I have inadvertantly been infected by a spamming virus. Now my computer is
spamming emails all over the place. The source of the virus is some supposed
e-card place. I have tried a full blown virus scan of my computer with no
avail. Now, I need to know how to kill the virus head on.

"braceyr" <(E-Mail Removed)> wrote in message
news:F8A0CF42-0C65-439D-82E4-(E-Mail Removed)...
>I have inadvertantly been infected by a spamming virus. Now my computer is
> spamming emails all over the place. The source of the virus is some
> supposed
> e-card place. I have tried a full blown virus scan of my computer with no
> avail. Now, I need to know how to kill the virus head on.

Try a diffferent AV product? I found that Avast was one of the few to offer
a boot-time scan - which was needed to get rid of a virus on a friend's PC


--
John Blessing

http://www.LbeHelpdesk.com - Help Desk software priced to suit all
businesses
http://www.room-booking-software.com - Schedule rooms & equipment bookings
for your meeting/class over the web.
http://www.lbetoolbox.com - Remove Duplicates from MS Outlook, find/replace,
send newsletters

Hi John,

I am using Avast. I want to kill a virus that is running below the radar
and spewing out hundreds of unwanted emails. Avast is picking up the emails
if they look like they are duplicates or something suspicious, but that it
won't direct me to the source of the emails.

braceyr

"John Blessing" wrote:

>
> "braceyr" <(E-Mail Removed)> wrote in message
> news:F8A0CF42-0C65-439D-82E4-(E-Mail Removed)...
> >I have inadvertantly been infected by a spamming virus. Now my computer is
> > spamming emails all over the place. The source of the virus is some
> > supposed
> > e-card place. I have tried a full blown virus scan of my computer with no
> > avail. Now, I need to know how to kill the virus head on.
>
> Try a diffferent AV product? I found that Avast was one of the few to offer
> a boot-time scan - which was needed to get rid of a virus on a friend's PC
>
>
> --
> John Blessing
>
> http://www.LbeHelpdesk.com - Help Desk software priced to suit all
> businesses
> http://www.room-booking-software.com - Schedule rooms & equipment bookings
> for your meeting/class over the web.
> http://www.lbetoolbox.com - Remove Duplicates from MS Outlook, find/replace,
> send newsletters
>
>
>

"braceyr" <(E-Mail Removed)> wrote in message
news:E68A8E33-C298-48CA-BEB0-(E-Mail Removed)...
>> >I have inadvertantly been infected by a spamming virus. Now my computer
>> >is
>> > spamming emails all over the place. The source of the virus is some
>> > supposed
>> > e-card place. I have tried a full blown virus scan of my computer with
>> > no
>> > avail. Now, I need to know how to kill the virus head on.
>>
>> Try a diffferent AV product? I found that Avast was one of the few to
>> offer
>> a boot-time scan - which was needed to get rid of a virus on a friend's
>> PC
>
> I am using Avast. I want to kill a virus that is running below the radar
> and spewing out hundreds of unwanted emails. Avast is picking up the
> emails
> if they look like they are duplicates or something suspicious, but that it
> won't direct me to the source of the emails.


I hate to ask a stupid question, but, if your anti-virus software won't find
the virus, how do you know you *have* a virus? What evidence do you have
that your machine is actually infected?

Do you have a network trace or evidence that the emails are actually coming
from your machine? (hint: Just because you're getting failed delivery
notices to your email address doesn't mean that your machine actually sent
them)

Do you see some particular process running that you know is a virus?

What is the name of the virus you have? That goes a long way to finding out
how to remove it, let alone how to verify that you actually have it.

--
f.h.

I also would echo the post by F. H. Can you post the info on those questions.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"braceyr" <(E-Mail Removed)> wrote in message news:E68A8E33-C298-48CA-BEB0-(E-Mail Removed)...
> Hi John,
>
> I am using Avast. I want to kill a virus that is running below the radar
> and spewing out hundreds of unwanted emails. Avast is picking up the emails
> if they look like they are duplicates or something suspicious, but that it
> won't direct me to the source of the emails.
>
> braceyr
>
> "John Blessing" wrote:
>
>>
>> "braceyr" <(E-Mail Removed)> wrote in message
>> news:F8A0CF42-0C65-439D-82E4-(E-Mail Removed)...
>> >I have inadvertantly been infected by a spamming virus. Now my computer is
>> > spamming emails all over the place. The source of the virus is some
>> > supposed
>> > e-card place. I have tried a full blown virus scan of my computer with no
>> > avail. Now, I need to know how to kill the virus head on.
>>
>> Try a diffferent AV product? I found that Avast was one of the few to offer
>> a boot-time scan - which was needed to get rid of a virus on a friend's PC
>>
>>
>> --
>> John Blessing
>>
>> http://www.LbeHelpdesk.com - Help Desk software priced to suit all
>> businesses
>> http://www.room-booking-software.com - Schedule rooms & equipment bookings
>> for your meeting/class over the web.
>> http://www.lbetoolbox.com - Remove Duplicates from MS Outlook, find/replace,
>> send newsletters
>>
>>
>>

