pop wanadoo returned mail delivery

Status
Not open for further replies.

bex

Posts: 29   +0
I think my server may be being used to send spam mail. I get around 30 returned mail per day. I have also recieved this email...
Hello,
My name is Mr. Denero Patrick,I am writting to book a reservation in your bed and breakfast for the party of 4 and if its self catring.We are a Group of charity organisation who aid in helping the needy.Your Advert we saw and the place is so lovely so we decided in picking it for our Annual meeting.We would be Glad if the Dates is available for us kindly get back to me soon ok.The dates is as follows ok.

Arrival Date : 20st of August 2006
Departure Date : 30th of August 2006
Accomodation Type : 2 bed rooms
Number of Guests : 4 people

The names for you to place the reservation are as follows.
1) Name : Mr. Denero Patrick
Address :12 Southwood Road
Hayling Island
Hampshire
United Kingdom

2) Name : Mr Bent Price,
Address : Granary, Malpas,
Cheshire SY14 7JJ
United Kingdom
we are also pleased to inform you that due to the logistic interview that we are still on for the people comming for the trip.We have to sort out the payment earlier before our arrival and the total amount due for the payment is required.The payment shall get to you by our financial officer for the trip and in form of Cheque/Bank Draft .
Lastly,do let know the total charges for during our stay. Thanks and I await your full contact information and Phone number to make sure payment/deposit gets to you before our arrival.
Thanks
Mr. Denero Patrick

When I try to get help from wanadoo I get the page that says error 404 and the page is not displayed. I have Nortons 2005 internet security...please help
 
We need to check your computer for malware etc.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:
 
The returned mail comes to your server's mail address? You have a domain name?

The message body is useless. Post the raw message with all headers if you want us to make anything of it.

Forging the sender address is very common and all decent malware does this. You getting all kinds of replies usually means that someone else having your address in their Outlook has some malware on their computer. The malware uses your address as the "from" field and stupid mail servers send all kinds of error messages to that address.
 
HELO spam.theworld.net

It's probably nothing to worry about Bex, as Nodsu says, but you might like to follow Howards advice, just in case. You never know what you might find :D
 
Cheers Guys for getting back to me...gosh that was hard work, hope I have followed everything.
HJT as requested.
I only found 016 - DPF in HJT and fixed them.
The only other problem I found was Spy Doctor ActMon Keylogger C:\MAGIX\Movies_on_CD_DVD_2_0\ZIPDLL.DLL High
To remove this I need to purchase the software, which I am happy to do.
Ironic really as all my blue screens etc started when I loaded magix! If I remove this will I not be able to use the software?
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Wanadoo - {4E7BD74F-2B8D-469E-A3F1-F068B59BBB2A} - C:\PROGRA~1\wanadoo1\wanadoo1.dll (file missing)

O3 - Toolbar: Wanadoo - {4E7BD74F-2B8D-469E-A3F1-F068B59BBB2A} - C:\PROGRA~1\wanadoo1\wanadoo1.dll (file missing)

O8 - Extra context menu item: Wanadoo Search - file://C:\Program Files\WANADOO1\Cache\SelectedContextSearch.htm

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

Regards Howard :)
 
Howard
Have done all you asked, still getting mail delivery via outlook but not sure what else to use other than outlook.
Spydoctor picked up actmon high virus, magixmovies_on_cd_dvd_2_0/zipdll.dll.
Cannot remove this without purchasing spydoctor.
Do I need to purchase this?
Thanks again for all your help.
 
As far as I can tell. That spydoctor entry is a false positive and is nothing to worry about. See HERE for further info.

So, no you don`t have to purchase spydoctor.

Regards Howard :)
 
Status
Not open for further replies.
Back