My mac is spamming all on it's own. My ip address is now blocked from most email servers. spamhaus said that I have "the "sendsafe" or similar (such as Advanced Mass Sender - AMS) bulk emailing malware." I can not figure out how to get rid of this problem. So I guess MAC's can get a virus? Can anybody help me figure this out? Not sure what to do
MacBook Pro, Mac OS X (10.7.3)
Open Activity Monitor and see if you can see a process called "sendsafe". If so, then you can stop it from within Activity Monitor. This is not a permanent solution though as it will start again when you reboot. It's an intermediary step that will help us to help you solve the problem. Let us know how you get on.
No, there is no process called sendsafe in my activity monitor. but the "match messages out" "match system calls" and "unix system calls" are all increasing rapidly.
Look for another likely process then. If it's sending spam all the time then it will be using a lot of processor time so that may help you to narrow down the suspects. Make sure you're looking at 'All Processes', selectable from the drop down menu on the toolbar.
Your Mac is not likely to be infected with anything that is causing this problem. More likely, someone has hacked your e-mail account and is using it to send spam. Try changing your e-mail password.
For more information, see my Mac Malware Guide, and specifically, see the section My friends are all getting spam from my e-mail address!
(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
Check your Mail "sent" folder. If the alleged emails do not appear they did not originate from Mail.
It is much more likely your email server (Yahoo, Hotmail, etc) has had its database hacked, causing spam to appear to have originated from your account. Change your passwords if you suspect that is possible. You should change your passwords periodically anyway.
It is also likely someone to whom you sent mail has had his computer infected with a virus, pressing it into service as a "spam-bot". Your email address can easily be used to obscure the email's actual origin.
Note that if the account has been hacked, messages would also show up in the Sent mailbox on any IMAP mail account, so that's not adequate by itself to test whether the emails originated with the computer.
Thanks for the responses. I have changed my password numerous times, and the problem continues. Spamhaus had this to say about it http://cbl.abuseat.org/lookup.cgi?ip=100.42.52.118
I think that John is probably correct about someone pressing my email service into a "spam-bot" but I can't make it stop. Spamhaus said that it is written into my files somewhere, but I can't locate it. It is pretty technical for me.
Nothing is showing up in the "sent" folder.
Read the link above and see if you can explain what I should do in layman's terms. I would greatly appreciate it.
Correct, but I'd certainly like to know if the spam originated on my Mac (which is the OP's stated concern) or the email server - each would require different responses:
My mac is spamming all on it's own. My ip address is now blocked from most email servers.
Mac Mail actually sending spam is highly unlikely, but there have been recent posts about mysterious "mail sent" sounds that remain unresolved as far as I know.
"Sendsafe" is a well known spam program, but runs only on PCs.
Nothing is showing up in the "sent" folder.
Well, it's definitely not a hacked account, then.
There are a couple other possibilities. One is that someone with an infected machine is on your network. If you have a wireless network, is it locked down with a good, strong password that nobody living nearby knows? If not, change it to an encrypted network using WPA2 and a good password. Do you have any Windows PCs in the house, or someone who visits frequently with a Windows laptop? If so, those machines need to be checked out.
If nothing else helps, most home networks are assigned IP addresses out of a pool, and the IP address can change. It's possible someone else who was infected was using the IP address that you are using now. You should ask your internet service provider to get involved.
Thanks. Everything in that document would seem to confirm that whatever is causing this, it's not your Mac:
IP Address 100.42.52.118 is listed in the CBL. It appears to be infected with a spam sending trojan or proxy.
Make certain that is really your IP address.
Everything in the document references PC software. If someone with a PC was using your network, and that PC was running AMS43.exe or something like it to send spam, that would certainly explain the IP address implication.
If you are reasonably sure that is no longer possible, the bottom of that page contains a link to de-list your IP from its blacklist.
If nothing else helps, most home networks are assigned IP addresses out of a pool, and the IP address can change. It's possible someone else who was infected was using the IP address that you are using now. You should ask your internet service provider to get involved.
That sounds like the most reasonable explanation.
After reviewing all this, I think you'll agree that "my mac is sending out spam" was an understandable, but premature conclusion for both you and your ISP to have drawn.
Thanks John, I appreciate that. How do I tell what my ip address really is? Because I have not seen that ip address anywhere. I read one article that said the ip address that was showing up in your network settings was just a router address, not the ip address.
... How do I tell what my ip address really is? Because I have not seen that ip address anywhere. I read one article that said the ip address that was showing up in your network settings was just a router address, not the ip address.
Right, to determine the IP address issued by your ISP, you need to examine your router's setup page and find out which IP address it is using to connect.
Using an Apple AirPort base station and AirPort Utility, the information is at the bottom of the "Summary" page.
... or just click on the link in Thomas's post đ
Message was edited by: John Galt
Okay, thanks. I will have to do that later when I get home then. I was looking at that last night and I dont remember seeing the ip address that they are saying is my ip address. But I will look again. If you don't mind monitoring this thread so you could answer questions later, I would appreciate it greatly.
If they are different ip addresses then what should I do? who handles that? AT&T? AT&T is my service provider.
I am at work now, and my email is blocked here as well, which should technically be on a different ip address right? the ip address that is being blocked is still the same 100.42.52.118. I went to the link in Thomas's post and it was not even close to the one that is showing up in the spamhaus information. What does that mean?
My mac is sending out spam, Help Please.