Dear Peter and F.H.,

Thanks for responding.

How do I know that something is wacky? When clicking on the icon for the
Avast virus scanner, the window that pops up shows that it has scanned 1600
outgoing emails just today - 7/4/07. Also, as I am working online, Avast
will issue a warning that a possible infection is present due to many
outgoing emails strangely similar. At one point today, I could not even
respond to the warning, click back to what I was working on, and begin to
focus, before the next warning was issued. Even as I am keying in this
message, more than 100 emails have been sent.

Will be listening.

"Peter Foldes" wrote:

> I also would echo the post by F. H. Can you post the info on those questions.
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "braceyr" <(E-Mail Removed)> wrote in message news:E68A8E33-C298-48CA-BEB0-(E-Mail Removed)...
> > Hi John,
> >
> > I am using Avast. I want to kill a virus that is running below the radar
> > and spewing out hundreds of unwanted emails. Avast is picking up the emails
> > if they look like they are duplicates or something suspicious, but that it
> > won't direct me to the source of the emails.
> >
> > braceyr
> >
> > "John Blessing" wrote:
> >
> >>
> >> "braceyr" <(E-Mail Removed)> wrote in message
> >> news:F8A0CF42-0C65-439D-82E4-(E-Mail Removed)...
> >> >I have inadvertantly been infected by a spamming virus. Now my computer is
> >> > spamming emails all over the place. The source of the virus is some
> >> > supposed
> >> > e-card place. I have tried a full blown virus scan of my computer with no
> >> > avail. Now, I need to know how to kill the virus head on.
> >>
> >> Try a diffferent AV product? I found that Avast was one of the few to offer
> >> a boot-time scan - which was needed to get rid of a virus on a friend's PC
> >>
> >>
> >> --
> >> John Blessing
> >>
> >> http://www.LbeHelpdesk.com - Help Desk software priced to suit all
> >> businesses
> >> http://www.room-booking-software.com - Schedule rooms & equipment bookings
> >> for your meeting/class over the web.
> >> http://www.lbetoolbox.com - Remove Duplicates from MS Outlook, find/replace,
> >> send newsletters
> >>
> >>
> >>
>

"braceyr" <(E-Mail Removed)> wrote in message
news:A8737DA2-8465-43DF-8942-(E-Mail Removed)...
>
> How do I know that something is wacky? When clicking on the icon for the
> Avast virus scanner, the window that pops up shows that it has scanned
> 1600
> outgoing emails just today - 7/4/07. Also, as I am working online, Avast
> will issue a warning that a possible infection is present due to many
> outgoing emails strangely similar. At one point today, I could not even
> respond to the warning, click back to what I was working on, and begin to
> focus, before the next warning was issued. Even as I am keying in this
> message, more than 100 emails have been sent.

I would shut down as much as possible, including IM programs, news readers,
web browsers, weather updaters, etc etc etc, and go to a command prompt and
run 'netstat -bona' and look at what is currently talking on the internet,
along with the process name, and look for the process that is sending the
messages.

But, honestly, I'd wager this isn't an Outlook issue anymore. If you need
some help, feel free to post what netstat -bona gives you. I can't
guarantee that it's the right steps. I mean, something like
microsoft.public.security.virus might be a better option.

You may want to try the Windows Live OneCare Safety Scanner first:
http://www.microsoft.com/protect/pro...tyscanner.mspx.
--
f.h.

Dear F.H.:

I greatly appreciate your help on this matter.

I will concur with your assessment that it is no longer an Outlook issue.
The emails would continue to spew down the line even after the Outlook
program has been closed down.

