rootkit or virus placement location in email client ?

Since LinkedIn was hacked, I have been inundated with extortion and blackmail emails which I have been blocking at the server. Eventually the perpetrator ran out of email addresses but managed to get a virus into my email client program. Where should I look in the program for such a bug. It is changing the address of the sender of emails to the perpetrator’s who uses the address <nobody@invalid.invalid> ?The real address however is registered in Iran.

Best option if you think eM Client is affected by a virus is to upgrade your anti-virus application and then do a full system scan.

So far I have used Spyhunter, Avast, Spybot,Superantispyware and Malwarebyte to no avail. Spyhunter does stop some attempts to run an exe.file.I am concerned that if I save all files and uninstall email client and re-install the problem could still be there.

If those applications have not detected a virus, then there most likely isn’t one.

Currently I do not download any emails until I have looked at them on the server.Having checked the number of emails and am happy with where they are from I download. Some days there are up to eight old emails pulled out at random interspersed with what I have checked all with the senders email address changed to <nobody@invalid.invalid. They were already in my inbox.

So if they are already like that in your Inbox on the server, how does this indicate that eM Client is infected with a virus?

Simply because previously I had done a search both physically and using the search facility and there was nothing there. All of these emails have two particular traits, the first is that the senders name is always in Uppercase and also in bold. The other is that there is never a subject, if anything it might have re or fw. When you are looking down a line they stand out like sore thumbs.

That does not mean that the email application is changing the messages. That is probably just the way they arrived, and not an uncommon practice with spammers.

Here’s what you can do. Stop using eM Client for a week and instead login using the web interface for your provider. If you find  the same thing, then it can’t possibly be the email client.

If you are happy about using beta software, you can download eM Client 8.0.1481 from the Release History. Apparently this release “fixed a bug in IMAP that may cause showing nobody@invalid.invalid emails”.

This may be the same or related to the issue you have experienced.