Re: Pc Sending Spam Emails, No Trojan or Virus Found - Please Help




Download the autoruns and process explorer to see what running in real
time
in the background:
AutoRuns for Windows v8.73
http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx

Then Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.

HTH.
nass
--------
www.nasstec.co.uk

"Pink Sparkle Girl" wrote:

Hi, before I followed much of this advice I deleted all my email accounts in
outlook Express. This caused the spam bug confusion as it seemed to no
longer be able to send the mail. I then carried on with the advice below
running several scans which found very little of interest.

I would like to point out that about 5 hours before the spam started Norton
detected two Trojans (both mail relay), but were both cleaned off my PC
before they could get started (or so I thought).

1. Trojan.Mitglieder
2. Trojan.Lodear

Norton has still found no evidence of anything else going on. About an hour
after deleting my email accounts from Outlook Express the spam began to
stop, or at least it isn't being scanned and sent via Norton.

I'm at a loss - has the problem been sorted is my PC just sending out spam
undetected now? I have just rebooted my PC with my email accounts now added
back into Outlook Express to see. As before, I shall wait and see if the
spam starts in about 5 minutes time...

_____________________________________________________________


Trojan.Mitglieder.C
http://www.symantec.com/security_response/writeup.jsp?docid=2004-012012-0813-99&tabid=2


Trojan.Lodear
http://www.symantec.com/security_response/writeup.jsp?docid=2005-110111-3344-99&tabid=2

Please run the Hijackthis and send the log file for analysis to one of many
forums specialised in Hijackthis analysis.
As you previously said, it looks like an executable file called every time
you are trying to access the Internet and the Remote control procedure start
from the offending party.
HTH.
nass
----
www.nasstec.co.uk
.

Relevant Pages

  • Re: Unable to delete certain temporary internet files
    ... LSPFix- all versions of Windows http://www.cexx.org/lspfix.zip ... Tutorial on how to use HijackThis: ... Internet Files under the Temp directory (in addition to the normal Temporary ... tried deleting these files in safe mode, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Unable to delete certain temporary internet files
    ... > Also download a winsock repair tool, to have just in case cleaning up ... > How to manage Internet Explorer add-ons in Windows XP Service Pack 2 ... > Tutorial on how to use HijackThis: ... >> Internet Files under the Temp directory (in addition to the normal ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: download error
    ... I have other computers that work fine I even used a different modem, ... First, try to clean up your caches, Internet files and delete cookies ... Under General Tab clear your History, Internet Files and Cookies. ... If you still have the problem try the HijackThis: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: IE is Spamming Me!
    ... It is likely you have parasites, spyware, adware, malware, or hijackware on ... HiJackThis: - Free ... and no one will Spam you, it is one of many that provides this service. ... > window opens that is generated BY IE and it is an ad for... ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: HELP hijack this results
    ... Post your HijackThis log here: ... go to the "Spyware and Hijackware Removal" section. ... Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/ ... and everyday more spam. ...
    (microsoft.public.security.virus)