Menu
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
203 Views
Message 11 of 22
Flag for a moderator

Re: Malware letter

I've just got the dreaded malware letter. Mine does not name any specific malware  "spam coming from a device....". The "ref"  is VMIS82-SPAMBOT-F9999999 ( long number). Like madmax , I ran f-secure and AVG : nothing found.  I have just this windows  PC . Can it really be from an iphone?. How on earth do you check that?  What else can I do on this PC. ?

0 Kudos
Reply
Highlighted
  • 3.94K
  • 714
  • 1.02K
Very Insightful Person
Very Insightful Person
200 Views
Message 12 of 22
Flag for a moderator

Re: Malware letter

Hello

From what you have described something on your network is sending spam, have a  look at this post and run through this will allow you to find what is causing the Spam Bot and could be coming from anything even iPhones.

https://community.virginmedia.com/t5/Security-matters/Searching-for-Spambots-on-your-network/td-p/40...

Regards Mike

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
196 Views
Message 13 of 22
Flag for a moderator

Re: Malware letter

I looked at that wireshark post.  thats way beyond my abilities!  and  my ancient pc runs win 7 anyway. As I said 2 malware scans came up with nothing. Looking at my AVG alert history , I see a couple of "threat blocked" and "threat secured".. so presumably thats not involved with your reported spambot event? 

dont know what else i can do

 

 

0 Kudos
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
192 Views
Message 14 of 22
Flag for a moderator

Re: Malware letter

I brif google brings up "port 25" issues... Is that the culprit? My local client (WLM) (yes , I know its ancient , but I like it) has outgoing smpt port 465 SSL yes, incoming imap port 993 SSL yes. 

So can I / should I block port 25? will that help? how?

0 Kudos
Reply
Highlighted
  • 3.94K
  • 714
  • 1.02K
Very Insightful Person
Very Insightful Person
191 Views
Message 15 of 22
Flag for a moderator

Re: Malware letter

Hello

The only other thing I can ask you to check do you have "Free Hola VPN" on any of your devices as I have seen this trigger a response of a SpamBot, that VPN although free the way it works is too share your connection with thousands of others.

Something on your network is sending spam normally on port 25, if that post is beyond on you then you will have to employ somebody to help you. Malaware scan don't always pick up SpamBots as they go too sleep and dont wake up that often.

Another tool I found that may help is a tool called malwarebytes which has free version for iPhone and PC's.

Regards Mike

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
190 Views
Message 16 of 22
Flag for a moderator

Re: Malware letter

i'm a non-techie ... is this port 25 thingy on my PC or does it refer to VM servers?

0 Kudos
Reply
Highlighted
  • 3.94K
  • 714
  • 1.02K
Very Insightful Person
Very Insightful Person
175 Views
Message 17 of 22
Flag for a moderator

Re: Malware letter

Hello

That will be a program on the PC / iPhone that is sending data out of port 25.

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
164 Views
Message 18 of 22
Flag for a moderator

Re: Malware letter

Mike , much appreciate your engagement on this. Malwarebytes "quarantined" 5 files in download library , but nothing else. I read this pcworld article >

 https://www.pcworld.com/article/2927993/what-to-do-when-your-email-address-sends-spam.html

I've changed my email password. Though this article seems to be if the spam is going out under "my" email address. (But probably from a different PC) But the VM letter says its "using my internet connection". That sounds different?  May I ask again , is blocking port 25 on my PC sometjing I could do that world fix  this? v m,any thx, Alan

 

0 Kudos
Reply
Highlighted
  • 57
  • 0
  • 0
On our wavelength
140 Views
Message 19 of 22
Flag for a moderator

Re: Malware letter

Just to add a bit more.. I had to remove malwarebytes. It locked the PC on reboot.

I've no idea if it will help , but I've set up a rule in windows firewall to block port25 (out) . It that sensible?  I need more tech advice from VM internet security team  as their initial suggestions (run a scan) did not show up anything.  But of course , despite threatening me with disconnection , they offer no telno , telling me just "go to the community". How typical of VM...  

0 Kudos
Reply
Highlighted
  • 3.94K
  • 714
  • 1.02K
Very Insightful Person
Very Insightful Person
100 Views
Message 20 of 22
Flag for a moderator

Re: Malware letter

Hello

Setting an outbound rules will certainly stop the  Windows machine from sending Spam over port 25, there is no further information that the security team will be able to give as it is coming from your own network that is why they have refereed you to the forum, they cannot see inside of this network if fact it would be against the GDPR all they see is that you external IP address is sending Spam.

Regards Mike

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply