Coincidence, paranoia or malware?

[MBIEnt]

I have XP Pro with every sort of anti-everything enabled, updated and
scanning continuously, yet, it seems after I send some personal emails,
I start getting SPAM that either uses the first names of the persons I
sent emails to, or, addresses some of the same subjects I had mentioned
in my emails.

Maybe I'm just being paranoid, but is it possible there is some kind of
malware on my system that is picking up this info, sending it off to
the mother ship to SPAM me with some names or topics of current
familiarity?

If so, is there any way to find it? I have Norton AV, Spyware Blaster,
AdAware, Spybot, Yahoo AV all active, updated and running. Have even
tried several of the on-line scanning sites, like Trend-Micro, found
nothing, but always leary of letting these sites install their clients
so they can run their scans.

Up till I started reading this forum, I thought the MS firewall was
sufficient protection, so I do not have Zone Alarm, yet, but plan to
install it mucho pronto and turn off XP's firewall.

I also thought, erroneously I'm sure, that these malware applications
had to use the IE Internet interface to communicate. Not so?

 

[Gary]

Did it ever occur to you it might be your ISP.
Who do you use?

 

[MBIEnt]

P.S. Using Outlook 2003 as my email handler and Norton scans the
comings and goings of everything. I read that that all that scanning
wasn't necessary. Is that a fact, or an opinion?

 

[John McGaw]

I have XP Pro with every sort of anti-everything enabled, updated and
scanning continuously, yet, it seems after I send some personal emails,
I start getting SPAM that either uses the first names of the persons I
sent emails to, or, addresses some of the same subjects I had mentioned
in my emails.

Maybe I'm just being paranoid, but is it possible there is some kind of
malware on my system that is picking up this info, sending it off to
the mother ship to SPAM me with some names or topics of current
familiarity?

If so, is there any way to find it? I have Norton AV, Spyware Blaster,
AdAware, Spybot, Yahoo AV all active, updated and running. Have even
tried several of the on-line scanning sites, like Trend-Micro, found
nothing, but always leary of letting these sites install their clients
so they can run their scans.

Up till I started reading this forum, I thought the MS firewall was
sufficient protection, so I do not have Zone Alarm, yet, but plan to
install it mucho pronto and turn off XP's firewall.

I also thought, erroneously I'm sure, that these malware applications
had to use the IE Internet interface to communicate. Not so?

Have you considered that, despite all of YOUR caution with your system,
the parties you are sending to may be simple-minded and slothful and
have every sort of malware imaginable on THEIR systems and don't really
give a rat's arse about security? This theory would fit the evidence
you've presented.

John McGaw
http://johnmcgaw.com

 

[Wesley Vogel]

Your E-mail pals may be infected and they may be unknowingly spamming you.

I do not know about Outlook, but virus scanning E-mail in Outlook Express is
unnecessary and can cause problems.

3. Turn off email scanning in your antivirus software.
http://www.oehelp.com/OETips.aspx#3

The Other E-Mail Threat: File Corruption in Outlook Express
Published: November 18, 2004
By Tom Koch
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

[[As surprising and ironic as it may seem though, the most common cause of
DBX corruption is not a virus, but rather anti-virus programs that are
configured to scan incoming or outgoing e-mail. Even the most well-known
anti-virus programs have exhibited this problem from time to time. ]]

Scroll down to:
Viral Irony: The Most Common Cause of Corruption
or click...
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx#EOAAC

----

[[In fact, ]]
Messages in Inbox or other mail folders disappear
http://insideoe.tomsterdam.com/problems/bugs.htm#mailgone

----

[[Is my computer still protected against viruses if I disable Email
Scanning?
Disabling Email Scanning does not leave you unprotected against viruses
that are distributed as email attachments. Norton AntiVirus Auto-Protect
scans incoming files as they are saved to your hard drive, including email
and email attachments. Email Scanning is just another layer on top of this.
To make sure that Auto-Protect is providing the maximum protection, keep
Auto-Protect enabled and run LiveUpdate regularly to ensure that you have
the most recent virus definitions.]]
from...
Frequently asked questions about Norton AntiVirus Email Scanning
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2002111812533106

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[MBIEnt]

Good point.

Come to think of it, John, given the general trusting naivity of my
fellow seniors, it is entirely possible that one or more of them have
systems that may have become infected, but I doubt it would be because
they don't care. More because just getting on the Interent to send and
receive email is a major milestone for most of them.

While the tech-heavies that grace these forums may scoff at MS' new
Live Care service, it is a step in the right direction for providing a
relatively safe system for those computer-users who don't know which
wires to hold together to make things work. In the corporate world,
the naive have the IT department to save them from themselves and the
bad guys. In the non-corporate world, we only have ourselves, and guys
like you in forums like this, providing we know how to find the forum
and what to ask. Fortunately, though a little late coming to the
party, MS finally accepted the challenge of providing those IT-like
services so sorely needed by the masses. I wish them every success.

Thanks to all of you for your help.

 

[Gary]

I would say its a opinion.
Scanning incomming mail is always a good thing.

 

[Rock]

I would say its a opinion.
Scanning incomming mail is always a good thing.

With outlook express certainly, and maybe with others, email scanning
can corrupt it. There is no advantage if the AV scanner is running real
time. Turn it off.

 

[Wesley Vogel]

Not always a good thing with Outlook Express.

3. Turn off email scanning in your antivirus software.
http://www.oehelp.com/OETips.aspx#3

The Other E-Mail Threat: File Corruption in Outlook Express
Published: November 18, 2004
By Tom Koch
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

[[As surprising and ironic as it may seem though, the most common cause of
DBX corruption is not a virus, but rather anti-virus programs that are
configured to scan incoming or outgoing e-mail. Even the most well-known
anti-virus programs have exhibited this problem from time to time. ]]

Scroll down to:
Viral Irony: The Most Common Cause of Corruption
or click...
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx#EOAAC

----

[[In fact, ]]
Messages in Inbox or other mail folders disappear
http://insideoe.tomsterdam.com/problems/bugs.htm#mailgone

----

[[Is my computer still protected against viruses if I disable Email
Scanning?
Disabling Email Scanning does not leave you unprotected against viruses
that are distributed as email attachments. Norton AntiVirus Auto-Protect
scans incoming files as they are saved to your hard drive, including email
and email attachments. Email Scanning is just another layer on top of this.
To make sure that Auto-Protect is providing the maximum protection, keep
Auto-Protect enabled and run LiveUpdate regularly to ensure that you have
the most recent virus definitions.]]
from...
Frequently asked questions about Norton AntiVirus Email Scanning
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2002111812533106


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[cquirke (MVP Windows shell/user)]

On Mon, 8 May 2006 09:41:49 -0600, "Wesley Vogel"

The Other E-Mail Threat: File Corruption in Outlook Express
Published: November 18, 2004 Tom Koch
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

[[As surprising and ironic as it may seem though, the most common cause of
DBX corruption is not a virus, but rather anti-virus programs that are
configured to scan incoming or outgoing e-mail.

I find a more common scenario is the "full system scan", which finds
signatures within mailboxes and "cleans" these by deleting the files
(and thus entire mailboxes).

The usual problem with av that scans email traffic is failure to get
or send mail due to botched server names, or silent failure to send
mail because the email app disconnects before the av has finished
scanning outgoing material and thus hasn't actually sent it yet.

The last one is nasty, because the email app shows no error; you think
it's sent, your logs tell you it's sent, but it never goes out.

Even the most well-known anti-virus programs have exhibited
this problem from time to time.

R/Even/Especially ;-)

[[Is my computer still protected against viruses if I disable Email
Scanning?

With an email app that...
- doesn't run scripts and other "message" content
- splits attachments out of the mailbox as separate files
....then yes; Eudora is one such email app.

But most email apps hide attachments in mailbox files where av
scanners can't scan or fix them, so scanning the email traffic is your
one desperate attempt to stop new malware being hidden in the mail
stores forever. It doesn't work that well for technical reasons, but
also because the moment the mail arrives is the moment when the
malware is most likely to be too new to detect.

Once malware is hidden in the mailbox, your PC can be actively
infected any time the attachment is "opened" from the email app,
either by user clickery, or automatically via exploit. Whenever this
happens, your av has to be running resident so it can intercept and
scan the file as it is created and/or as it is "opened".

Disabling Email Scanning does not leave you unprotected against viruses
that are distributed as email attachments. Norton AntiVirus Auto-Protect
scans incoming files as they are saved to your hard drive, including email
and email attachments.

When it's running.

--------------- ----- ---- --- -- - - -

Tech Support: The guys who follow the
'Parade of New Products' with a shovel.