suspicious message - There are too many identical e-mails in appointed time

hi everybody i am new to this forum and pretty much a novice in terms of computers and software

today as i switched my pc on i started recieving these notifications, like 20 a minute! i clicked on don’t send each time.
below the message was a smaller box which had a reciepient and sender email addresses, both of which were unfamiliar to me, with messages clearly indicating spam (such as erectile dysfunction etc)
i then realised that spam is being generated somehow from my pc.
i was wondering if any of my emails were involved in this process.

as this grew out of control within a minute i pulled my LAN cable out to disconnect from the internet.
the messages stopped.
i scanned my pc with superantispyware and avast, and they both found no viruses

i then done some research on another pc and other people complaining about this problem blamed it on a backdoor trojan virus. (i have no idea what that actually is)

the problem is that i am running an windows OS called vista mini, which does not have an option for system restore.

i have no idea how to approach this problem.

any help will be much appreciated

check your computer for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
run quick scan and click on the remove selected button to quarantine anything found
you may post the scan log here

ok thanks i downloaded it did show many viruses indeed

here is the log :

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4237

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/26/2010 16:54:52
mbam-log-2010-06-26 (16-54-52).txt

Scan type: Full scan (C:|)
Objects scanned: 255642
Time elapsed: 1 hour(s), 51 minute(s), 0 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\Users\Administrator\AppData\Local\Temp\svchost.exe (Trojan.Oficla) → No action taken.
C:\Windows\System32\qtplugin.exe (Rootkit.Agent) → No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) → No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\start 1 (Trojan.Oficla) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) → No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command(default) (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) → Bad: (0) Good: (1) → No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Administrator\AppData\Local\Temp\svchost.exe (Trojan.Oficla) → No action taken.
C:\Program Files\Silver Sands Casino\bj.dll (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\directsound.dll (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\extgame.dll (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\Install.exe (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\lbyinst.exe (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\miniprocess.exe (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\plibc32.dll (Adware.Casino) → No action taken.
C:\Program Files\Silver Sands Casino\winsound.dll (Adware.Casino) → No action taken.
C:\Windows\System32\B06EjX0T.exe.a_a (Trojan.Agent) → No action taken.
C:\Windows\System32\qtplugin.exe (Rootkit.Agent) → No action taken.

should i remove the infected items since some of them are system files?

what do i do now?

thanks

That file qtplugin.exe isn’t a system file (nor is the other one) just located in a system folder a common trick to try and hide the file and confuse the user into thinking it is an important system file. This rootkit is what is likely to be hiding the other malware.

The other detections look good too, my only question would be did you install this Silver Sands Casino stuff, if so and you accept that it is going to deliver ads, then you can decide if it can stay. Me I would uninstall it they are already making money if you use the Casino without getting ad revenue too.

  • Run MBAM again and this time when the scan is complete, all detections should have a check mark in the box to the left of the entry, leave them selected (or select if not selected). At the bottom of the window there is a button, Remove Selected, click that and the items will be removed.

yes, i installed the casino application a while back, used it like once and then forgot about it. i just uninstalled it now, and i removed all the infected files found by malwarebytes , and the problem has stopped.

my only other question is

Is my computer now good to use? - is there another source/application that downloads the virus?

i’m currently using windows firewall, should i get another firewall (if so which is a good one?)

how can i stop this from happening again?

thanks very much

You’re welcome.

Yes you should be good to go now. However I would suggest that you run another avast scan and see if it finds anything else now that the rootkit is gone.

Keep MBAM as a secondary application and periodically run scans (weekly/fortnightly, etc.), ensure that you update its signatures before running the scan. If there is anything that you are unsure of ask.

I don’t use Vista, but I believe it is on SP2 now so I would advise updating it to SP2 - I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

Many forum users are using these:

  • PC Tools Firewall seems to have the least user headaches as it doesn’t seem to be constantly asking the user questions about this and that.
  • Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
  • Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/