I took your last bit of advice first - Windows Live Care. I let it run the
full scan/defrag/register clean ... Anyway when it was finished the emails
continued to spew. I had to leave, so I put the computer into hibernation
with the thought that I would have the pleasure of continuing the saga at a
later time. But now that I have restarted my computer, I think that the Live
Care might have done the clean up anyway - the email have ceased. I am
crossing my fingers at the moment, because I am using a wireless connection
now vs. cable then and at a different location.

I will keep you posted if things should change.

"F. H. Muffman" wrote:

>
> "braceyr" <(E-Mail Removed)> wrote in message
> news:A8737DA2-8465-43DF-8942-(E-Mail Removed)...
> >
> > How do I know that something is wacky? When clicking on the icon for the
> > Avast virus scanner, the window that pops up shows that it has scanned
> > 1600
> > outgoing emails just today - 7/4/07. Also, as I am working online, Avast
> > will issue a warning that a possible infection is present due to many
> > outgoing emails strangely similar. At one point today, I could not even
> > respond to the warning, click back to what I was working on, and begin to
> > focus, before the next warning was issued. Even as I am keying in this
> > message, more than 100 emails have been sent.
>
> I would shut down as much as possible, including IM programs, news readers,
> web browsers, weather updaters, etc etc etc, and go to a command prompt and
> run 'netstat -bona' and look at what is currently talking on the internet,
> along with the process name, and look for the process that is sending the
> messages.
>
> But, honestly, I'd wager this isn't an Outlook issue anymore. If you need
> some help, feel free to post what netstat -bona gives you. I can't
> guarantee that it's the right steps. I mean, something like
> microsoft.public.security.virus might be a better option.
>
> You may want to try the Windows Live OneCare Safety Scanner first:
> http://www.microsoft.com/protect/pro...tyscanner.mspx.
> --
> f.h.
>
>

Dear F.H.:

We back to square 1.

I now have some more time to work on this current issue. I ran the netstat
-bona and here is the output:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1140
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 3708
[alg.exe]

TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 368
[GoogleDesktop.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 3292
[ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 192.168.1.47:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:4399 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4403 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4405 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4409 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4411 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4414 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4416 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4429 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4433 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4435 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4437 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4441 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4448 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4452 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4456 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4460 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4462 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4464 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4466 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4468 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4470 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4474 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4478 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4481 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4488 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4493 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:12025 127.0.0.1:4407 TIME_WAIT 0
TCP 192.168.1.47:4301 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4313 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4418 217.33.193.149:25 TIME_WAIT 0
TCP 192.168.1.47:4442 165.76.8.44:25 TIME_WAIT 0
TCP 192.168.1.47:4467 203.138.180.240:25 TIME_WAIT 0
TCP 192.168.1.47:4479 202.86.5.23:25 TIME_WAIT 0
UDP 0.0.0.0:1089 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:500 *:* 868
[lsass.exe]

UDP 0.0.0.0:3776 *:* 2592
[mcrdsvc.exe]

UDP 0.0.0.0:1117 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1086 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1090 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:4500 *:* 868
[lsass.exe]

UDP 0.0.0.0:1088 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1084 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1041 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1083 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1087 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:15703 *:* 856
[services.exe]

UDP 0.0.0.0:1085 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 127.0.0.1:2071 *:* 1176
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\winrnr.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:2922 *:* 3124
[iexplore.exe]

UDP 127.0.0.1:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:3860 *:* 256
[HelpCtr.exe]

UDP 127.0.0.1:3477 *:* 408
[HelpHost.exe]

UDP 192.168.1.47:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.1.47:138 *:* 4
[System]

UDP 192.168.1.47:137 *:* 4
[System]

UDP 192.168.1.47:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

Thanks for the help!



"braceyr" wrote:

