birding-aus

2. Spam from Cocos (Carl Clifford)

To: "'Belinda Cassidy'" <>, <>
Subject: 2. Spam from Cocos (Carl Clifford)
From: "Paul G Dodd" <>
Date: Fri, 18 Mar 2011 21:10:43 +1100
Hey Belinda,

 

I would be almost completely certain that the Spam is  NOT responsible for
the infection on your computer, and will cause no harm to anyone that has
inadvertently clicked on the link. I have a secure environment where I can
test for viruses and so forth, and on using this environment to test "your"
spam, I can find nothing malicious. So don't beat yourself up about this.

 

Now, the two infections that you mentioned also are not responsible for the
spam. The first one, "Rogue Antivirus 2010" is a somewhat clumsy attempt to
get you to purchase a supposed anti-malware product by falsely indicating
that your computer is infected. The other one, "Pum.Bad.Proxy" is a browser
hijacking program that will divert web searches and other links to another
web site. This method is used for both displaying web-based spam and also
for malicious purposes - so called "drive-by attacks" on your computer,
where simply visiting a malicious web site can cause damage.

 

However, as I said, neither of these is responsible for the spam - rather,
you have a "spambot" installed on your computer. This malicious software
operates in a couple of ways - firstly it will email spam to your address
book (as it has done already). Secondly, it may be "remote controlled" from
a distant server, where it will make use of your ISP's mail program to send
spam to a list that the distant server feeds to your computer.

 

Reformatting your computer is one approach. Another approach is to get some
decent anti-malware software that will remove the infections. I've never
been a fan of Norton, but it may do the job. My personal favourite is AVG,
however the one recommended for removal of the two infections you mentioned
is Malwarebytes: http://www.malwarebytes.org/

 

It is also possible that you have a root kit installed - this is a
particularly nasty piece of software that will keep on coming back,
regardless of what you try. This requires a special root kit removal program
- however, Malwarebytes should be able to identify and tell you that.

 

Good luck!



Paul Dodd

Docklands, Victoria

 

 

From: 
 On Behalf Of Belinda
Cassidy
Sent: Friday, 18 March 2011 5:55 PM
To: 
Subject: 2. Spam from Cocos (Carl Clifford)

 

Hi everyone,

This spam situation is making me very uncomfortable. Please don't click on
any of the links in the emails, as they may contain a virus called  `Rogue
Antivrus 2010' and a trojan called `Pum Bad Proxy'. In my case, they have
provided mechanisms for someone to hijack my PC and use it as a host for
someone's spamming activities, so they can remain anonymous . Also, anti
malware software seems incapable at this point of deleting it, as it
reinstalls when my computer reboots as a system service (though which one it
is exactly is unclear) Its awful, especially the way people who trust me are
clicking these links , thinking  I sent them something important. My Dad has
his computer hard drive corrupted anda virus installed,  and my own computer
is very messed up with one corrupted hard drive as well.

Anyway I'm really sorry and horribly embarrassed about it. I will have to
format my hard drive and reinstall windows to get rid of this.

Cheers,
Belinda
===============================

To unsubscribe from this mailing list,
send the message:
unsubscribe
(in the body of the message, with no Subject line)
to: 

http://birding-aus.org
===============================

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1498/3513 - Release Date: 03/17/11

===============================

To unsubscribe from this mailing list,
send the message:
unsubscribe
(in the body of the message, with no Subject line)
to: 

http://birding-aus.org
===============================

<Prev in Thread] Current Thread [Next in Thread>
Admin

The University of NSW School of Computer and Engineering takes no responsibility for the contents of this archive. It is purely a compilation of material sent by many people to the birding-aus mailing list. It has not been checked for accuracy nor its content verified in any way. If you wish to get material removed from the archive or have other queries about the archive e-mail Andrew Taylor at this address: andrewt@cse.unsw.EDU.AU