Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

my pc is sending emails too, i can't fix it!

Status
Not open for further replies.
realf

realf

Technical User
Jan 20, 2004
2
NL
A week ago my internet connection was shut down, because we would have a virus that's sending emails without my permission. I never noticed it but when i installed norton antivirus 2004 pro, and putted the option scan outgoing emails i got a lot of pop ups of norton saying: scanning 1-15 etc.
i added this log of hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 16:07:23, on 20-1-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\WindowsUpd4.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\rmctrl.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Peter\LOCALS~1\Temp\Rar$EX00.140\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=213.73.217.60:80;socks=213.73.217.60:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [kuyhygj] rundll32 C:\WINDOWS\System32:kuyhygj.dll,Init 1
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\Fonts\fonts.hta
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\RunOnce: [*kuyhygj] rundll32 C:\WINDOWS\System32:kuyhygj.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: xxx (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
pleeeease help me, i begged my provider to connect me to the internet to solve the problem....else i have to format my drives...and that takes a lot of time.
Thanks for help!!
 
Sort by date Sort by votes
The absolute first thing to do is shut down System Restore.

Remove these entries using Hijack This!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [kuyhygj] rundll32 C:\WINDOWS\System32:kuyhygj.dll,Init 1
O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\Fonts\fonts.hta
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [delmsbb] C:\WINDOWS\delmsbb.exe

O4 - HKLM\..\RunOnce: [*kuyhygj] rundll32 C:\WINDOWS\System32:kuyhygj.dll,Init 1
O9 - Extra button: xxx (HKLM)

After all of this, you need to get a good virus sweep. Even though I see AVG and Norton on your machine, you've got several viruses. By removing them here, you've taken them out of your startup list, but you need to get them off the machine.


"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
thank you very very very very much! I checked everywere and i couldn't find out what it was...After i did all you told me too, the outgoing emails were gone! I only have one question...after all this....do i have to turn on System Restore? Thanks again Realf
 
Upvote 0 Downvote
You should turn system restore back on once you're satisfied that you're clean. System Restore is most useful if you find yourself in a situation where a restore to previous state is needed, but when you're doing a cleanup like we've done, having it enabled will often repopulate that which you've purged.
Good luck!


"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Turn System Restore back on after your antivirus software has pronounced it clean after a full sweep.

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
237
2ffat
2ffat
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
287
Oorde
Oorde
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
211
Henry Pence
Henry Pence
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
249
Mike Lewis
Mike Lewis

Part and Inventory Search

Sponsor

Back
Top