Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Spam relay send from Outlook 2013

    Good Day All,

    I have been having this office 2013 outlook problem for past 4 days. We are using Godaddy as email host and outlook been spamming the send relays to the maximum which is 250. Godaddy said it's my computer while Our IT guy said it's hijacked and Godaddy needs to do something while we scanned for Malware and Antivirus with all well known mentioned softwares and nothing pops up but when we uninstall and reinstall, the spam sending starts again. Please advise how to rid of the malware without reformatting Windows 7 pro.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,592
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    A true spam relay is usually a misconfigured email server issue. Based on your description if it is your PC, then you almost certainly have some infection. Did the scans include rootkit scans?

    Can you be more specific about what you mean by "outlook been spamming the send relays"? Do you mean Outlook is sending messages you did not compose? Is Outlook automatically replying to messages? Have you checked Task Manager to see what programs and processes are running when this happens?

    Joe

  3. #3
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by JoeP517 View Post
    A true spam relay is usually a misconfigured email server issue. Based on your description if it is your PC, then you almost certainly have some infection. Did the scans include rootkit scans?

    Can you be more specific about what you mean by "outlook been spamming the send relays"? Do you mean Outlook is sending messages you did not compose? Is Outlook automatically replying to messages? Have you checked Task Manager to see what programs and processes are running when this happens?

    Joe
    Outlook is sending messages that I did not compose. When i reinstalled and opened Outlook, it starts sending messages which I can see from the bar: Sending message 1 of 527 it might be automatically replying to messages. If so, how do I stop it?
    Checked Task Manager the same programs are running as usual, no unusual programs.
    Thanks for your prompt reply.

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    I moved this to Security & Scams.

    A MalwareBytes scan should be the a good starting point, exit OutLook completely, update MBAM and run a Threat scan, select all items found and quarantine them.

    Upload the log (zipped) when you've finished, we'll check it over before suggesting the next steps to ensure the computer is clean.

    Get the Free version of MBAM here, don't select the Trial version during install, the Free version will be fine for the time being: https://www.malwarebytes.org/

  5. #5
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the reply.
    How do I upload the zipped log?

  6. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts

  7. #7
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    <record last_modified_tag="fc2ea0fd-b417-43dc-b75e-dac1e707cc37" systemname="WKB1W764" username="SYSTEM" type="Scan" source="Manual" datetime="2015-06-26T09:48:27.142760-07:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="629" starttime="2015-06-26T09:37:57-07:00" scantype="threat"/>
    So nothing found, can you check in the Options that Rootkit scanning is enabled (Settings > Detection and Protection tab), if it isn't, please enable it and re-run the scan.

  9. #9
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes, Rootkit scanning was selected. I also scanned it with Malwarebytes Rootkit scanner.

  10. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Sounds like you need specialist help.

    Let's take a look at what Autoruns shows first. The following method runs a number of checks and lists only the unsigned Windows entries plus all non-Windows entries and allows direct checking of any Virustotal 'positives'.

    Run Autoruns as Administrator, once it starts, hit Esc to stop the scanning, from the File > Options menu, select only the following:
    Hide Empty Locations
    Hide Windows Entries
    From the File > Options > Scan Options menu:
    Verify Code Signature
    Check VirusTotal.com
    Submit Unknown Images.

    Click the Refresh icon or press F5 for the scan to restart and any uploading to VirusTotal to begin. Allow time for any VirusTotal results to be returned, check the VirusTotal column, right side of the main panel, for progress, each entry should contain a x/xx (eg. 0/57, number of positives/number of scanners used).

    Once data checks are complete, File > Save As > Autoruns.ARN (the default file type), zip that saved file (Send to > Compressed folder from the mouse right-click menu) and then the Autoruns.zip can be uploaded and attached to a reply for checking.

  11. #11
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    See attached. WKB1W.zip

  12. #12
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    No, I'm not seeing anything suspicious there either.

    I can't rule out some corruption/misconfiguration.

  13. #13
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So how do I stop all the send emails? In my send folder, it's 0 messages to send.12.png See attached image.

  14. #14
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    Disconnect from the internet and open Outlook.
    Look in the outbox for mail waiting to be delivered.

    cheers, Paul

  15. #15
    New Lounger
    Join Date
    Jun 2015
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    See attached. 10.png11.png

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •