Hijacked computer?

[hawkster27]

I suspect my computer may have been hijacked for use as a "ghost server," since I am getting notices of undeliverable email to addresses like eowjdjq@whatever.com. Emails that I never sent, of course. I use Ad-aware to periodically purge lurking advertising programs, but what should I use to determine if my computer is unwittlingly being used as someone's remote server?

 

[etom]

A good virus detection software and a personal firewall would go along way to cleaning up your problem. I would suspect you have received an e-mail virus and need to run a virus scan on you machine. If you already have virus software, maybe you need an updated signiture file from your vendor. Check their web site.

 

[hawkster27]

I run Norton AV in the background at all times, including incoming email scans, and just recently learned how to setup the firewalls. Also, I've just downloaded Spybot and am going to give that a try.

 

[kmcferrin]

It's also perfectly possible that someone is spoofing your email address as the reply-to line on a batch of spam email. It's actually quite easy to do if you can find an open relay to send the messages through. Spammers frequently will pull an email address from their mailing list and use it as the return address so that they don't get bombarded with delivery failure DSNs at their "legitimate" email address.

I've seen this several times at various companies. But it's certainly a good idea to run a virus scan just to be sure, as there are a number of virii and trojans that really can hijack your system for spamming.

 

[milomorai]

definitely get a firewall because that will prevent just this from happening. also you can have your pc scanned for viruses at symantec.com and housecalls.com for free

 

[Turkbear]

Hi,
There is a variant virus ( W32/Swen@MM) out there that 'spoofs' the type of message you are receiving..It does not mean that you have actually tried to send mail to that address..
IF A SCAN REVEALS NO VIRUS ON YOUR PC and you can run , for instance,regedit,which this virus disables, then it is probably coming from someone's infected computer - who is probably not even aware of it.
Here is some info from McAfee:

The virus contains its own SMTP engine to construct outgoing messages.

Various outgoing messages are created. Some make use of an IE exploit  to ensure the worm attachment is run upon viewing the email. See Microsoft Security Bulletin (MS01-020) . One such message bears the following characteristics:

Subject : Returned Response
From : Email Delivery Service (kmailengine@yahoo.com)
Body : Undeliverable mail to (email address )


Multiple subject lines and attachment names are constructed from pools of strings within the worm to be used in outgoing messages. Target, Source and Reply email addresses are extracted from files on the victim machine.  The collected addresses are used to construct both sender and recipient addresses.