Computer virus that scanners aren't picking up?
October 10, 2008 9:38 AM   Subscribe

I'm using Outlook 2007. It keeps trying to send spam emails! When I start it says that it has 980 messages to send, and once it's done one it'll say it's sent 1 of 981 etc and so on (this happens when I have it offline and let it run for a bit). I've run a few virus scanners and they've all come back saying it's clean. What's even more annoying is that my other computer has also started doing this.

I've run AVG, ClamWin (from a live CD), Trend Micro Housecall, Malware Bytes, Adaware and Spybot. At the most a few cookies are found.
All the Microsoft updates are installed.
I'm running COMODO firewall and AVG free all the time.

All the emails start the subject with "Not Read:" but the rest of the line varies. All seem to be about viagra type products.

In both cases the default account in outlook was used, and none of the others. The emails don't show up in the outbox.

Looking a HiJackThis log doesn't show anything unusual, but if someone else wants a look I can post that too.

Thanks for your help!
posted by kg to Computers & Internet (13 answers total)
You're going to need to reinstall the OS.
posted by unixrat at 9:52 AM on October 10, 2008

I think rat forgot the /sarcasm
You should try killing your Outlook Profile and recreating it. I assume you are not using an Exchange server, correct?
Kill your profile, create a new one with a new pst file and see what happens.
posted by a3matrix at 10:19 AM on October 10, 2008

I'm going to chime in with the Nuke it from Orbit crowd - I wouldn't trust this machine again, even if it was cleaned.

That being said, it would be usefull to hear from someone who is up to date on Windows malware, I haven't had to deal with this kind of thing for a while.
posted by ghost of a past number at 10:43 AM on October 10, 2008

You might want to try to run a scan on there from the latest version of Kaspersky. There's a fair chance it'll pick it up if you enable a "high" intensity heuristic scan.

Beyond that--yes, you need to reinstall the OS to be safe. Not really any other way, unless you wanted to spend the $200 to let a third party try a virus removal.
posted by Phyltre at 10:48 AM on October 10, 2008

Your computer is part of a botnet, has likely been infected with customized tools, and is now a zombie. This means the nuclear approach is the only sensible option, IMHO, unless you really really trust your AV heuristics.
posted by aramaic at 11:04 AM on October 10, 2008

"All the emails start the subject with "Not Read:" but the rest of the line varies."

That almost sounds like some sort of forwarding gone massively awry, as if it's trying to forward your unread spam to someone. That doesn't make a lot of sense to me, but neither does an undetected virus that sends spam through your Outlook account.

Who is the spam to? Is it addresses you're familiar with, or is it 981 different accounts you've never heard of?

I'm a big free software advocate, but I think virus protection is one of the things worth paying for. I'm quite fond of Eset's NOD32, which comes with a free 30-day trial. You might give that a try?

Can you give us some background on your computer? You say Outlook 2007, but don't mention the OS, or how you're connected to the Internet. (Always-on connection? Is Outlook connected to Exchange, or is it just your personal e-mail? Are you behind a firewall with NAT? (e.g., is your IP something like 192.168.x.x or 10.x.x.x?))

I've never seen spam starting with "Not read:", and I'm not sure too many spamming viruses/worms send mail through your mail client, as much as connecting to remote mailservers directly. But most spam these days is sent via infected computers, so it's entirely possible that your computer is engaged in spam.
posted by fogster at 11:09 AM on October 10, 2008

A bit of Googling suggests that it is a tactic of spamming viruses to use Outlook, just not the ones I was familiar with. (Which is kind of a neat idea, actually, as it would send mail through your ISP's mailserver, which is more likely to get accepted than mail from random residential ISPs.)

Reformatting may be the only guaranteed way, but it'd also be silly to not at least try some other anti-virus solutions first.
posted by fogster at 11:12 AM on October 10, 2008

Spyware and antivirus scanners are mostly scams. I would reinstall the OS and google on how to create a "limited user" on XP and only run as limited user for daily tasks.
posted by damn dirty ape at 11:31 AM on October 10, 2008

I've done a bit more digging (still superficial, but I'll add it anyway) on Not Read: spam.

Obviously there are several possibilities here. My primary GMail account has, as of this moment, 34,462 messages in the spam folder. Of those, there are only a 134 that have "not read:" in them.

Therefore, before nuking from orbit (as I previously suggested), check your rules in Outlook to see if you are set up to honor "read receipts" or not. (Check the "Tracking Options" which is accessible from the "Email Options" dialog -- which is itself accessible from the Options dialog).

I suspect you are set to process receipt requests upon arrival. If you already have spam filters in place, you could be responding to the receipt requests of messages that you personally never see (at least on my machine, spam processing takes place almost last among the things that Outlook does when processing new messages).

Basically, your Outlook is telling the spammers that it has deleted their message before you could read it. YMMV.
posted by aramaic at 12:13 PM on October 10, 2008

Response by poster: thanks for the replies! Here's my responses, and apologies if I miss any:

All those who suggest reinstalling: Yup, that would guarantee getting rid of it, but I'd rather know if there some other way, so I don't have to do that if it happens again (and that it's happened to more than one computer doesn't fill me with confidence about that not happening)

I'm not using an exchange server, just a gmail account and a work account, both using IMAP to recieve and my ISPs server to send.

The email addresses it's sending to I've never heard of. The first I knew about it was when I was getting message undeliverable reports. That's also where I got the subject lines from.

I'm running Windows XP Home SP3, connected through a NAT.

Thanks again
posted by kg at 12:20 PM on October 10, 2008

Feel up to running another anti-spyware program? In my recent battles against malware, I've found SuperAntiSpyWare to be pretty effective, usually in conjunction with MalWare Bytes and SpyBot.
posted by JT at 2:41 PM on October 10, 2008

I posted it on a previous question, but here you go.
posted by deezil at 3:55 PM on October 10, 2008

Response by poster:
After that, I finally got round to reformatting. I'm still concerned it might come back (as I've no idea what caused it in the first place, but everything is going smoothly at the moment. Thanks for your help.
posted by kg at 2:02 AM on November 10, 2008

« Older Gilded Age Scandals   |   Head, knee and toes fine; shoulders not so much. Newer »
This thread is closed to new comments.