruses will go through the hard drive looking for contact lists, inbox/outbox, text files and even internet explorer caches to find email addresses to harvest.

The virus then randomly selects one of these email adresses (yours in this case) and uses it as the fake "sender" and sends itself along with a message to every email address it harvested.

so someone out there, who has your email address has caught a virus and they are unknowingly sending emails out to any number of people in their contact lists that will appear to have come from you.

Naturally, some of the recipients virus filters will pick up these emails and return them due to the virus infection, unfortunately, because the virus hides itself by appearing to have come from you (who doesnt have a virus, and never actually sent the original email) while the original sender who DOES have the virus will not get to know he has one. Thats why the virus does the fake header, to prolong its own life.

So, if you have checked and you dont have a virus, I wouldnt worry about it. Someone else has the virus and is sending emails from their system that look like they came from you, theres nothing you can do about it.

Changing your email wont help either, because you have to let your contacts know your new email address, and its one of them who has the virus.
 
Last edited:

clylbw

Well-known member
454 4
Hi Martin,

Thank you really.

So, if I am sure I have done all I can by using anti-spyware and not typing in password, can I assume that my password has not been leaked?

What really concerns me is the safety of my account, and that somebody is always able to obtain my password no matter what measures I undertake. I will be very relieved if that is not the case.
 
 
AdBlock Detected

We get it, advertisements are annoying!

But it's thanks to our sponsors that access to Trade2Win remains free for all. By viewing our ads you help us pay our bills, so please support the site and disable your AdBlocker.

I've Disabled AdBlock