HELP!!!!!! POTENTIAL VIRUS/SPYWARE INFECTION!!

[Dusty0463]

Okay, this is really freaking me out and I'm at a loss for answers right now. I have an
issue that when I'm connected to the internet(unfortunately I have dialup), I'm seeing the task bar at the bottom of the screen that my machine is randomally sending out email message. The strange part is, none of the emails it's sending out are to email addresses I recognize, so I know it's not grabbing them from my address book, and they all have random subject lines such as "home business opportunity" or "office information" or "instructions from our meeting" etc....and many many more. I'm freaked out because I don't know where it's pulling these addresses from that it's randomally sending out. I ran the free virus checker and the adaware, but it's not finding anything, that's what has me worried!!! Also, my outlook express isn't even open and none of the emails it's sending out are showing up in my sent box!...I know it's sending them, because my norton is running and it brings up a orange box that says "scanning 1 message" prior to sending. Sometimes the message can't be sent to the recipient and it brings up random error messages such as "null data not allowed" or "recipient rejected, could not send"....(that's now I know the email adress isn't anything I recognize, because it shows it). Another thing is that it's very random when it attempts to send out the messages. Sometimes I can be on for 15 minutes and it's fine, then it tries to send like 5 or 6 our, then 2 minutes it's okay, then it tries to send just 1 out, very random.
I'm wondering if my ONLY hope is to do a complete system restore?? I really want to avoid that as I have alot of stuff I'd have to backup to CDs. Any suggestions on what I might do to get rid of this??? If my anti-virus checker isn't finding anything and my addaware isn't finding anything, what to do?..


Thanx so much in advance!

Dusty

 

[erikhertzel]

Sounds like you are a spam zombie. I would try a few other things and figure to figure this one out. It's probably some trojan of some kind.

I would check for malware with this great product:

Webroot Spysweeper

Download it here:

http://www.sabethacomputing.com/downloads.html

Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:

http://www.ewido.net/en

Update it and run a complete scan.


I would also check it with some other virus scanners just to make sure.

http://housecall.trendmicro.com

http://www.pandasoftware.com/activescan

Report back...

Best regards.

Erik

 

[BadBigBen]

And it would be helpful if you post a HiJackThis Log after the above has been checked...

HiJackThis can be found here:

http://www.merijn.org/files/hijackthis.zip

http://downloads.subratam.org/hijackthis.zip

http://www.unitethecows.com/software/HijackThis.exe

http://www.bleepingcomputer.com/files/Merijn/HijackThis.zip

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

http://castlecops.com/downloads-file-328.html

Choose your mirror...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

 

[kjv1611]

And what free virus check and adaware checks did you use?

You could also try AVG Antivirus Free from

http://www.grisoft.com

for antivirus (will actually work along side Norton, the last time I tried). The free version is 100% free, no trials.

For adware/spwarey, install these 3:
SpywareBlaster (will stop some from being installed)
Spybot Search and Destroy (protects and scans/removes)
Ad-Aware Personal SE
These 3 can all be gotten 100% free (no trials) at

http://www.download.com

You could even try RegScrubXP from

http://www.majorgeeks.com

- it hasn't been updated in a while, and it only works on Windows XP (and maybe 2000).

As far as the best option, in this case, I would definitely just do a system restore if at all possible. I think the risks outway the headaches of a backup. And, besides just using CD's, you could pick up a new hard drive, and install it or have it installed relatively cheaply, and just back up your files to that, THEN do a restore, and you'd have your files ready to roll after the Windows installation is complete!

And, even though you are using dial-up, since you've already gotten infected at least once by something like that, it might not be a bad idea to install a firewall (either by Norton or Syamantec - pay for) or by something like Zone Labs Zone Alarm Free - at

http://www.zonelabs.com.

Regardless of anything else, it's be much better to just up and reinstall Windows (do a full reformat and reinstall). After all, you see the emails being sent, but what you don't see MIGHT be scarier.

As a matter of fact, for the absolute best protection, you could do this:
1.) Get an extra hard drive (can be gotten for less than $50, generally)
2.) Install new hard drive - this is much easier to do with modern computers than you would ever imagine.
3.) back up your files to the new hard drive (just the stuff you know you want to keep
4.) Format the original hard drive with Darik's Boot and Nuke (I'd get this off the internet and burn to a CD or put on a floppy BEFORE formatting doing anything else, or have a friend with a non-infected machine get it for you.
Dariks Boot and Nuke (DBAN) can be found here:

http://dban.sourceforge.net

- 100% free, and works 100% of the time.
5.) Reinstall Windows on the freshly formatted (to military/gov't specs) hard drive.
6.) Put your files from the back-up hard drive back into whatever folders you want them in (I would just use the back-up hard drive as the "My Documents" location, and access them all that way.
7.) Before you connect to the internet, make sure (if possible) you have all possible udpates, and though you have a dial-up connection, I'd go ahead and at least turn on Windows firewall). As soon as you connect to the internet, even with dial-up, the average computer will get pinged for an "attack" within the first few minutes of being online - so, before you could browse to and find any of the programs to download, most likely.
8.) Install all the Antivirus/antispyware apps. I've had an extremely good experience using this combination (below) on my personal computers as well as others I've repaired/restored:

Firewall (Usually don't need with dial-up, but in your case, you might want to): Zone Alarm Free
Antivirus: AVG Antivirus by Grisoft (Free version)
Spyware/Adware: SpywareBlaster, Spybot Search and Destroy, and Ad-Aware Persoanl SE

Then, make sure your Windows installation has all updates and patches (would be best to at least get Service pack 2 from a CD if you have one, and it's not in the original installation). The updates/patches may be best to get first thing.

But, if you want to try and weed it out, you could try hijackthis, as mentioned already.

HTH

 

[Dusty0463]

Thanx everyone for all your wonderful replies. I've read them all and writing notes from each of them as I read them.....

One thing of note. I ran SpySweeper(which someone suggested)last night, and I found a trojan called "trojan-backdoor-user15info" can these be the cause of my problem?? The trojan's description doesn't seem like what's happening to me as it didn't say anything about email when I googled it....

 

[kjv1611]

One thing about viruses, such as trojans, if one gets on, then it is often just a matter of time until there are more. Many viruses will install others, or signal out to other sources that your computer is vunerable. So, it could be that the one you described opened the door for another one to cause the damage.

There are also some small virus removal apps by Norton and Macafee that seem to work well at times, as well. For the one from Macafee, you can go here:
vil.nai.com/vil/stinger/

It is totally free, and all you do is download it, and run it, no install required. That might be a good first step.

 

[erikhertzel]

Yes, that trojan backdoor-user15info is probably related to your problem. I would clean it and any other trojans that you may find.