recovered from viruses, now access scanner shows emails sending sending sending

today i recovered from a virus infection, and all seems well in windows (xp), however every few seconds my on-access scanner pops up a listing for emails being sent. never the same “from” or “to” email, (not my emails) and they’re all about penis products. spam.

obviously this is remnants of the problem i recovered from the last couple days, but i don’t know what to do about it. please advise, thanks in advance. i paused the provider “internet mail” but i’d like to solve the issue.

Looks like you have a hidden or undetected trojan spambot.

What is your firewall (as this should also help block this) ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Pausing the Internet Mail provider is the last thing you want to do as that is stopping this stuff being sent.

well as it turns out, the problem exploded into a major malware situation. finally, prevx cleaned it up, as far as i can tell. i had to use avast in coordination with the prevx cleanup, following the directions.

it didn’t come off easy. for a while it looked like prevx was just flipping out and falling apart. i stuck with it, and it went crazy for a while, like it was infected too, but i just tried to keep following the instructions as they popped up and after about 4 or 5 or even more runs and restarts, i got a clean bill of health.

the main issue was a supposedly really new malware, i got it by doing something i’d never done, which is open a game i downloaded. i will never do it again.

at this point, the machine is up without any errors from anything. however, avast is not really working. i’m waiting a while to try to heal up from the horror before i press the issue any further. but to explain, avast is not running in the system tray, and there’s no little blue ball running, tried the fixes on the forum here to no avail yet. if i keep the avast scanner open on my desktop screen, it seems to be running and the resident scanner says “standard”, so i’m assuming right now the on-access scanner is working. i will see what more to do next, later. i think perhaps using the avast uninstaller, then reinstalling it might work, or maybe i will run sfc /scannow and repair the windows files it might have damaged. first i need to just settle in a bit and catch up on daily life stuff.

any further advice is greatly appreciated.

Did you download, update and run the other two programs I suggested ?

Just reinstalling might not b enough if it isn’t functioning correctly now - Try a clean reinstall of avast.

Download the latest version of avast http://www.avast.com/eng/download-avast-home.html and save it to your HDD, somewhere you can find it again. Use that when you reinstall. Ensure that you scroll down and select the avast direct download link for the English version and not Cnet as that is for an on-line installation (not what you want to do).

Download the avast! Uninstall Utility, find it here and save it to your HDD.

    1. Now uninstall (using add remove programs, if you can’t do that start from the next step), reboot.- 2. run the avast! Uninstall Utility, reboot. If step 1 failed it may be necessary to run this from safe mode, once complete reboot into normal mode.- 3. install the latest version, reboot.

Thank you. I haven’t done that specifically yet, but will do it soon. I did do that process, EXCEPT for uninstalling it using the avast uninstall utility. I was figuring that might be the difference, so I will come back in a day or two and let you know.

and yes, the first thing i did was use the programs you mentioned above. they didn’t get the problem solved. so i went with my netbook and looked up every file avast was mentioning, and prevx kept coming up with the descriptions of the files as malware, and claimed it would clean them off. we decided to go ahead and purchase it for one month, but the malware had sucked all my memory and internet into oblivion so that took a long while to get through the purchase process. but we did it, and finally prevx was the winner in the whole situation. i think the main problem is, i took way too long to realize it was not a virus, but malware. a week. so for a week it was inserting itself galore all over the machine. the first scan with prevx showed about 300 infected files, then it would go down in number, down, down down until i was left with one, lsass, and it cleaned it up. i’ve run it since several times, and still a clean bill of health. seems all my computer is running as usual too. feels like a miracle.

thanks so much. we’ve been using avast since a lonnnnnnnnnnnnnnnnnnnnng time ago, when it first came out, and recommend it to everyone. i will follow up with the avast uninstaller, reinstall it from that download link, and get back when it’s over. thanks again.

OK, until then.

okay i uninstalled avast using the utility provided, in safe mode, rebooted, installed the new avast from the link provided, and still it’s in the same condition. no blue balls at the bottom, and i have to keep the scanner open to maintain the on-access reading “standarsd”.

so i will keep looking. any further commentary would be appreciated. i’m not receiving any errors from the system or anything. just avast isn’t there.

perhaps even though the superantispyware isn’t running, it’s conflicting with avast? it’s on my desktop, not running though. that i’m aware of.

SAS even when running shouldn’t conflict, I have the pro version which runs resident and no problems with avast.

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?

Try this - DrWeb also do a Live CD this can be run before windows starts, so if there is anything hidden whilst windows is running this may find it, http://www.freedrweb.com/livecd/?lng=en, documentation ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf

No i haven’t added any other antivirus to the machine. i will take a look further as you suggest and get back later, in a day or two.

