Sending unwanted emails

Viruses and worms
1

My computer is sending emails but I have no clue from where or to where.
It seems I have been infested with some kind of virus that uses my computer as a spam email server.
I have tried running avast, spybot and lavasoft and the problem seems to persist. Can someone help me.

I am not a spam email lord!!!

2

Why are you thinking that? How do you know your’re sending emails?
Are you running Windows XP? Did you already run boot time scanning with avast?
Can you download, install and run ewido? (www.ewido.net)

3

How do you know, is avast detecting multiple identical emails, etc. ?
Are you getting connection timeout warnings ?

It certainly sounds like you have a spambot trojan on your system, use ewido (a trojan specialist) as Tech mentions if you have XP.

Do you have a firewall (I hope you don’t say XP’s), if so what ?

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

4

I am running 2000 and I got a lot of time outs, and when I selected in Avast show detailed information, I got a lot of info of outgoing emails that I am not sending. Something about a Gravitizier thing to help thoses with sexual problems.

5

Please post the detailed text in the timeout warning, it may have the program responsible for sending or post a screen shot. You do have some form of email spambot installed, that doesn’t require your email program.

If it does you could also block internet access as a temp measure until this is resolved, you do have a firewall don’t you, which one ?

You could download and run ewido as it will work on win2k, it might be best to run it from safe mode, but see what it comes up with in normal mode first.

6

Ok I ran Weido and it found something that I don’t remember the name but I will tell you soon. It solved the problem. It was actually using my computer to send emails, but not my email program. I didn’t had a firewall but need to install a free one. Any sugestions?

7

:slight_smile: Hi :

 If you want to know if you are "really" clean, I would advise
 you to ask on the forum of your antiSPYWARE provider; if
 you know of none, I recommend www.landzdown.com .
8

I said it wasn’t using your email program, many of these come with their own email program, that is why a firewall is an essential part of your system security.

Zone Alarm free is fine and works with avast, it has a reasonably friendly user interface.

Welcome to the forums.

9

Guys, you are great. Thanks for all the help. I thought I should leave the ewido report for you to see.

==========================================================
Scan result:
Backdoor.Bifrose.d : Cleaned with backup
Backdoor.Bifrose.d : Cleaned with backup
Backdoor.Rbot.eb : Cleaned with backup
Backdoor.Bifrose.d : Cleaned with backup
Backdoor.SdBot : Cleaned with backup

::Report End

========================================================

Again thanks :smiley:

Can I fing out how it got in?

10

Your welcome.

Trying to find how something got in could be almost as difficult as getting rid of it, but a place to start is to google some of the list of trojan names you gave and see if there is a common route of entry and secure it.

As a general rule ensure that any vulnerabilities in your OS (or other software) aren’t exploited by keeping it up to date. Many of these require permission to create registry entries, put files in system folders, etc. and they inherit that from your logon permissions, so if you have administrator permission so will they.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

11

I’ve received a message from zonealarm saying that peansaul.exe is trying to access the internet. I said no, but can’t find info about the program. Can you help? IP 206.53.51.112:DNS

And redmond.exe, IP:208.185.174.44:DNS

Thanks

12

Did you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.

We must be sure you’re system is clean…
Did you run ewido antitrojan?

13

You still appear to have malware trying to connect to the internet, try running ewido from safe mode and see if that picks up anything more. I would also suggest you start looking at the Hijackthis info and run it.

14

Done ewido in safe mode and also avast boot sector scan and they found nothing. I will try the other solution but now only monday. Any info on any of these files would be apreciated.

15

Done HijackThis

Found them to be worms. Removed everything suspicious. THANKS:DDD:D:D:D:

16

Your welcome, at least with a fully functional firewall monitoring outbound traffic you can see what is going on, otherwise you would have been none the wiser.