fcooper
Richmond Hill, Georgia
Senior Member
Joined: 09/23/2003
View Profile
 Offline
|
Problem resolved. See 10th post below for followup info....Fred
Need help as I'm in over my head here.
DW received an email with the subject of FedEx: Agent File Form. It had an attachment as a zip file that she did not open. This link
link to info about trojan
explains the trojan. The computer will still receive email, but outgoing emails are blocked at the server with the information stating it was blocked due to SPAM-like characteristics or poor IP reputation. DW is using windows mail (vista)
Although I can find information about the trojan, I can find no info about removing it. I have run malwarebytes on the machine with no problems detected.
I am assuming that the trojan has managed to attach something that I can not see to each outgoing email that causes the spam filter on the server to reject it.
As a test, I used a different email program (ms outlook mail) to send a test message, and it was blocked the same way.
I plan to call the server support folks when they open tomorrow morning, but thought I'd see if anyone had any good ideas.
Thanks
Fred
* This post was
edited 11/30/11 10:55am by fcooper *
Fred & Vicki
Richmond Hill, Ga
2000 Holiday Rambler Endeavor/Freightliner/330 Cat
2000 Honda Odyssey toad w SMI Silent Partner braking system
Tire Sentry monitoring system
|
Eycom
32043
Senior Member
Joined: 09/12/2004
View Profile
|
Go to SuperAntiSpyware and down load the free edition. Run your scan. I use both, this and Malwarebytes. Usually one or the other will detect and remove the problem. Good luck.
RVn Full-time
|
Bruce3404
Eugene, OR
Senior Member
Joined: 08/17/2003
View Profile
Good Sam RV Club Member
Offline
|
Are you running an anti-virus program? If not, choose a good one like Norton and for around $40, you'll get a year's worth of anti-virus protection and will, in all likelihood, get the current virus removed. For a long time I went without anti-virus protection, but after a week of trying to remove a virus, I've never been without. Some ISPs (Comcast, for instance) offer anti-virus for free, so that might be an option for you. I am a bit surprised that you're having a problem since she didn't open the link. Hopefully the server support can help you but be prepared that they will consider it out of their responsibility. Let us know how this works out.
|
garym114
Bluff Dale, Texas
Senior Member
Joined: 07/24/2006
View Profile
Offline
|
What antivirus are you using??
If it is up to date do a virus scan. Have you deleted the email?
2000 Sea Breeze F53 V10 - CR-V Toad
Some RV batteries live a long and useful life, some are murdered.
Get a Digital Multimeter and Learn How to Use It
|
1492
No. Virginia
Senior Member
Joined: 04/08/2005
View Profile
|
Have you run Malwarebytes in Windows Safe Mode with Networking. Make sure to do an Update before doing a Full Scan.
As mentioned, you can also try SuperAntiSpyware as this trojan is apparently listed in their database, so should be able to detect and remove it. In any case, you want to get rid of it, the sooner the better. Apparently, it's listed as a keylogger, so capable of stealing passwords. It can also disable Zone Alarm firewall. See report from threatexpert.com.
I've received a couple of these FEDEX and UPS emails in my SPAM folder. The attachment comes in a zip file, most likely do to the fact that many AV software cannot accurately scan compressed files. None of mine was able to detect it, but once it was unzipped, the FedEXAgent.exe was easily detected by both my AV and Anti-malware software. I uploaded a copy of this Trojan a few weeks ago to VirusTotal.
* This post was
edited 11/29/11 10:20pm by 1492 *
|
|
|
garym114
Bluff Dale, Texas
Senior Member
Joined: 07/24/2006
View Profile
Offline
|
I have looked around. If the attachment was not double clicked or open in any way there have been no changes to your system. Just receiving the email should not have done anything to your system. Delete the email. Make sure malwarebytes has the latest update before you scan. Run it in the safe mode. To get to the safe mode repeatedly press F8 during bootup. Then select safe mode startup.
|
wny_pat
Western NYS
Senior Member
Joined: 08/11/2007
View Profile
Offline
|
1492 wrote:Apparently, it's listed as a keylogger, so capable of stealing passwords. If it is a keylogger, get rid of it yesterday, and start watching all your accounts that are accessible on the web. Change all your passwords after you get rid of it. I'd find someone who really knows their way around a computer if you don't. You probably have a re-director on there too.
|
Jcghill
CALI
Senior Member
Joined: 07/08/2004
View Profile
|
We picked up a virus one on of our computers and our virus detection was going nuts. While trying to remove the virus my husband was on the other computer changing all our passwords. He also called the credit lenders and had a identity theft put on our credit reports just in case. Good luck no the frustration.
|
1492
No. Virginia
Senior Member
Joined: 04/08/2005
View Profile
|
fcooper wrote:
DW received an email with the subject of FedEx: Agent File Form. It had an attachment as a zip file that she did not open.
Missed this part.
garym114 wrote:If the attachment was not double clicked or open in any way there have been no changes to your system. Just receiving the email should not have done anything to your system. Delete the email.
Correct! In order for this trojan to run, you have to unzip the file, then double-click the .exe file. If this was not done, then you have nothing to worry about. Deleting the email is sufficient.
You're outgoing email issue is being caused by something else.
|
fcooper
Richmond Hill, Georgia
Senior Member
Joined: 09/23/2003
View Profile
Offline
|
OK folks. Thanks for your helpful suggestions. Here's the scoop. Problem resolved after conferring with support folks for the email server.
The email server (operated by centurytel) has spam filters, and if it sees anything like spam it rejects the message with an error as I described above. The original FedEx spam message was in the windows mail outbox since DW was going to forward it to something like abuse@fedex as indicated in the fedex web site. When any message was attempted to be sent from windows mail, it tries to send all messages in the windows mail outbox.
Support folks for the email server had me delete the message to be forwarded to fedex and the other messages still bounced. When I deleted all messages from the outbox, then operations returned to normal.
I hope this helps someone else that may encounter this problem.
Fred
|
|
|
