PDA

View Full Version : Computer help please



Freedom
01-03-2012, 10:16 AM
I use Norton Antivirus; it is up to date, and a scan reveals no issues.

I got this mail message; it is quite long, I'll put it at the bottom. I think this means someone has invaded my email address book and uses it to send out spam to everyone? How do I get rid of it?!

If anyone remembers Tim / Majestic Collies, he had a similar issue. I'd get floods of junk mail from him and finally had to block his email. I hated to do it, as he works with skin issues for rough coat collies and often his treatments were helpful for bichons. He couldn't figure out how to stop the darn thing; changed his password several times and it made no difference. Anyone got ideas for me please?!!!

******

Mailer Daemon: Delivery Failure

Message from yahoo.co.jp.
Unable to deliver message to the following address(es).

<[email protected]>:
This user doesn't have a yahoo.co.jp account ([email protected]) [-5]

<[email protected]>:
Sorry your message to [email protected] cannot be delivered. This account has been disabled or discontinued [#102].

--- Original message follows.

Return-Path: <[email protected]>
X-YahooFilteredBulk: 177.17.118.178
X-Originating-IP: [177.17.118.178]
Received-SPF: none (173.193.202.92-static.reverse.softlayer.com: domain of [email protected] does not designate permitted sender hosts)
Authentication-Results: mta530.mail.kks.yahoo.co.jp from=yahoo.com; domainkeys=neutral (no sig); dkim=neutral (no sig) [email protected]
Received: from 177.17.118.178 (HELO 173.193.202.92-static.reverse.softlayer.com) (177.17.118.178)
by mta530.mail.kks.yahoo.co.jp with SMTP; Tue, 03 Jan 2012 15:36:32 +0900
X-Message-Info: %RNDUCCHAR15%RNDLCCHAR13%RNDUCCHAR13%RNDDIGIT13%RN DLCCHAR13%RNDUCCHAR13%RNDLCCHAR13%RNDUCCHAR13%RNDL CCHAR13%RNDDIGIT13%RNDUCCHAR13%RNDLCCHAR13%RNDDIGI T13+%RNDUCCHAR14%RNDLCCHAR14%RNDDIGIT13%RNDLCCHAR1 3%RNDUCCHAR16
Received: from %RNDLCCHAR312%RNDDIGIT13.yahoo.com (73.124.152.80) by %RNDLCCHAR13%RNDDIGIT13-%RNDLCCHAR13%RNDDIGIT13.yahoo.com with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 03 Jan 2012 08:29:17 +0200
Received: from %RNDLCCHAR13%RNDDIGIT13%RNDLCCHAR13%RNDDIGIT13%RND LCCHAR13%RNDDIGIT13%RNDLCCHAR13 (236.184.152.67) by %RNDLCCHAR315%RNDDIGIT13.yahoo.com
(InterMail vM.5.01.06.05 %RNDDIGIT3-%RNDDIGIT3-%RNDDIGIT3-%RNDDIGIT3-%RNDDIGIT3-%RNDDIGIT59) with SMTP
id <%RNDDIGIT916.%RNDUCCHAR25%RNDDIGIT23.%RNDLCCHAR57% RNDDIGIT13%[email protected]%RNDLCCHAR13%RNDDI GIT13%RNDLCCHAR13%RNDDIGIT13%RNDLCCHAR13%RNDDIGIT1 3%RNDLCCHAR13>
for <[email protected]>; Tue, 03 Jan 2012 05:32:17 -0100
Message-ID: <%RNDDIGIT36%RNDLCCHAR13%RNDDIGIT13%RNDLCCHAR13%RND DIGIT25$%RNDDIGIT59$%RNDLCCHAR13%RNDDIGIT13%RNDLCC HAR13%[email protected]%RNDLCCHAR13%RNDDIGIT13%RNDLCCHAR 13%RNDDIGIT13%RNDLCCHAR13%RNDDIGIT13%RNDLCCHAR13>
From: "=?ISO-2022-JP?B?GyRCJVslRiVrQmUkYiQrJDEkOiRLJSglQyVBPVBNaCRrG yhCIT8=?=" <[email protected]>
To: <[email protected]>
Subject: =?ISO-2022-JP?B?GyRCIXkiISF5MGw/TUprJGkkNyROPXckTjtSJE4kKkJwJFhLLExkIXkiISF5GyhC?=
Date: Tue, 03 Jan 2012 02:31:17 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--142341434388537"