It isn’t just added another AV but has there ever been one before you installed avast ?

nope, always used avast. never used any other.

Other that no avast icon in the system tray, what other avast processes are running in the task manager, they begin with ash and asw, see image ?

Temporary fix:

  • avast! icon missing - As a temporary measure until this is resolved you can create a desktop shortcut for this file C:\Program Files\Alwil Software\Avast4\ashDisp.exe (the avast icon and interface to the providers). Right click on the file and select Send To, Desktop (create shortcut). You will need to run this after each boot until the problem is resolved.

Check the option in the Appearance tab of Program Settings. Or Make a link to ashdisp.exe in your startup folder. I wouldn’t try this as a first option (but a final one) as you won’t be able to find the true cause of the problem.

You didn’t answer the question about your firewall ?
This not only should block unauthorised outbound connections, but when one is attempted then it should should show what program/file is trying to get out.

Have you tried the Dr Web live CD yet ?

Well you certainly seem to have something on your system that not only disables security applications but has also block the windows security center from reporting AV and Firewall not running.

So as in your first post, I don’t believe you have recovered from that infection.

I don’t even know if you have run the programs suggested and for me that is not helping as I have no idea if you are even doing what is suggested. So if you can’t get MBAM to install and run in Safe mode as previously suggested (that should at least clear the blocking of the WSC reporting disabled security.

So I’m going to ask you to go through this topic in order and try what is suggested and report the findings after each step or I’m working in the dark and not able to help.

Okay, thank you, and i will report back. I do know how difficult itis to assit people remotely, especially as I’ve had this issue about a week now, so you have no idea how it unfolded and i’m having a hard time describing the whole thing too.

I thank you sincerely for your time, and will let you know what happens. I actually did run those programs you suggested before, but it did not do the trick, however, that’s not to say i ran them the correct way. I will do my best to go through these things and get back to you.

i only have one more question: with what i have running now, the innovative sol startup firewall and prevx, do i have to uninstall either in order to use any of the other three programs you advised me to? thanks. do appreciate the time and effort. so few support forums have such attentive assistance as this one, and so it is appreciated.

here’s the log file from malwarebytes that i ran just now. the first time i ran it, sept 10, it found and quarantined 255 files. i’m attaching this while the machine reboots to finish the cleanup. more to come soon.

OMG AVAST IS BACK IN THE SYSTEM TRAY WITH THE REBOOT!! yay, i missed thee, you little blue ball. now it says the on-access scanner is running, and boy i’m feeling some relief here.

by the way i attached the log file to the fact that copy/paste said it had tooo many characters to post here. in any case, there were 44 infected files and it seems malwarebytes got them. the security center for windows still won’t let me activate the firewall, and it says there’s no antivirus. so those haven’t changed, and i’m on to step 2 of your advisories.

i’[m on my way. i will post back after running the antispyware now.

Actually attaching the log is easiest.

Boy did MBAM clean house in the registry, those keys are what disable the list of different AVs (some also go after MBAM not in this case and you have to rename its file).

I thing you can see why we put so much emphasis to run it first.

Most of the infected files were in restore point and as such inert, avast should have detected many of them if it was actually able to run.

yeah. i’ve had such a week, i tell ya. i’m one of those computer users who never has problems. maybe hardware once a year when a power supply goes out, but little of anything else.
until this week.

right now superantispyware is running for 25 minutes and has found only 15 adware tracking cookies, so far. i’m hopeful. i will post further results as i get through it.

OK, as I said before no need for concern on the Cookies, just let SAS deal with them.

i’m attaching the superspyware log file i just saved. when it ran, avast was going bananas popping up stuff, and it wouldn’t let me hit move to chest beause the chest was already in use it said. the prevx also seemed to be running alerts for the same files. in any case, i let superantispyware run its course, and it then said to reboot to finish the cleanup so i did. i just didn’t mess with avast or prevx, but let superantispyware finish its job. then when it rebooted, prevx asked me to clean a list of infected files, so i let it clean them.

at this point, i have not run re-scans with anything yet. not the firewall, prevx, avast, nor superduperware, nor malwarebytes. i’m just posting this log file for you, and then going to decide what to do.

the windows security center does not detect the firewall, nor will allow me to activate the firewall. however, it has a little message saying windows doesn’t detect all firewalls. the security center also does not detect avast running yet either.

but avast is running in the system tray and my machine is working, internet explorere works, etc. seems just about there.