Virus that sends outgoing emails?

Outgoing email scanner has alerted me to thousands of outgoing emails being sent without my knowledge… I was wondering why my PC was slowing down. The On-Access Scanner Message looks like these…

Scanning Outgoing email ‘Re: bacteriologic’ From: “Mauno JLJtras” cbredol©nhealthsys.org>. To: nlackey_tfOmad2kzlstln.orn
Scanning Outgoing email ‘Re: bacteriologic’ From: “Fabia Mof~tt” ademilofto@jackfranks.ow. To: niackey_tm@rnail2kin,berty.com

I have done both bootscan and regular scan …nothing shows up… is there a know virus that does this and does anyone know how to stop/get rid of it???

A hackthis log would be helpfull :wink:
Yes some viruses\worms can do that.
Maybe you have a spambot :-\

Al968

It will be good if you download, install, update and run other trojan remover tools:
a-squared
Free AVG Antispyware
SUPERantispyware
Spyware Terminator

Hack This??? you mean like a “HijaakThis-Log”

I have adaware, spybot, and have tried PCcillin’s “HouseCall” … house call found a few but couldn’t remove them completely… still none related to the outgoing emails (14852 so far)… will kill SysRestore and cleanup temp files/prefetch… then see if safe mode can scan any better

Yes.

But, please, test the trojan removers besides avast.
Better will be running avast at boot time (scheduling it).

Don’t worry about HiJackThis (HJT) for the time being, download, install and run AVG anti-virus (AKA Ewido) mentioned by Tech or try the on-line scan first http://www.ewido.net/en/onlinescan/, as these are more likely to detect a Trojan spambot mass mailer.

If you ran HJT first it is likely to include stuff that would be removed by these tools and just clutter things up. If the conventional tool don’t resolve it we can use HJT, which doesn’t detect or remove anything, it just reports data running on your system and needs analysis.

Do you have a firewall (because that should detect this unauthorised outbound connection), if so what is it ?

You might want to change your avatar for another, resize or use this one. We try to keep avatars around 100 X 100 for those who don’t have high resolution monitors.

Thanks everyone… but still have same problem… bootscan didn’t help for the 5th time.

Logfile of HijackThis v1.99.1 attached

Did you test these programs?

I tested all programs including those you mentioned… even Symantecs online scanner and none found anything… till I notice that smss.exe and winlogin.exe were loading from my windows folder and then checked that there were similar but not duplicate vers in my system32 folder… once I renamed them even avast was able to cleanup winlogin.exe=w32.gen virus, and smss.exe=some ver of a horst trojan…

All better now If I could just figure out how they got in???

P.S. thanx to all who gave advise… :stuck_out_tongue:

How is always going to be difficult to answer, but there may also have been something hiding them.

Now that you have renamed and removed those you might want to try the other tools again, but this time run them from safe mode and see if they pick up anything else.

You should also take proactive measures to stop them getting established in system folders and creating registry entries, etc.

You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.