possible virus?

Im not sure if ive got a virus or not. Avast hasnt found any but i am suddenly getting a lot of mail returned to me that i havent sent. This happened before and it was a virus that was sending out emails from my computer. Any suggestions?
Thanks

I suggest:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, Free AVG Antispyware or SUPERantispyware (trojan removers).

It will be good to enable the ‘mail scanner icon’ on system tray and use TCPView (http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx) to know which application is trying to send emails.

If as you say it has happened before you should have learnt that a firewall with outbound protection should be able to block this.

What is your firewall ?
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, send spam, etc.) or open a backdoor to your computer, so outbound protection is essential.

  • Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Comodo, Sunbelt Kerio, Jetico, etc.

Trojan spambots are not viruses, unless they are sending out viruses as opposed to spam, than an anti-virus may not detect anything. avast may detect it due to email heuristics, e.g. large number of emails in a short time. So it is important to also have an anti-spyware program like those mentioned by Tech in item 4.

I have the windows xp firewall on. Is that not enough?
I have also downloaded the super antispyware and the TCP view but dont really know what i’m looking at/for with that. Can you help?

WinXP firewall is not bad. It hides your ports from attackers from outside. But it is not perfect, and it does not have outbound protection. So any malware that gets past it (because it is not perfect) can send e-mails, or connect to the internet to download more malware or send out your personal information (like user names and passwords).

Scan with SUPER AntiSpyware to find a Trojan spambot that could be sending e-mails from your computer (which might be missed by an anti-virus program, since Trojans are not viruses).

Use TCPView to show which application (other than your e-mail program) is sending or trying to send e-mails.

It provides no outbound protection, so my personal opinion is no it isn’t enough (some would argue that), the points that I make about the potential are valid but you are happy to accept that risk, it is your system.

This is one that has got past the defences and is only sending spam, it in theory could be doing any of the other things I mentioned.

TCP view should show what connections are present and what initiated them, see image. This shows what processes have connections, from mine I see that there is nothing untoward.

There is a readme.txt file that comes with the program and there is also a help file tcpview.hlp.

Super antispyware is just like most security programs (avast, etc.) it comes as an installation file, double click on that to install leave things as default and run a scan.