email virus problem

Joined
26 Jul 2004
Messages
13
Reaction score
0
Country
United Kingdom
just recently my norton has started scanning hundreds of out going mails from my lap top, mails I'm not sending. I've basic knowledge on these things so I've scanned my laptop for viruses (viri?) and found nothing, loaded up 'spy seeker' still nothing, trojan remover still nothing, and ran a 'stinger' program which found nothing as well, but there must be something there to be sending this spam and junk out.
So, how can I detect the poxy thing and clear it out? To enable me to work I've had to switch off o/g mail scanning. The stuff going out was not infected it usually failed being sent due to a defunct mail address of the recipient.
thanking you in advance
 
i have no idea, but i will say, i have seen my pc send an email i never saw, and never typed, but it still sent it (may have been read recipt)

I have also received emails from "auto virus checkers" to say the email i sent has been destroyed as it contained a virus, thing is i never sent them an email at all, never heard of the recipriant
 
If would recommend downloading these removal tools

http://www3.ca.com/Files/CleaningUtilitiesAndTools/ClnNetsky.zip

http://www3.ca.com/Files/CleaningUtilitiesAndTools/ClnMydoom.zip

http://www3.ca.com/Files/CleaningUtilitiesAndTools/ClnBagle.zip

and run them one at a time. If you are running windows xp with sytem restore I would recommend switching it off before running the removal tools (you can do this through start-->programs--> accessories-->system tools -->system restore) It is also worth booting into safe mode (tap f8 whilst starting up) when scanning for viruses as only the bare minimum is loaded and virus scanners can clean files more easily.
 
Close all visible applications, eg, word, outlook express internet explorer etc. Look at the task manager, available from the Ctrl Alt Del sequence, when in Task manager, click on the applications tab , see if you can see any suspicious named applications, you know such as i'm a nasty remailer worm.exe, a bit unlikely I know. Try that, then we can take it from there.
 
These are just a few of the most common current viruses that spread via email from the infected machine. In my experience norton antivirus isn't the best antivirus solution, I have been running computer associates etrust antivirus on our network for the last twelve months having previously used a symantec solution and have had zero incidents of virii. however, using symantec we had a few slip through the net.

The main advantage of ca antivirus is its dual scan engines. the heuristic scan engine is amazing - enabling it to detect new virii (ie those not yet described in a signature file) just by characteristics.
 
ephellova MessNot we hope !! :wink:
Worth downloading this 'process viewer' a freeby, comes with Norton Sytem works .. a little beauty ... Loads of info on running processes plus more, very easy to use .. Have been using for years. 8)

Get it here
-------------------------
(Ed M Have you used PrcView ? Small memory use etc ... very good !!
I had a recent browser hi-jack this enabled me to catch the .exe file which was being created .. running .. then deleted very quickly, quite malicious bar-steward .... !! )

P
 
pipme said:
ephellova MessNot we hope !! :wink:
Worth downloading this 'process viewer' a freeby, comes with Norton Sytem works .. a little beauty ... Loads of info on running processes plus more, very easy to use .. Have been using for years. 8)

Get it here
-------------------------
(Ed M Have you used PrcView ? Small memory use etc ... very good !!
I had a recent browser hi-jack this enabled me to catch the .exe file which was being created .. running .. then deleted very quickly, quite malicious bar-steward .... !! )

P

Presume this is me "Ed M", quite perceptive really, as no one calls me eddie, only my parents use edward. Not used PrcView, what additional features does it offer over taskmanager? .. Maybe I should change my Id to my real nickname, two scoops?
 
Prcview with just some of the info regarding DDhelp.exe from the main window of running processes... shows associated modules, memory contents ... etc etc.

PrcView.jpg
 
Don't like your colour scheme, and what was the powerpoint presentation you were doing :?: :wink:
 
You may have been the victim of someone phishing where spammers use your computer to send out their spam emails which makes it appear to be you sending them.
Phishing has risen a lot since it became illegal for anyone in the EU to send spam mail unless someone 'opts in' to accept it.
This method places the blame on others.
My ISP regularly quarantines email containing worms, virus's or trojans.
I recently had an email returned from Birmingham University saying it was infected with one of the NETSKY worms normally blocked.
I had not sent any mail to them so I did a full scan with anti-virus, trojan and spyware programs and found one item hidden away in a solitair program I had been using for 3 years without problems. It must have recently attached itself to this program.
This was cleaned out and no problems since.
 
I cant help wondering, having read this thread, wether my problem is similar or has roots in the same area. I have been receiving emails with a variety of viruses (virii) as attachments.

Normal procedure now is to delete unknown senders with attachments. And thanks are due in turn to Grisoft free AV.
 
I'm not sure about the Kernel32.dll in the process list displayed DLL's are not processes themselves, in that that have no entry point for the run time loader to resolve. Could be a complete red herring, just think it looks a bit odd?
 
Back
Top