Receiving odd failed-delivery messages

Status
Not open for further replies.

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
I suspect this is just another plot for sending spammy mail, but I would appreciate your more knowledgeable views, just in case I'm mistaken.

Recently, my Windows Mail in-box has started to receive messages with From: Mail Delivery System. Subject: Mail delivery failed: returning message to sender.

For safety's sake, I have checked them via File > Properties and found them not to be referring to any mail that I've actually sent to anyone.

This is what I see (but with my personal details removed of course, plus the addition of a few spaces to prevent links being formed):

Return-path: <>
Envelope-to: my email address
Delivery-date: Fri, 04 Nov 2011 01:53:05 +0000
Received: from mailnull by my ISP's mail server with local (Exim 4.69)
id 1RM8xt-0005eM-2I
for my email address Fri, 04 Nov 2011 01:53:05 +0000
X-Failed-Recipients: dsghjytyt @ yahoo . com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon @ my ISP's mail server>
To: my email address
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1RM8xt-0005eM-2I @ my ISP's mail server>
Date: Fri, 04 Nov 2011 01:53:05 +0000
The body of the mail is typically a lot of rubbish - not porn - but a lengthy, rambling piece of nonsense.

My only query/concern, is whether any of this is somehow being generated via my computer (I'm thinking trojans, etc?) AV scans are clean. I use MSE (Microsoft Security Essentials, AV and Firewall) and my Netgear router is firewalled too.

Is it anything that my ISP needs to know about, do you think? Or is it okay to just forget it and treat it as any other spam?

Thanks very much for looking. :D
 

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,572
Reaction score
1,888
Try the ESET online scanner to check your PC if your worried, and maybe Super Anti Spyware too. :)
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Many thanks for your replies V_R and Mucks, both much appreciated.

The ESET scan produced three suspect files:

a variant of Win32/KillProc.Aapplication
Win32/Adware.ADON application
Win32/Adware.ADON application

I don't think they were anything too terrible, but they've been banished to malware heaven.... or wherever it is these things go. :thumb:

I haven't heard the term "Joe Jobs" before, so you've added something to my education today Mucks :D

Once again, thank you gentlemen.
smiley_highfive.gif
 

floppybootstomp

sugar 'n spikes
Moderator
Joined
Mar 5, 2002
Messages
20,281
Reaction score
1,794
Just a confirmation, those messaages are a spam variant, I was getting lots of them for a while, I bounced 'em all back 'return to sender, address unknown' via Mailwasher.
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Thanks Flopps - actually I've just received a shed-load more! :mad:

I've always had good results by "creating a message rule" such as the option to delete from server before it can be delivered.

Do you think it would be okay to add these to the rule? (I was wondering whether doing that would prevent legitimate undeliverable mail alerts from getting through?)
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,735
Reaction score
1,204
rules, I have none but one ... never click a link in an email :)

TC, I would like to see you post a HJT log here, just as a wee check ... :nod:



... a reminder to all potential would-be HJT log posters, this is a request from me, we at PCReview do not processes HJT logs for just anyone, you have to be special. :D
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
This is awfully decent of you Mucks, thank you. It's a bit of a long 'un.... :eek:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:14:01, on 04/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Qlock\qlock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BUFFALO\HDManage\HDManage2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Creative Software Update] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage2.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca0a19d7480cd4) (gupdate1ca0a19d7480cd4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TunerFreeMCEService - Unknown owner - C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12113 bytes
 

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,735
Reaction score
1,204
aye, it be lone in the tooth at that, can whittle it down a bit, but best of all ... there be NO nasties ... there are a few things you can tidy up, if you wish. :)

you can "fix" the following ...

C:\Program Files\BUFFALO\HDManage\HDManage2.exe
HJT & me dunno what this is, however, if you have a 'Buffalo' device then keep, otherwise fix it

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Unnecessary (deactivated) entry that can be fixed

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Not dangerous, but unnecessary ... 40' barge pole for me

O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
not a problem, but surplus to needs, do not 'fix' but uninstall the program ... unless you really like it, but you are using the Secunia PSI Agent

O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
another not needed at startup, can be started manually

O4 - Startup: BUFFALO Power Save Utility for HD.lnk = C:\Program Files\BUFFALO\HDManage\HDManage2.exe
I really hate double entries, and I dunno what this is ... fix it if you have no 'buffalo' device

O4 - Global Startup: SetPointII.lnk = ?
This entry is unnecessary and can be fixed

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
Check if you know this site and fix it if you do not

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
Check if you know this site and fix it if you do not


... as I said, no need to 'fix' anything, just highlighting what I would remove if it were on my system.

The usual disclaimer applies if all hell breaks loose & world war 3 ensues ... It wasn't me. :)


:thumb:
 

Taffycat

Crunchy Cat
Joined
Jun 1, 2006
Messages
12,544
Reaction score
1,055
Grateful thanks for your time Mucks. It's always a relief to hear that no nasties have crept aboard.

Purely for info...the Buffalo entries are referring to my external HDD - only recently added. It has some power-saving gizmos, hence that double entry.

The Bejeweled/SpinTop references belong to a recently purchased puzzle-game, (an addictive time-passer, when I'm not otherwise engaged in killing things, lol.)

I can happily 'fix'/get rid of the others. :thumb:

You deserve a cup of coffee, thank you once again for taking the trouble to go through all of that. :D
cupofcoffee.jpg
 
Status
Not open for further replies.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top