Suspicious Message!

I keep getting these suspicious message warnings. They typically look something like this:

Sender: Somsanith esukokat@LAPLINK.COM
Recipient: “33658458548564863329@conlicitacao01.com.br” 33658458548564863329@conlicitacao01.com.br
Subject: Temptations galore

Or:

Sender: cvnnn esryh@LAPLINK.COM
Recipient: “3373a7b1.7dc0dd@mtc.com.my” 3373a7b1.7dc0dd@mtc.com.my
Subject: Webcam girls live - free

They appear every few seconds and I suspect it is some kind of virus using my internet to send out these emails and they are using a lot of my bandwidth.
The sender is always Laplink.com. I did a search for laplink to see if it is some type of common virus but its not. Avast has scanned my system and found viruses and deleted them but it is not stopping this particular issue.

Somebody help Please!!

What does avast say is suspicious about the email ?

I take it that these are outbound emails and you don’t happen to sending at the time ?

If so you might well have an undetected or hidden trojan spambot.

What is your firewall ?
What is your OS ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).

  1. If using winXP or Vista SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner (if you use this don’t install the toolbar or crawler or the anti-virus module). Or a-Squared free On-Demand only with free version(if using win98/ME).

It says, “There are too many identical e-mails in appointed time.” My OS is Windows XP Home Edition SP2.

My current firewall is just the windows firewall. I had Mcaffee firewall but it wasn’t blocking these.

I tried the Superantispyware as you recommended and it found about 15 trojans and quarantined them but I am still having the same issue. I will try the other ones you listed as well.

The too many identical emails is a good indicator that you have a trojan spambot on your system.

Did you run SAS from safe mode as that is more effective ?

The item might be hidden, possibly by a rootkit so it might be worth running some other anti-rootkit scans.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.

Hey DavidR, I did run the antispy in safe mode and it pretty much did the same thing as in regular mode.

I did do try and anti-rootkit scan and guess what? IT FIXED MY PROBLEM!!!

Thank you so much, I really appreciate your help!
;D :smiley:

No problem, glad I could help.

Which anti-rootkit did the job ?
Possibly more important what was the file name and location of the file responsible ?

I should have mentioned earlier that if anything was found to try and save a sample of it so it could be sent to avast to improve detections.

Welcome to the forums.

Thank you! This is an awesome forum BTW.

It was the first one I tried, the Trend Micro Rootkit Buster. The name of the malicious file is XPDX.SYS, in the windows/system32 folder.

Avast was detecting it and asking me if I wanted to delete it and I would select yes and then it would tell me it had to restart the computer and do a boot scan but when it did that it didnt find it in the boot scan, and it would just detect it again once windows started and ask me the same thing over and over.

I also have AVG Free 7.5 installed and after I did the rootkit buster, AVG detected it and allowed me to put in the Virus Vault.

When a rootkit is killed the underlying protected files may be dealt with.

Though if as you say you also have AVG 7.5 anti-virus installed it isn’t recommended to have two resident anti-viruses installed as there is a likelihood of them conflicting and this could lock your system leaving you worse protected rather than better protected. You can get too much of a good thing.