> Dear F.H.:
>
> I greatly appreciate your help on this matter.
>
> I will concur with your assessment that it is no longer an Outlook issue.
> The emails would continue to spew down the line even after the Outlook
> program has been closed down.
>
> I took your last bit of advice first - Windows Live Care. I let it run the
> full scan/defrag/register clean ... Anyway when it was finished the emails
> continued to spew. I had to leave, so I put the computer into hibernation
> with the thought that I would have the pleasure of continuing the saga at a
> later time. But now that I have restarted my computer, I think that the Live
> Care might have done the clean up anyway - the email have ceased. I am
> crossing my fingers at the moment, because I am using a wireless connection
> now vs. cable then and at a different location.
>
> I will keep you posted if things should change.
>
> "F. H. Muffman" wrote:
>
> >
> > "braceyr" <(E-Mail Removed)> wrote in message
> > news:A8737DA2-8465-43DF-8942-(E-Mail Removed)...
> > >
> > > How do I know that something is wacky? When clicking on the icon for the
> > > Avast virus scanner, the window that pops up shows that it has scanned
> > > 1600
> > > outgoing emails just today - 7/4/07. Also, as I am working online, Avast
> > > will issue a warning that a possible infection is present due to many
> > > outgoing emails strangely similar. At one point today, I could not even
> > > respond to the warning, click back to what I was working on, and begin to
> > > focus, before the next warning was issued. Even as I am keying in this
> > > message, more than 100 emails have been sent.
> >
> > I would shut down as much as possible, including IM programs, news readers,
> > web browsers, weather updaters, etc etc etc, and go to a command prompt and
> > run 'netstat -bona' and look at what is currently talking on the internet,
> > along with the process name, and look for the process that is sending the
> > messages.
> >
> > But, honestly, I'd wager this isn't an Outlook issue anymore. If you need
> > some help, feel free to post what netstat -bona gives you. I can't
> > guarantee that it's the right steps. I mean, something like
> > microsoft.public.security.virus might be a better option.
> >
> > You may want to try the Windows Live OneCare Safety Scanner first:
> > http://www.microsoft.com/protect/pro...tyscanner.mspx.
> > --
> > f.h.
> >
> >

Dear F.H.:

I had mentioned this issue of spamming to a friend of mine to is in IT. He
had a program called Hijackthis that brought up all the processes that
computer was performing. He notice one line that wasn't quite right dealing
with a Google sub-routine. When he deleted the file associate with the
identified "line," he thought that he had done the job. But just as he was
going to leave, Avast pulled up an infected file that had been unmasked. He
was able to delete the infected file and he/we are hoping that the source of
the spamming has been taken care of.

Thanks again for your help. You help me better communicate with my friend
what I had observed, and then he was able to better look for a solution!!

"braceyr" wrote:

