Help - There are too many identical e-mails in appointed time

Just what i did not want for christmas - some kind of mass spamming virus seems to have got into computer.

I keep getting the following messages

There are too many identical e-mails in appointed time

Sender: “Lola Lynn” bflqyexw@lot.mksat.net
Recipient: garrison@teknorapex.com
Subject: top newsThere are too many identical e-mails in appointed time

Sender: “Lucia Gibson” jlslvdfo@ny.com
Recipient: garrison@teknorapex.com; garrison@tektronix.tek.com
Subject: top news

etc etc - hundreds of them ever time i go online, i have tried various scanners and removers but nothing seems to get rid of it - can anyone help please!!!

i have tried various scanners and removers but nothing seems to get rid of it
Please be more specific, what have you tried?

Something has to be running to generate these so useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Ad-Aware
  2. Spybot Search and Destroy
  3. Spywareblaster Don’t install this until you are clean.
  4. Ewido Security Suite If using winXP. or aSquared free if using win98/ME.

This sounds like the same problem i am having.

Get a firewall such as Zone Alarm and block Winlogon.exe from accessing the net.
This will fix the problem for now until the virus definitions detect and remove it.

That is a good interim measure (whilst trying to resolve the problem), but it is treating the symptom rather than treating the disease.

Waiting for avast to detect it may take some time as this is a spambot and not a true virus. A forum search for winlogon.exe should return some hits I believe this has cropped up before. I think it was some form of injection trojan that I think Ewido was able to detect, but can’t remember exactly.

Hi there i have the same problem, have searched the forums on the nett and done everything i have read about mail boots. I have tested a Normann removal tool. Dident help… I have tested evido, dident help…
Deleted something like 40 or 50 different files that was made at the time of the problem started. I have used Hijackthis… no help…

I have found no solution to the problem.

If someone can help us whit this problem i would be very pleased.
Mvh
viggi

I have used Hijackthis........ no help.....
What did you do with it? HJT isn't like an anti-virus/spyware tool where it removes harmeful entries it only reports what is running. You have to analyse the log file and decide what requires fixing, etc.

Did you visit the HJT Tutorial and on-line analysis sites I gave links to?

Post the contents of your latest hijackthis log file here.

Hi i might have found a solution, in evido->analysis->processes i found the process calld ashMaiSv.exe this is an Avast file, when i terminated this the problem was solved… i think the mail boot hijacks this file ore something. A lot of the files in the avast folder was missing before i stoped the process, after i stopped it they returned. i started it again to test and the mail boot got active again. When its stopprd the winlogon.exe has no activity in taskmgm…

Maybe this is a hint?? Maybe im wrong?? Test it and post a reply please!
Mvh
Viggi

ashMaiSv.exe is the avast email scanner, having terminated/disabled it, no checks will made to the email ports.

The problem hasn’t been solved all you have done is killed the process reporting the symptoms, e.g. multiple identical emails, likely to be a trojan spambot at work.

I’m at a loss as to what to suggest, I think you may have crippled avast using other tools. I suggest you download the latest version of avast and save it on your HDD, uninstall avast, reboot, install the latest version and reboot.

Hi still no help found, i know ashmaisv.exe is a avast file. But what i discovered was that when stopping this process, winlogon.exe stoped beeing so active. and i could run my programs as normal.
That was all…
I tried different types of virus scanners but havent been able to find this mail boot.
So i still need help clearing this from my system…
Mvh
Viggi

Read this again, "ashMaiSv.exe is the avast email scanner, having terminated/disabled it, no checks will made to the email ports. "

Winlogon hasn’t stopped being active just it has stopped being detected by ashMaiSv.exe, which you have terminated. The fact that it hasn’t been detected doesn’t mean it isn’t active. If you haven’t done anything to stop its activity, other than stop the notifications then it logically should still be running.

What is your firewall?
Have you tried this mentione earlier in the thread?

Get a firewall such as Zone Alarm and block Winlogon.exe from accessing the net.

Ok, but when you close the ashmaisv.exe you’re allowing the infection to run :cry: :-[
I suggest, again, what David posted…