My PC send Spam emails !

Good evening,
I am French, my english is poor.
Since yesterday, I see, thanks to avast home ed., that My pc sends emails (without use outlook express).
Avast says too much emails send in a little time (in french).
More, I scanned several times my pc with Avast, it saw nothing.
As my connection to the net works very bad since this fact, it is difficult to download some other tools. - I am using for the moment my laptop, on the same home network without problem.)

I tryed to see the “malware” connections by reinstalling kerio 2.15, but I saw nothing.
I also use CTRL ALT DEL to watch applications running, nothing
Search boot and destroy equaly…

I use XP PRO SP2

So, do you have any idea ?
how can I see how the malware runs and where is it in hard disk ?

Thanks to all!

Jean-Philippe

It looks like you have a trojan email spambot on your system. avast is able to see the multiple emails but not detect the trojan responsible for them.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode Ewido anti-spyware.

What is the process that is sending the email ?
You could block this in your firewall, assuming it isn’t detecting ashMaiSv.exe the email proxy as the sending process. The older version of Kerio may not be able to identify these leaks/unauthorised internet accesses.

Your English is fine.

Dear DavidR,
Thanks for these responses as quick as possible ! great !
I have just downloaded ewido.
I will put it (to morrow, it is night here) on USB key and check te desktop PC
I will let you know the results !
Tnx a lot again
Jean-Phi

A secret : I work with my laptop from bed, my wife is sleeping closed to me :wink:

No problem, welcome to the forums.

I’m not sure if you can put ewido in a USB key as it is usually installed on your HDD as it runs services and has registry entries, etc.

It is night/early morning here, just after 1:10 a.m. and I’m just about to go to bed. Good luck.

Dear friends,
My pb is resolved.
I saw with ewido some trojans…
seems that the problem came from :
C:.…\s_viewpage1.1.2.1025setup.zip/VPSetup.exe → Downloader.Agent.yd

Thanks,
Good day to all
Jean-Philippe

Hopefully that is and end to the problem, however, I’m not sure that a trojan downloader would be responsible for the spam messages being sent. It could be more likely that something it downloaded to your system was responsible. Monitor your system to ensure that there are no more spam emails being sent.

It may also be worth using a tool to see if there is anything else running. Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3

Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Post the contents of the hijackthis log file here.

Dear DavidR.
I search again into my PC.
I found the real thing. the trojan is named by ewido Downloader.Horst.a

In temp folder several .exe are present (at date) 08/17 for example 2exhdd.1.exe (27Ko) 14exssd32.1;exe (26Ko) and 14exmodul32s.3.exe (48Ko) all other files are on same model (digits change),

At same date and hour 3 tx files named domains.txt (350Ko) , fnames.txt (87Ko) and lnames.txt (184Ko)

I think these infos will help anybody in doubt by do a search with these filenames!

Greetings to all!
Jean-Philippe

more info around my last post.
Some other files are found :

hdd.1.exe.conf 1Ko
ssd32.1.exe.conf 1Ko
modul32s.3.exe.conf 1 ko

seems to be the “parents”… to start the .exe

For datas :
fnames.txt.cab 29Ko
domains.txt.cab 118Ko
lnames.txt.cab 84KO

Hope be helpfull.
Jean-Philippe

:slight_smile: Hi Jean-Phi :

  In the past we have had people report having 
 "__exmodul..." on their computer; the latest thread here
  is : http://forum.avast.com/index.php?topic=21798.0 .

  What you have appears to be serious that it should be
  dealt with by Experts on an antiSPYWARE forum, so I
  recommend you ask for help in the forums of your
  antiSPYWARE Provider; if you know of none, I recommend
  the Ad-Aware oriented forums at www.landzdown.com .

Hi Spirit!
Please accept my appologizes if I have disturbed.
Yesterday I searched on this site (and others) about my problem and of course at this moment I didn’t knew the “xxexmodule.exe” and it wasn’t so evident to find with the subject. More I am not a very good user of the english language
I believed to be helpfull by giving the results today.

Regards,
Jean-Philippe