my pc is sending lot's of spam mail

hi,

i’ve executed downloaded exe file by mistake and everything has began :slight_smile:
please, do not tell me, that it was my fault, i already know it :slight_smile:
and i cannot find that exe file again and i do not know, where i’ve downloaded it :frowning:

  1. sends loads of emails when I connect to the internet
  2. notepad not working(to protect this computer windows needs to close this program)
  3. boot.ini blocked
  4. hidden files/folders no longer available / even if i uncheck the option in explorer, after clicking OK it is the same :frowning:
  5. combofix, smitfradufix are closed right after startup without any result (in safemode as well)
  6. i’ve tried SDFix in safe mode, but there were many 16bit error popups, therefore I assume, it was usesles,… and maybe it caused more problems
  7. i’ve tried spywareterminator (no success), ccleaner (no success), awast (no success), symantec antivirus (no succes … but this always showed me a process of scannig outcomming spam mails … that was the way I realized, that there is a problem)

i’ve attached:

  • log from runscanner
  • log from hijackthis

log from ethereal and runfile from runscanner cannot be attached,… if there is a need, i’ll post them somewere

i need my computer for work asap, and i’m paralyzed :frowning: … could you, please, take a look on this? i’d be very thankfull :frowning:

Running Symantec and avast! together is not going to help!

There’s nothing obvious in the log, so it’s probably a rootkit.

Have you tried a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested.

i’m going to try explore rootkit possibility
running both antivirus programs was only at that time

any other hint? :frowning:


Please uninstall Symantec AV as it will cause conflicts even if it is not used as the resident av. Be sure to use the appropriate Symantec removal tool for your version of their AV. It is available at their website.


any other hint? :(

The avast! boot time scan looks for rootkits, but you could try some other rootkit scanners:

Panda Antirootkit
Blacklight
Trend Micro Rootkit Buster
McAfee Rootkit Detective
Sophos AntiRootki

Try RUBotted.

Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including [b]mass mailing[/b] - a common activity performed by a bot-infected computer.

I also suggest the general cleaning procedure bellow.

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.