I installed NIS 2010 yesterday and did a full scan - it found 1 trojan and removed it. Computer worked fine all afternoon. Now, this morning I switched it on and I keep getting Norton email error popups with various messages (error 550, spam rejection, etc) and details of the emails being sent. It looks like my computer is being used as a spam bot - however, Norton has not picked anything up, apart from blocking the outgoing emails. This happens even if Outlook is closed, so can only assume the trojan or whatever is using its own SMTP.
I've looked in Processes, but can't see anything out of place, and when the popups appear (instantly after closing a previous one), there is no indication of any process doing anything, apart from Norton's ccSvcHst.exe running about about 2% for a few seconds.
I've put Norton into Silent Mode to stop all the popups, but am at a loss as what to do next, as Norton doesn't seem to be able to find what it is.
I installed NIS 2010 yesterday and did a full scan - it found 1 trojan and removed it. Computer worked fine all afternoon. Now, this morning I switched it on and I keep getting Norton email error popups with various messages (error 550, spam rejection, etc) and details of the emails being sent. It looks like my computer is being used as a spam bot - however, Norton has not picked anything up, apart from blocking the outgoing emails. This happens even if Outlook is closed, so can only assume the trojan or whatever is using its own SMTP.
I've looked in Processes, but can't see anything out of place, and when the popups appear (instantly after closing a previous one), there is no indication of any process doing anything, apart from Norton's ccSvcHst.exe running about about 2% for a few seconds.
I've put Norton into Silent Mode to stop all the popups, but am at a loss as what to do next, as Norton doesn't seem to be able to find what it is.
Will post a screenshot - don't have access to that computer at the moment, but will post the screenshot as soon as I get access - client is away at the moment...
Haven’t been able to get to client so far this week (snowed in), so no screenshot so far. But the message is exactly the same as edmrx7 (message 6 & 7), inside Norton Error Message box…
Message Edited by redsquirrel on 01-09-2010 01:01 PM
First thing I would do is change the password for your email account. Do you use the spam filter from your ISP's web email.?
redsquirrel
You mentioned you just installed NIS 2010. Was there a previous security program installed on that computer? Or is there another security program installed now on that computer? If there was a previous security program, how was it uninstalled and what was the previous security program?
If there are emails being sent out they are being sent from a trojan's built-in SMTP...but what I don't get is that there is no process running that I don't recognise - Outlook is closed, and there is no process that is showing any obvious activity.
And to answer your question, yes I do use the spam filter on my ISP's webmail, but very rarely use the webmail.
Avast was previously installed on this computer, but that obviously didn't work too well asthe computer was infected with 4 trojans. So I uninstalled that (the proper way, after all I am an IT Professional and make a living out of removing viruses, etc) and installed Norton. But since that was installed I have been receiving these popups mentioned, but Norton has not found any trojans or viruses, nor has MalwareBytes, so I am at a loss as what is causing these popups...what else can I look for?
The 550 errors are being returned by your ISP. Norton is not actually blocking anything, nor is it generating the alerts. Because of the way email scanning works Norton sits between your email client and your ISP. When your ISP notifies you of an undeliverable message that notification will be displayed by Norton rather than your email program. So these messages do appear to come from Norton, but in truth, they do not.
What is probably happening is that your email address is being spoofed by spammers so that when a message is undeliverable it gets bounced back to your email address, akin to writing someone else's return address on a letter you are sending. If this is the case the good news is that your PC is not infected. The bad news is that there is little you can do about this other than wait until the spammers move on. Some ISPs provide a way to filter your mail at their servers which you should be able to do through your webmail account. You might specify that anything mentioning Viagra, for example, be deleted immediately.
Most webemail programs have a spam filter also. These filters usually have rules you can use. They have also a list where you can put blocked senders or blocked domains. The problem with my ISP is that I think they limit you as to how many addresses you can put in that blocked list. Of course some spam willl still get into your email program, but there will be a lot less.
No, I wish it was that simple...as mentioned before, these messages are coming up when NOTHING is open...no email program, nothing...so they are not coming from my ISP. The messages are always different as well, so not always 550, but they are all spam related error-messages. The only way I can stop them popping up is to put Norton into silent mode.
Norton is definitely generating the alerts...but as no email program is open at the time, it looks like a trojan has got in and is using it's own SMTP to send the emails out, but Norton can't find any evidence of this...
I will have access to my client's computer this morning, so will do a few screenshots and post them up.
Hi Guys, I'm am experiencing the exact same problem. To confirm that its not outlook. In my case i dont even use it. I only use a webmail account in yahoo. Please help ! These messages are continously popping up I've tried clicking ok for about 30 mins but they continue to pop-up. Also viagra related messages.
Hi guys, read all the things wiritten in this toppic. I have the same problem, I am using a different antivirus. It seems that there is a virus that sends emails to a list e-mail from some database…when I discovered, there had been sent over 4000 e-mails to unknown addreses…the sender was randomname@mydomain … …it looks like it creates an account and then sends e-mail to a list from a hidden database… Please help us find a solution for this issue. The e-mails are sent when no e-mail program is opened…just with an internet connection active… thank you