Hijacked Outlook Out mail box.

[Guest]

Help! A virus must have hijacked my email address. When I send a message,
some unknown spam messages using my email address will attempt to be sent to
some made up real or fictitious recipient addresses. These spam messages do
not show up in my Out box, so I can not delete them. How do I locate and kill
the messages and the virus that generated them? My anti-virus software is
ineffective in finding it.

 

[Diane Poremsky [MVP]]

are you sure you are infected and it's not some other machine spoofing your
address? what antivirus program are you using? Have you tried using an
online virus scanner, in case the virus disabled your AV software?

 

[Guest]

Diane, Thanks for the suggestions. I'm pretty sure it's in my computer. I
have F-Secure AV. I scanned with it and also with McAfee online scan. Both
show no virus. However, every time I try to send a message, the dialog box
indicates several other messages waiting for sending. I get a lot of delivery
failure notices from these spam messages.
I have blocked the account it has hijacked a couple weeks ago, now there are
122 spam messages accumulated and waiting for delivery. I do not know where
in my computer they reside so I can not kill them. The spam is one of those
watch sales message, which I found from undeliverable notices.

 

[Brian Tillman]

Help! A virus must have hijacked my email address. When I send a
message, some unknown spam messages using my email address will
attempt to be sent to some made up real or fictitious recipient
addresses. These spam messages do not show up in my Out box, so I can
not delete them. How do I locate and kill the messages and the virus
that generated them? My anti-virus software is ineffective in finding
it.

Like Diane said, it's probably some other PC using your addres as the sender
and the bounces are returned to you.

 

[Guest]

Thanks. So what can I do? Like I indicated, I blocked the sending function of
the email account so I don't get bounces any more. There are now 130 backed
up spam messages. I can still receive email with that account though.
However, I'd like to get back using that account to send messages. Is the
only recourse abandoning the account?
How does one allow receiving but blocking the sending function independently?
Thanks for you assistance.

 

[Brian Tillman]

Thanks. So what can I do? Like I indicated, I blocked the sending
function of the email account so I don't get bounces any more.

I don't think that your mail client was doing the sends.

There
are now 130 backed up spam messages. I can still receive email with
that account though. However, I'd like to get back using that account
to send messages. Is the only recourse abandoning the account?

If your address was hijacked, abandoning it is one of the few options.

How does one allow receiving but blocking the sending function
independently? Thanks for you assistance.

There are settings in the Send/Receive Group dialogue that can control that.

 

[Guest]

Brian, I appreciate your help. I've blocked the send function per your
direction, so at least I can receive emails. I'm using another address to
send.
Thanks a lot.

 

[Brian Tillman]

Brian, I appreciate your help. I've blocked the send function per your
direction,

No where did I ever suggest that you block sending. You asked how it was
done, I supplied the answer, but didn't recommend that you do it. I think
it's pointless because I don't think your machine is doing the sends.

 

[Guest]

Hello I think i am having the same problem with a user on a client's SBS'03
Exchange server;
Symptom- He gets many "failure notices" and undeliverables etc from spam
messages that he did not send.
I believe his email address has been spoofed or that my exchange server has
been comprimissed in some way. I have checked for open relay and applied
message filtering and have sp2.
Obviously I want him to keep the ability to send mail. I have also noticed
tons of extra queues developing in my system manager. How can I block this
beaviour?
TYIA!
(e-mail address removed)

 

[Brian Tillman]

I believe his email address has been spoofed or that my exchange
server has been comprimissed in some way.

It's unlikely that your Exchange server has been compromised. It is quite
likely the address has been hijacked.

How can I block this beaviour?

There is little you can do to prevent the hijacking of a mail address.
Create a rule, if you can, that will delete the NDRs.