Helping people with computers... one answer at a time.
If your machine is sending lots of email without you knowing it, it may be a zombie. Zombies are preventable, but may be difficult to clean up.
My computer is a zombie. My IP has been blacklisted as a spammer. I am not and never have been a spammer. I don't know how to liberate my computer. The spammy network grabs control for 48 to 72 hours at a time, and won't let me log on to the internet. My ISP is unfamiliar with zombies.
Unfortunately, while your visible symptoms are more severe than most, what you're experiencing is frighteningly common. It seems like every day there's another study out showing that some incredibly high percentage of machines are infected with malware that can turn them into zombies at a moment's notice.
I'll look at exactly what we mean when we say "zombie", how to tell if your machine is one, how to prevent it and how to try to recover if your machine has been taken over.
If you've ever watched an old B-movie about the dead rising as killer zombies, you've seen them: crowds of the undead shuffling along in a single minded search for "braaaiiins". Get bitten by one, and you too can be a zombie.
The analogy's not perfect, but it's not bad. Once infected, your computer can also become a zombie and join a legion of other zombie machines with a single minded purpose to follow the instructions provided to it by a "zombie master" - a person remotely controlling a network of infected computers, also often called bots - a botnet.
That single minded purpose? Sending spam. Lots and lots of spam. The remote controller of a botnet will periodically instruct all the infected machines that are part of that network to send spam, or worse.
How do you know if your machine has been infected?
It's not always as obvious as the situation we're faced with here. In this case, the machine becomes unusable for hours at a time, as the spam-sending completely clogs the network connection. Having your ISP "blacklist" your IP address, or as I've also seen, block port 25 so that you can't send mail without additional configuration, is another strong clue.
Zombies are nothing more than a special class of malware like a virus or spyware. That means that in general, the anti-malware software you should be running should be catching any attempts to infect your system and set up a zombie. Naturally, it's critical to keep your machine's anti-malware software up-to-date, both the software and the databases that are used. Like all malware, new forms of zombie infections are cropping up every day, and you need to keep things current to stay on top of it.
How can you prevent an attack of the zombies?
As I said above, zombies are just another form of virus or malware. All of the usual precautions that keep you from getting infected with anything apply to keeping zombies at bay:
Keep Windows up-to-date. The majority of successful infections occur on unpatched machines.
Get behind a firewall - ideally a router, or a software firewall.
Run up-to-date anti-spyware and anti-virus software. I have to stress the up-to-date part - a year old, or even a month old, database won't protect you from this week's latest threats.
Practice safe computing. Don't open attachments you're not expecting or aren't 100% sure of. Don't fall for phishing attacks, click on popups you don't know are safe, or visit questionable web sites.
Hopefully, for most of you reading, this means simply "keep doing what you're doing".
What if it's too late, and a zombie has taken over?
Once again, it's just another virus, so all the normal virus cleaning rules apply - including the one we never like to think about: once you're infected with anything, you can never be 100% certain that you've cleaned it off.
And that means that once infected the only way to be sure is to backup, and completely reformat and reinstall Windows and everything else.
That's extreme, and in many cases impractical. The alternative is to scan with multiple different anti-malware tools (at least one of which that detects the infection to start with), and then keep scanning and rescanning until they all report clean.
Hopefully you also have a recent backup at hand in case cleaning is unsuccessful, and you have to reformat anyway, or in case cleaning involves removing something important.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.