Menu
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
568 Views
Message 81 of 94
Flag for a moderator

Re: SMTP Failing

I've provided clear instructions on what needs doing.  You don't need to run wireshark in admin mode, and I've explained why the hotspot is used, as whatever is sending spam needs a path to the internet that we can monitor in order to pick up the traffic.

Now if you'd followed my instructions EXACTLY then you would have picked up the device by now.  But from your postings, you don't seem to be, you seem to be going off and doing your own thing.  If you are still not blacklisted since the 18th Dec then whatever has been causing the spam is either:

  • not connected to the network
  • not turned on
  • not actively sending at present.

Tim

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 60
  • 0
  • 2
Tuning in
563 Views
Message 82 of 94
Flag for a moderator

Re: SMTP Failing

Tim

I have literally followed your instruction and ran wire shark multiple times, with WIFI option or Mobile Hotspot way with all of the main devices that we use on a regular basis connected (both methods) for hours and no packets appear at all..  I have no idea if I ned to run for 30mins, hours, days or weeks before anything appears..

The only device that has caused me problems is the Android TV box, which I am not using anymore..  I have not the printer or Xbox one because they have no be turned on and used for months.. And as someone else has said it needs to be a device that I am using quite often..

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
497 Views
Message 83 of 94
Flag for a moderator

Re: SMTP Failing

Alright Tim

I have followed your instructions and have created one Mobile Hotspot on Laptop and have connected 7 devices to it. The only two devices that are not connected are of course the actually laptop where the hotspot has been created on, and the Android TV Box (That has gone, never going to be used again)

Please see following image for proof that all devices are connected...  

 

wifidevicesconnected.png

Those are the only devices in my house that using the internet and are used on a regular basis...   

I am now running wire shark in normal mode (not admin mode) Local Area Connection*5 TCP Port 25 and now for some reasons it has found several packets

packetsrecorded.png

Here's more

packetsrecorded1.png

 

I am now seeing a lot from the Galaxy Phone

0 Kudos
Reply
Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
479 Views
Message 84 of 94
Flag for a moderator

Re: SMTP Failing

The images have been rejected by the mods as they show your IP address and also your MAC addresses.  Fortunately for you we VIP's do have some privileges that allow us to see the images.

Currently the packets in the two Wireshark pictures clearly show that your Galaxy is talking to Microsoft's mail exchanger on port 25.  So we've now definitely found at least one device responsible for your issues, you can set about looking for the malware and cleaning it.  Worst case is to do a factory reset, but it is often possible to remove the malware without doing this.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 14.9K
  • 2.06K
  • 6.45K
Very Insightful Person
Very Insightful Person
477 Views
Message 85 of 94
Flag for a moderator

Re: SMTP Failing

I was about to post with the same info that Ravenstar68 has just said.

As things appear the Galaxy phone is the device in the dock.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 60
  • 0
  • 2
Tuning in
361 Views
Message 86 of 94
Flag for a moderator

Re: SMTP Failing

Hopefully finally found the blasted culprit.. I have no idea why in wire shark it's now showing up 🙂  Did try a few times before with just the phones connect and running with wire shark and then nothing/no packets appear... No idea what I have done different or it might be just temperamental, luck of the draw.

A few months ago my wife used your phone and clicked on a message from Facebook which she believe had been sent via her friend, only for her friend to report that her account had been hacked... Maybe that's how the spambot got into my blasted system..

Right now I got to learn/find out how to get rid of malware without resetting phone so that she doesn't loose anything..

Thanks for all your help and patience 🙂 🙂 

0 Kudos
Reply
Highlighted
  • 14.9K
  • 2.06K
  • 6.45K
Very Insightful Person
Very Insightful Person
462 Views
Message 87 of 94
Flag for a moderator

Re: SMTP Failing

@byronwells  For some reason your last post just disappeared from the forum as I went to reply.  Anyway, I am not an expert on android devices but suggest you start by looking in settings to see what apps have been installed and delete any not recognised/not required.  Also check the phone options, probably in a security section, and ensure that the ability to install third party apps is unchecked.

Edit: if on a newer android version the setting seems to be under apps - advanced - special apps permission -  allow unknown apps, or something similar

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 60
  • 0
  • 2
Tuning in
457 Views
Message 88 of 94
Flag for a moderator

Re: SMTP Failing

Alright Mate

I am not sure if it's an actual app that she has downloaded and been infected that way.. Instead my network might have been infected when she click on a message from Facebook which she thought was her friend but their account was hacked... And she clicked on the linked in the message and then possibly the spambot got on the IP that way...  

If no app installed/downloaded is infected then an hard factory reset would be the only way to solve?

0 Kudos
Reply
Highlighted
  • 14.9K
  • 2.06K
  • 6.45K
Very Insightful Person
Very Insightful Person
442 Views
Message 89 of 94
Flag for a moderator

Re: SMTP Failing

Sorry, but I am not your Mate, I haven't ever met you.

That aside, a hard reset would certainly be a belt and braces approach.  

It may be best to wait before you do that to see if any other community members have any suggestions.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Highlighted
  • 18.6K
  • 1.09K
  • 8K
Very Insightful Person
Very Insightful Person
438 Views
Message 90 of 94
Flag for a moderator

Re: SMTP Failing

You really need to learn about networking.

An IP address is just a way of identifying a device on a network, think of it as being similar to a phone number.  IP addresses don't get infected, devices get infected.

Try this - https://www.avg.com/en-gb/antivirus-for-android

and also this:

https://www.malwarebytes.com/mobile/

Tim

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks