Had a virus, now being used to send spam

Hey everyone. Got infected pretty bad a few days ago by some script from a website, dont know how it got in but it did. Took me a while to clean it up, lots of ad-ware and also got lots of viruses. Yesterday I noticed that avast’s email scanner was constantly scanning mail, which I thought was odd, so I stopped the internet connection so I could check it out. I was then bombarded with 17 messages from the avast email scanner saying that operations had timed out. An example of one of the messages is :

“internet connection timeout elapsed. Continue waiting? (explorer.exe → mta-v5.level3.mail.vip.mud.yahoo.com:25)”

each of the strings after explorer.exe are different, although they are along the same lines. Does anyone have any ideas what this is?? I’ve done loads of virus scans and have deleted all the viruses. Any help would be greatly appreciated.

Do you have a firewall (what), if so as a temporary measute block explorer.exe internet access whilst you deal with the problem. This is either a second copy of explorer or some form of injecton/misuse of the original. Ewido, see below, will possibly be your best bet.

What is your OS?

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.
  4. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

I’ve just got the standard windows XP firewall. Not sure how to block programs on it, will take a look. thanks for the help, i’ll give it a go, and will try the software you reccomended.

The windows firewall (1/2) doesn’t provide outbound protection it only allows for exceptions programs to allow rather than block. So I don’t think you can do it with XPs firewall.

I suggest you get a free full firewall ASP, Zone Alarm free is fine, there are others.

After my last post I remembered about zone alarm, so got that. I’ve blocked explorer.exe, and it attempted to send a lot of outbound connections. No emails have been sent since blocking explorer so its definatly something to do with that, found a lot of things that MS antispyware didnt pick up with ad-aware, and am now running spybot.

I know it is somthing to do with explorer.exe, exactly what is the problem. I would have thought you would have run Ewido first as that is most likely to be able to deal with this.

I ran all the programs, they all found different things wrong, I’ve re-enabled explorer.exe and haven’t had a problem yet, fingers crossed.

Me personally even though my system is clean, explorer.exe is the top of my firewalls blocked applications list. If I wan’t to connect to the internet I will use my browser or ftp program if required.

Welcome to the forums.

Thanks for your help, and thanks for the welcome :slight_smile: