i dont know why my ip is sending spam

[shrimpgfx]

Hello,

As of August i have had problems with my internet and found out that my IP has been blacklisted due to spam and dictionary attack, after finding out that i have been blacklisted i ran multiple full-scans using Windows Defender and have ran Malwarebytes and have removed everything that has popped as a virus or a malware, after that i ran scan on 2 other android phones and have found out that they are not infected with anything, even after that my IP is still sending spams but no dictionary attacks, and yes i have changed my routers wi-fi and upgraded its firmware (TP-Link Wireless N Router WR840N).

Can somebody help me pretty please, I am desperate, i have ran so many checks even blocked port 25 with Windows Firewall(does that even work tho?).

[Bombastinator]

You could have been wardriven by a criminal who is using your ip to send spam.  

[MewMew]

Change ISPs, this is an attack.

[Donut417]

Go in to your routers firmware and verify all the devices connected. Make sure no "Other devices" are connected that shouldn't. 

[Lurick]

It's possible your PC is more deeply infected that you realize and you'll have to bite the bullet and nuke your entire windows install.

[Bombastinator]

1 minute ago, Lurick said:

It's possible your PC is more deeply infected that you realize and you'll have to bite the bullet and nuke your entire windows install.

Could in theory be even deeper than that too.  There is malware that hides out in motherboard stuff and just reinfects.  It’s rare though.

[shrimpgfx]

14 hours ago, Donut417 said:

Go in to your routers firmware and verify all the devices connected. Make sure no "Other devices" are connected that shouldn't. 

i have already done that and have found no other devices

[shrimpgfx]

14 hours ago, Bombastinator said:

Could in theory be even deeper than that too.  There is malware that hides out in motherboard stuff and just reinfects.  It’s rare though.

If it is a malware that can hide in the motherboard do i need to change my PC or what?
 

[shrimpgfx]

15 hours ago, MewMew said:

Change ISPs, this is an attack.

If only i could have changed my ISP ;(

I have no other possible ISPs in my area.

[Falcon1986]

2 minutes ago, shrimpgfx said:

If it is a malware that can hide in the motherboard do i need to change my PC or what?
 

Did you read this?

 

14 hours ago, Lurick said:

It's possible your PC is more deeply infected that you realize and you'll have to bite the bullet and nuke your entire windows install.

 

[shrimpgfx]

2 minutes ago, Falcon1986 said:

Did you read this?

 

 

Doesnt that mean i just have to reinstall Windows and not save any old files from the old Windows?
 

[Lurick]

6 minutes ago, shrimpgfx said:

Doesnt that mean i just have to reinstall Windows and not save any old files from the old Windows?
 

Correct, create a bootable USB on a different device and then reinstall from that one and delete everything.

[Falcon1986]

1 minute ago, shrimpgfx said:

Doesnt that mean i just have to reinstall Windows and not save any old files from the old Windows?

If you absolutely don’t need anything, wipe the drive(s) completely then reinstall Windows.

 

Unfortunately, you run the risk of transferring the infected old files to the new installation if they are indeed infected. That’s a call you’ll have to make.

[shrimpgfx]

1 minute ago, Falcon1986 said:

If you absolutely don’t need anything, wipe the drive(s) completely then reinstall Windows.

 

Unfortunately, you run the risk of transferring the infected old files to the new installation if they are indeed infected. That’s a call you’ll have to make.

Well the problem is that i do not have any bootable USB. ;/

BTW how is that the infected files are transferred when i am installing a new Windows and deleting the old version?

[Bombastinator]

58 minutes ago, shrimpgfx said:

If it is a malware that can hide in the motherboard do i need to change my PC or what?
 

You’d need to do fresh bios installs as well as an OS wipe.  The motherboard has writable data storage on it too.

[shrimpgfx]

4 minutes ago, Bombastinator said:

You’d need to do fresh bios installs as well as an OS wipe.  The motherboard has writable data storage on it too.

Is it really possible that i have a rootkit or a malware on my bios?

[Bombastinator]

6 minutes ago, shrimpgfx said:

Is it really possible that i have a rootkit or a malware on my bios?

It’s apparently been badly infected for a long time.  Little is impossible.

[Bad5ector]

7 minutes ago, shrimpgfx said:

Is it really possible that i have a rootkit or a malware on my bios?

 

The BIOS infection is super rare and IIR not actually not wide spread. You might have a rootkit or some other virus that you need to do a full diskpart /clean and format re-install to clear. 

 

One thing you could try doing is contacting your ISP about this and see if you can get a new IP? Usually ISPs don't give static IPs to non-business customers, so I would be curious if that traffic continues after you get a different IP address.

[Falcon1986]

1 hour ago, shrimpgfx said:

BTW how is that the infected files are transferred when i am installing a new Windows and deleting the old version?

Please reread my response. If you save files from the current installation (e.g. music files, Word documents, etc.), reinstall Windows, then put the saved files back on the system, your system could get reinfected if the malware compromised those files. That's not to say that it's the case in your scenario, but based on how bad things seem to be, I'd be wary of carrying over anything unless it was absolutely necessary.

 

2 hours ago, shrimpgfx said:

Well the problem is that i do not have any bootable USB

Most modern motherboards will allow USB booting on demand (at the time of bootup, press the relevant function key to access the boot menu) or you can set the boot order within the BIOS itself.

 

There are many bootable toolkits that can erase drives properly, but I've lost touch with what's popular now. Not sure if DBAN is still what it used to be.

[Falcon1986]

-double post-

[MewMew]

1 hour ago, Bad5ector said:

 

The BIOS infection is super rare and IIR not actually not wide spread. You might have a rootkit or some other virus that you need to do a full diskpart /clean and format re-install to clear. 

 

One thing you could try doing is contacting your ISP about this and see if you can get a new IP? Usually ISPs don't give static IPs to non-business customers, so I would be curious if that traffic continues after you get a different IP address.

+1 for this.
I wouldn't go full Murphy's Law until you know for sure.

[Bad5ector]

13 minutes ago, MewMew said:

I wouldn't go full Murphy's Law until you know for sure.

I'm a huge fan of occam's razor when it comes to troubleshooting.

[shrimpgfx]

UPDATE: I have done a clean installation of windows 10 and have found out that my motherboard is IH61M and have downloaded this( https://support.lenovo.com/us/en/downloads/ds029433-flash-bios-update-thinkcentre-m72e-ivy-thinkcentre-edge-72-ivy-and-lenovo-62 ),i am not sure if i should flash it or not,cause i read that if something fails i could brick my entire PC. ;/

[shrimpgfx]

6 hours ago, Bad5ector said:

 

The BIOS infection is super rare and IIR not actually not wide spread. You might have a rootkit or some other virus that you need to do a full diskpart /clean and format re-install to clear. 

 

One thing you could try doing is contacting your ISP about this and see if you can get a new IP? Usually ISPs don't give static IPs to non-business customers, so I would be curious if that traffic continues after you get a different IP address.

I already tried that and they closed the phone on my face cause "i dont want to get another IP blacklisted and pay money for that". What the f Am I supposed to do in that situation?

[Bad5ector]

31 minutes ago, shrimpgfx said:

I already tried that and they closed the phone on my face cause "i dont want to get another IP blacklisted and pay money for that". What the f Am I supposed to do in that situation?

Huh? That makes no sense. Are you paying for static IP or something? If anything they should want to help you. 

 

Are you saying that they said that they don't want to get another IP blacklisted and that it would cost them more money to get another IP? You know they have pools of IPs right? What kinda Mickey Mouse ISP are you with?