Good evening,
I am French, my english is poor.
Since yesterday, I see, thanks to avast home ed., that My pc sends emails (without use outlook express).
Avast says too much emails send in a little time (in french).
More, I scanned several times my pc with Avast, it saw nothing.
As my connection to the net works very bad since this fact, it is difficult to download some other tools. - I am using for the moment my laptop, on the same home network without problem.)
I tryed to see the “malware” connections by reinstalling kerio 2.15, but I saw nothing.
I also use CTRL ALT DEL to watch applications running, nothing
Search boot and destroy equaly…
I use XP PRO SP2
So, do you have any idea ?
how can I see how the malware runs and where is it in hard disk ?
It looks like you have a trojan email spambot on your system. avast is able to see the multiple emails but not detect the trojan responsible for them.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode Ewido anti-spyware.
What is the process that is sending the email ?
You could block this in your firewall, assuming it isn’t detecting ashMaiSv.exe the email proxy as the sending process. The older version of Kerio may not be able to identify these leaks/unauthorised internet accesses.
Dear DavidR,
Thanks for these responses as quick as possible ! great !
I have just downloaded ewido.
I will put it (to morrow, it is night here) on USB key and check te desktop PC
I will let you know the results !
Tnx a lot again
Jean-Phi
A secret : I work with my laptop from bed, my wife is sleeping closed to me
Dear friends,
My pb is resolved.
I saw with ewido some trojans…
seems that the problem came from :
C:.…\s_viewpage1.1.2.1025setup.zip/VPSetup.exe → Downloader.Agent.yd
Hopefully that is and end to the problem, however, I’m not sure that a trojan downloader would be responsible for the spam messages being sent. It could be more likely that something it downloaded to your system was responsible. Monitor your system to ensure that there are no more spam emails being sent.
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Post the contents of the hijackthis log file here.
Dear DavidR.
I search again into my PC.
I found the real thing. the trojan is named by ewido Downloader.Horst.a
In temp folder several .exe are present (at date) 08/17 for example 2exhdd.1.exe (27Ko) 14exssd32.1;exe (26Ko) and 14exmodul32s.3.exe (48Ko) all other files are on same model (digits change),
At same date and hour 3 tx files named domains.txt (350Ko) , fnames.txt (87Ko) and lnames.txt (184Ko)
I think these infos will help anybody in doubt by do a search with these filenames!
In the past we have had people report having
"__exmodul..." on their computer; the latest thread here
is : http://forum.avast.com/index.php?topic=21798.0 .
What you have appears to be serious that it should be
dealt with by Experts on an antiSPYWARE forum, so I
recommend you ask for help in the forums of your
antiSPYWARE Provider; if you know of none, I recommend
the Ad-Aware oriented forums at www.landzdown.com .
Hi Spirit!
Please accept my appologizes if I have disturbed.
Yesterday I searched on this site (and others) about my problem and of course at this moment I didn’t knew the “xxexmodule.exe” and it wasn’t so evident to find with the subject. More I am not a very good user of the english language
I believed to be helpfull by giving the results today.