> Dear F.H.:
>
> We back to square 1.
>
> I now have some more time to work on this current issue. I ran the netstat
> -bona and here is the output:
> Proto Local Address Foreign Address State PID
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1140
> c:\windows\system32\WS2_32.dll
> C:\WINDOWS\system32\RPCRT4.dll
> c:\windows\system32\rpcss.dll
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\ADVAPI32.dll
> [svchost.exe]
>
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
> [System]
>
> TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 3708
> [alg.exe]
>
> TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 368
> [GoogleDesktop.exe]
>
> TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 3016
> [ashMaiSv.exe]
>
> TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 3292
> [ashWebSv.exe]
>
> TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 3016
> [ashMaiSv.exe]
>
> TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 3016
> [ashMaiSv.exe]
>
> TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 3016
> [ashMaiSv.exe]
>
> TCP 192.168.1.47:139 0.0.0.0:0 LISTENING 4
> [System]
>
> TCP 127.0.0.1:4399 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4403 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4405 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4409 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4411 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4414 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4416 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4429 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4433 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4435 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4437 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4441 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4448 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4452 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4456 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4460 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4462 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4464 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4466 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4468 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4470 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4474 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4478 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4481 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4488 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:4493 127.0.0.1:12025 TIME_WAIT 0
> TCP 127.0.0.1:12025 127.0.0.1:4407 TIME_WAIT 0
> TCP 192.168.1.47:4301 207.46.192.254:80 TIME_WAIT 0
> TCP 192.168.1.47:4313 207.46.192.254:80 TIME_WAIT 0
> TCP 192.168.1.47:4418 217.33.193.149:25 TIME_WAIT 0
> TCP 192.168.1.47:4442 165.76.8.44:25 TIME_WAIT 0
> TCP 192.168.1.47:4467 203.138.180.240:25 TIME_WAIT 0
> TCP 192.168.1.47:4479 202.86.5.23:25 TIME_WAIT 0
> UDP 0.0.0.0:1089 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:445 *:* 4
> [System]
>
> UDP 0.0.0.0:500 *:* 868
> [lsass.exe]
>
> UDP 0.0.0.0:3776 *:* 2592
> [mcrdsvc.exe]
>
> UDP 0.0.0.0:1117 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1086 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1090 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:4500 *:* 868
> [lsass.exe]
>
> UDP 0.0.0.0:1088 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1084 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1041 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1083 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:1087 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 0.0.0.0:15703 *:* 856
> [services.exe]
>
> UDP 0.0.0.0:1085 *:* 1224
> C:\WINDOWS\system32\mswsock.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\DNSAPI.dll
> c:\windows\system32\dnsrslvr.dll
> C:\WINDOWS\system32\RPCRT4.dll
> [svchost.exe]
>
> UDP 127.0.0.1:2071 *:* 1176
> c:\windows\system32\WS2_32.dll
> C:\WINDOWS\system32\WLDAP32.dll
> C:\WINDOWS\System32\winrnr.dll
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\w32time.dll
> [svchost.exe]
>
> UDP 127.0.0.1:123 *:* 1176
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\w32time.dll
> ntdll.dll
> C:\WINDOWS\system32\kernel32.dll
> [svchost.exe]
>
> UDP 127.0.0.1:2922 *:* 3124
> [iexplore.exe]
>
> UDP 127.0.0.1:1900 *:* 2360
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\ssdpsrv.dll
> ntdll.dll
> C:\WINDOWS\system32\kernel32.dll
> [svchost.exe]
>
> UDP 127.0.0.1:3860 *:* 256
> [HelpCtr.exe]
>
> UDP 127.0.0.1:3477 *:* 408
> [HelpHost.exe]
>
> UDP 192.168.1.47:1900 *:* 2360
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\ssdpsrv.dll
> ntdll.dll
> C:\WINDOWS\system32\kernel32.dll
> [svchost.exe]
>
> UDP 192.168.1.47:138 *:* 4
> [System]
>
> UDP 192.168.1.47:137 *:* 4
> [System]
>
> UDP 192.168.1.47:123 *:* 1176
> c:\windows\system32\WS2_32.dll
> c:\windows\system32\w32time.dll
> ntdll.dll
> C:\WINDOWS\system32\kernel32.dll
> [svchost.exe]
>
> Thanks for the help!
>
>
>
> "braceyr" wrote:
>
> > Dear F.H.:
> >
> > I greatly appreciate your help on this matter.
> >
> > I will concur with your assessment that it is no longer an Outlook issue.
> > The emails would continue to spew down the line even after the Outlook
> > program has been closed down.
> >
> > I took your last bit of advice first - Windows Live Care. I let it run the
> > full scan/defrag/register clean ... Anyway when it was finished the emails
> > continued to spew. I had to leave, so I put the computer into hibernation
> > with the thought that I would have the pleasure of continuing the saga at a
> > later time. But now that I have restarted my computer, I think that the Live
> > Care might have done the clean up anyway - the email have ceased. I am
> > crossing my fingers at the moment, because I am using a wireless connection
> > now vs. cable then and at a different location.
> >
> > I will keep you posted if things should change.
> >
> > "F. H. Muffman" wrote:
> >
> > >
> > > "braceyr" <(E-Mail Removed)> wrote in message
> > > news:A8737DA2-8465-43DF-8942-(E-Mail Removed)...
> > > >
> > > > How do I know that something is wacky? When clicking on the icon for the
> > > > Avast virus scanner, the window that pops up shows that it has scanned
> > > > 1600
> > > > outgoing emails just today - 7/4/07. Also, as I am working online, Avast
> > > > will issue a warning that a possible infection is present due to many
> > > > outgoing emails strangely similar. At one point today, I could not even
> > > > respond to the warning, click back to what I was working on, and begin to
> > > > focus, before the next warning was issued. Even as I am keying in this
> > > > message, more than 100 emails have been sent.
> > >
> > > I would shut down as much as possible, including IM programs, news readers,
> > > web browsers, weather updaters, etc etc etc, and go to a command prompt and
> > > run 'netstat -bona' and look at what is currently talking on the internet,
> > > along with the process name, and look for the process that is sending the
> > > messages.
> > >
> > > But, honestly, I'd wager this isn't an Outlook issue anymore. If you need
> > > some help, feel free to post what netstat -bona gives you. I can't
> > > guarantee that it's the right steps. I mean, something like
> > > microsoft.public.security.virus might be a better option.
> > >
> > > You may want to try the Windows Live OneCare Safety Scanner first:
> > > http://www.microsoft.com/protect/pro...tyscanner.mspx.
> > > --
> > > f.h.
> > >
> > >