My Internet was disconnected by the ISP provider as they suspected my PC is spamming email.
I then proceeded to install AVAST 4.8 almost immediately, this message about some suspicious outgoing email started popping up every second or so… It was impossible for me to use the computer unless I disable the internet.
Problem is, I have tried scanning and no virus was found, yet the message kept spawning once I am connected to the internet…
Judging by the content of the message, its pretty obvious its a spam mail (some nonsense about getting more orgasms) but i did not configure my Outlook or outlook express so how on earth were the emails sent out? Also, I noticed that the emails were sent from a foreign email account/user
I am using XP Service pack 3 , Please help me as this is really driving me nuts!! Thank you
Please download HijackThis from the link below. Do not download HJT to the desktop but instead download it into it’s own folder on the hard drive.
Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.
OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
SUPERantispyware On-Demand only in free version. - 2. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.
SpamBots like this ‘don’t’ use your email client but come with their own SMTP program, a very small one but effective no less.
I have downloaded both Anti-Malware and SuperAnitSpyware with the latest definitions but unfortunately the problem did not go away… I have attached the Hijackthis log for ur perusal.
The funny thing is: I did not get this problem when im log on to the school network, the email warnings only pop out when im logged on at home…Anw, my ISP provider called me and told me my network is spamming loads of emails thus they have to suspend my account…
Thanks in advance for the help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:08 AM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Part of Windows Live Messenger. Unnecessary (deactivated) entry that can be fixed.
Thank you CharleyO for the valuable comments
I am currently using WIndows XP firewall…is that sufficient or shld i get something else?
I have tried scanning umpteen times but nothing was found…should i do the scanning in safe mode?
How can I remove the following from the registry? Thank you
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Part of Windows Live Messenger. Unnecessary (deactivated) entry that can be fixed.
Windows XP firewall is good for inbound protection but has no outbound protection. There are software firewalls that will give you this added protection. A search of this forum for … firewall … will give you many hits. Personally, I like Zone Alarm Free for it’s ease of use but many here like and use other firewalls.
… may belong to Epson. Do you have an Epson scanner and/or printer combination?
As for the other 2 entries, you can fix them by running HJT again, check the boxes to the left of those 2 entries, and then click the “Fix checked” button at the bottom.
Yes, you can run the other 2 scans in safe mode.
Also, if you have avast’s mail scanner active, it should also alert you when excessive email is being sent from your computer.
YEs I do have an Epson Scanner and I had Norton installed in my PC…but I have since uninstalled it…
In retrospect, I recalled having similar problems when I had Norton installed on my PC, the outgoing email scanner kept informing me there were attempts to send out SPam mail using my outlook but I did not give it further thought since I only use Webmail.
I have set AVAST email scanner to ‘high’ and now its impossible for me to use the internet on my lap top without being bombarded with warning messages…
Once again thank you so much for the assistance =)
Norton is famous for not uninstalling everything and this can cause problems with any other antivirus program. It appears from the entries in your HJT log that it was not completely removed. Do you remember the version of Norton that you had?
See the link below and select the appropriate removal tool.
I have checked the logs but the warnings are not registered there and as i recalled, there is no indication of any virus/malware recognised. The warnings were generated due to attempts to send out spams from my computer… The message was just the content of the message as well as the sender and receipient…
The plot thickens . Tried to boot in safe mode and I received an application error message for winlogon.exe pretty sure my registry is compromised I ignored the messgae and is now scanning for malwares wish me luck
