Unsolicited Traffic

[mothersruin]

A strange thing happened yesterday. I noticed on Netmeter that there was a lot of traffic leaving my computer. I was not sending anything, so I became a bit worried. I did a couple of anti-virus and trojan scans using AVG, Malwarebytes and even MS essentials, but found nothing. It happened on a couple of occasions.

Internet sites and forums suggested I triy Tcpview and Wireshark to check their destination and content, but I don't know much about them.

I rebooted my computer and it started again. I switched my computer off. Later that night I checked my email using Mailwasher and started receiving hundreds of emails a couple of ks in size from my system admin as failed to deliver emails. There were over 3900 of them! I eventually managed to delete all of them and empty Mailwasher's recycle bin and have not had any trouble since. Though I am watching things pretty closely.

Has anybody else experienced this or has an idea of what it is?

 

[Nick333]

Welcome to the Borg.

 

[mothersruin]

Aliens?

 

[Nick333]

Aliens?

I'm not sure what it's called exactly. Some sort of malware that turns your pc into a mailing bot. Had my gmail hacked from a russian ip a while back. Had a shyte load of mail undelivered notifications. Never actually happened from my PC though. Who is your email account with? 3900 emails seems like way more than your average email provider would allow before blocking and flagging you as a spammer.

 

[mothersruin]

I'm with Webafrica. It was all marked as spam. With Mailwasher you can get some idea what is in the messages and it showed email addresses that had changed slightly in each one. I haven't asked Webafrica about it yet.

 

[mothersruin]

Ok I found 2 Mailbots They were Internet shortcuts with these internet addresses https://www.npmjs.com/package/mailbot
and https://github.com/magopian/mailbot I tried to delete them and their associated files, but I couldn't. Tried again in safe mode, but couldn't find them. Back in normal windows they appeared to have gone. Hopefully they have.

Many thanks for your help

 

[nate_leroux]

Has your original issue resurfaced?

I have noticed unusual uploaded data from my account in the past week.
I top'd up to test on Sun 28 June with 1Gb only to reveal that 994MB was uploaded from my account on the same day.

Scans reveal no Malicious software or attempts on my home PC, however my home router (after i enabled Firewall log) reveals the below:

Jun 29 08:23:27 home.gateway:firewall:info: 71492.889 Intrusion Chargen scan(15) -- 199.168.142.169 > 105.224.153.188

Jun 29 10:28:55 home.gateway:firewall:info: 79020.475 Intrusion Chargen scan(15) -- 74.82.47.13 > 105.224.153.188

Jun 29 12:13:00 home.gateway:firewall:info: 85265.392 Intrusion UDP echo scan(14) -- 85.25.103.50 > 105.224.153.188

Jun 29 13:13:56 home.gateway:firewall:info: 88922.623 Intrusion Chargen scan(15) -- 185.72.176.126 > 105.224.153.188