----142341434388537
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

<<=81=99=88=EA=90l=95=E9=82=E7=82=B5=82=CC=8E=E2=82= B5=82=AA=82=E8=89=AE=82=
=CC=8F=97=82=CC=8Eq=82=AA=8BM=95=FB=82=F0=82=A8=89 =C6=82=C9=82=B2=8F=B5=91=
=D2=81=99>>

=8Aw=90=B6=82=A9=82=E7OL=82=DC=82=C510=91=E3=81`20 =91=E3=82=F0=92=86=90S=82=
=C6=82=B5=82=BD=81A
=94=DE=8E=81=82=CC=82=A2=82=C8=82=A2=8E=E2=82=B5=8 2=A2=8F=97=82=CC=8Eq=92B=
=82=AA=8FW=82=DC=82=E9=83R=83~=83=85=83j=83e=83B

=81=A2=81=A5http://melmo-smile.info/hgo/=81=A2=81=A5

1=94=D3=82=BE=82=AF=93Y=82=A2=90Q=82=E2=82=A8=98b= 82=F0=82=B5=82=C4=82=A0=82=
=B0=82=C4=8E=E2=82=B5=82=B3=82=F0=96=84=82=DF=82=C 4=82=A0=82=B0=82=DC=82=B5=
=82=E5=82=A4=81=F4

=83T=83C=83g=93=E0=82=CC=8DD=82=DD=82=CC=8F=97=82= CC=8Eq=82=F0=91I=82=D7=82=
=E9=82=CC=82=C5=89=C2=88=A4=82=A2=8Eq=82=C6=8Fo=89 =EF=82=A6=82=E9=83`=83=83=
=83=93=83X!!
=8F=97=82=CC=8Eq=82=C9=8A=E7=8Fo=82=B5=97=B9=89=F0 =8D=CF=82=DD=82=C8=82=CC=
=82=C5=91S=88=F5=8E=A9=97R=82=C9=82=B2=97=97=92=B8 =82=AF=82=DC=82=B7=81B

=81=A2=81=A5http://melmo-smile.info/hgo/=81=A2=81=A5

=97=BF=8B=E0=96=B3=97=BF=82=C6=82=C8=82=C1=82=C4=8 2=A8=82=E8=82=DC=82=B7=82=
=CC=82=C5=88=C0=90S=82=B5=82=C4=82=B2=97=98=97p=89 =BA=82=B3=82=A2=81B

=81=A618=8D=CE=96=A2=96=9E=82=CC=95=FB=82=CC=97=98 =97p=81E=93o=98^=82=F0=8C=
=C5=82=AD=8B=D6=8E~=82=B5=82=DC=82=B7=81B

----142341434388537--


*** MESSAGE TRUNCATED ***

Karen
01-03-2012, 11:23 AM
It's just spam, delete it and don't worry about it.

Freedom
01-03-2012, 11:37 AM
Really?! Great thanks!

Karen
01-03-2012, 12:34 PM
No problem, I have gotten these off and on for years.

smokey the elder
01-03-2012, 02:11 PM
It may be a good idea to change your password. Sometimes if you stay logged in your account can get corrupted.

Freedom
01-03-2012, 02:41 PM
Yup, tried that as I started getting several of these a week. Which is why I asked and wondered if someone was emailing all my pals constantly.

Karen
01-03-2012, 02:42 PM
You can tell, as the "send from" is not you, or your server. They are just spoofing your email address, so you get bounces instead of them.

Freedom
01-03-2012, 02:44 PM
Oh um, . . . right. :confused: Long as it is nothing to worry about, I'm fine! ;)

lizbud
01-03-2012, 04:53 PM
May be nothing but I have been having email problems today with one of my email accounts. My pc security refused to access one IP address b/c of
security concerns. It gave me the IP address of the problem message.

Does anyone know if an IP address can be traced by number?

Puckstop31
01-03-2012, 05:01 PM
Anyone got ideas for me please?!!!

If you are sure your PC is not infected, the most likely explanation is someone else who has your email address in their address book has a bug on their PC. Email bugs 'spoof' addresses to make them seem like they are coming from a legit sender. This bug sent a message to a invalid address and the message you shared is the 'bounce' telling you the recipient does not exist.

This said, in my professional opinion, there are better Anti-Virus tools out there than Norton. We resell a product called ESET. It is better than Norton and cheaper.

Puckstop31
01-03-2012, 05:05 PM
Does anyone know if an IP address can be traced by number?

Yes. But when a bug is the source of the message, the IP you see is usually not the actual sender. IP's can be 'spoofed' as well.

The key to catching the actual sender is being able to see the SMTP traffic with a firewall as it is coming in live. If you would share the IP, I could give you a general location of where it was issued.

Lady's Human
01-03-2012, 05:11 PM
Norton is an ineffective resource hog.

There are a few free A/V suites that are far better. I hate it when a company lives off of it's reputation for most of the last decade.......In the tech world that should be grounds for going out of business, but much like budweiser, marketing trumps performance and reason.

krazyaboutkatz
01-03-2012, 07:45 PM
I also have Norton and it's free with my comcast but it just doesn't do the job in my opinion. I had some problems a while back and Brian,Puckstop31, helped me out again. He recommended that I try Malewarebytes. I tried the free version and it found all kinds of bad things on my computer that Norton had missed. I later bought it and they also have coupon codes that you can find and use too. If you'd like to try it here's a link to the website: http://www.malwarebytes.org/. Good luck.:)

Puckstop31
01-03-2012, 08:13 PM
I also have Norton and it's free with my comcast but it just doesn't do the job in my opinion. I had some problems a while back and Brian,Puckstop31, helped me out again. He recommended that I try Malewarebytes. I tried the free version and it found all kinds of bad things on my computer that Norton had missed. I later bought it and they also have coupon codes that you can find and use too. If you'd like to try it here's a link to the website: http://www.malwarebytes.org/. Good luck.:)

I use Malwarebytes if the machine already has a bug. Because, IIRC, the free version is not an active scanner, it only scans when you ask it. Part of my job is to try and break the products we use and, so far, I have yet to break through ESET.

Plus, I am just not a big fan of freeware as the front line of defence.

Catty1
01-03-2012, 08:27 PM
Freedom, even though the IP is likely spoofed I did a check on ARIN Whois, which sent me to LACNIC.

Apparently the spam originates in Brazil, if this is to be believed.

e-mail: abuse at gvt dot com dot br

You can always send the spam message with all the headers to that address.

I start any searches with ARIN using the last IP address listed "from" (though I didn't do that with yours), and copy and paste the IP address in the upper RH corner here: https://www.arin.net/

It's fun!

Freedom
01-03-2012, 09:25 PM
It's fun!

Um . . . OK. (All Greek to me, sorry!)

Hellow
01-03-2012, 10:41 PM
If you're talking different A/V software, I use Avast! Antivirus (http://www.avast.com/free-antivirus-download) on all of my Windows computers (the two that they are - the majority are Linux and one Mac).

If we're talking email, then here's a funny tip: Almost everything about an email can be spoofed. The way that servers identify if an email is from a spoofed host or not is by taking the IP address that the email originates from and grab the reverse data for it. If the reverse data matches the email's "@whatever.com" address, then it lets it pass. If it doesn't, then it'll probably drop it, or check the domain records of the correct reverse host for the "@whatever.com" domain to see if that mail server is authorized to deliver email for the domain.

The IP address *cannot* be spoofed. That's a server-to-server thing, not something that the sender can control. The IP address is the same address of the sending email server, which isn't something that can be changed with much ease and certainly can't be spoofed by a regular user.

The example in this case:
IP Address: 177.17.118.178
Reverse data for that IP address: 177.17.118.178.static.host.gvt.net.br (by the way, that host doesn't even exist, and "gvt.net.br" sends me to a Portuguese site, so something's iffy)
From address: yahoo.com
Should Yahoo's MX reject it or at least Junk-folder it: Yes.

This is what an actual message from Yahoo should look like:
MX [Mail Server] Non-authoritative answer:
yahoo.com mail exchanger = 1 mta6.am0.yahoodns.net. IP: 66.94.236.34
yahoo.com mail exchanger = 1 mta7.am0.yahoodns.net. IP: 66.94.237.64
yahoo.com mail exchanger = 1 mta5.am0.yahoodns.net. IP: 209.191.88.254

It's really hard for me to tell because Yahoo probably has a God-like amount of email servers (and that's probably just a few) but doing a reverse lookup on an IP should show something.yahoo.com, not what you got above.

I hope this helps you.

This is the fun knowledge that I get from hosting my own email server and doing computer system and network security. It's interesting, to say the least.

pomtzu
01-04-2012, 06:43 AM
Um . . . OK. (All Greek to me, sorry!)

Ditto - I'm in the same boat with you, Sandie!

I do know that I had a lot of problems when I was using Norton, and actually paying for it. I've been using the free version of AVG for a couple of years now, and so far, no problems that I am aware of.

pomtzu
01-04-2012, 05:55 PM
I've noticed something odd these past couple of weeks in junk emails showing up in my spam file. I've been getting a lot of mail in foreign languages - French, and I think German. Anyone else getting any of these?

Freedom
01-04-2012, 05:58 PM
Nope.

But since the first of the year, I am inundated with Viagra related spam, and Married Sexy Women looking for partners spam. Thank goodness Yahoo has a spam folder, and I can just delete all of it at one go!

Karen
01-04-2012, 06:52 PM
Count yourself fortunate to only be getting bombarded with those now! I get spam in character sets -Mandarin, Korean, Punjabi - that I don't even recognize, never mind know how to read! And I get dating and "foreign" bride spam all the time, despite being a) female, and b) long-married and NOT in the market!

AvaJoy
01-13-2012, 09:58 AM
. . . I've been using the free version of AVG for a couple of years now, and so far, no problems that I am aware of.

I have been using the same, and once a week scan with free malwarebytes. I only had one problem AVG missed, but Malwarebytes found it. My computer genius friend is considering switching to AVAST this winter, once he is certain it is superior to AVG.

SWHouston
01-13-2012, 01:32 PM
Not too many of you know this, but I'm a Mod on Digital Television Forum, which assist people in installing their own TV Antenna for the reception of free Local HDTV.
HA, just in case you're interested it's at...
http://www.dtvusaforum.com/forum/
(just thought I'd take the opportunity to Spam a little :D)

Anyway, to get to the point...
The owner of DTVUSA decided to create a new Site, which assisted those who only spoke Spanish. I have limited ability in that area, and was glad to help. He had to shut it down recently.

I personally was deleting over 100 spam Posts TWICE A DAY, and I was one of three Mods which worked the Forum. I just have never seen any other instance where the Spammers were so aggressive, which included everything from Viagra to XXX. Additionally, it didn't matter that I banned the User as well, given that much of the Posting were done by a "bot", which is a Computer generated Posting. It became so intense, that he just shut it down and I really was upset about that. So many of our Latino friends need that kind of help, and well... I'm just really ticked off about it being totally out of our control to control.

Freedom
01-13-2012, 05:11 PM
The bichon forum I am on has a huge issue with spam - bots, as well. They have blocked several domains which seem to use them; with the result that some bichon folks who use that domain are not able to join us. :( They also are deleting well over 100 spam postings per day.

Karen
01-13-2012, 06:25 PM
There are things that can be done on the server end, SWhouston, he might try getting a server at a different company and having a good firewall installed. As you all probably noticed, we are moving servers this weekend.

Hellow
01-13-2012, 10:50 PM
I personally was deleting over 100 spam Posts TWICE A DAY, and I was one of three Mods which worked the Forum. I just have never seen any other instance where the Spammers were so aggressive, which included everything from Viagra to XXX. Additionally, it didn't matter that I banned the User as well, given that much of the Posting were done by a "bot", which is a Computer generated Posting. It became so intense, that he just shut it down and I really was upset about that. So many of our Latino friends need that kind of help, and well... I'm just really ticked off about it being totally out of our control to control.

There are two things you could have done that come to mind instantly:

You could have enabled moderator checking of new registered users. Most spambots aren't smart enough to use normal nicknames when they register.
You could have implemented a server or network-side blacklist of common spam hostnames and IP addresses. That would have eliminated most of the spam and cut it down so the administrators could handle the cases that get through.

SWHouston
01-14-2012, 01:41 AM
Karen, Hellow,

Thank both of you for your very informative replies.

I'll pass that information along.

Thanks again,
S.W.