Hi
This could happen due to some malicious programs running on your computer:
To check for malicious programs, use the following steps:
1. Run a thorough anti-virus scan on the computer using the latest virus
definitions. You can use your anti-virus software or use one of several
free virus
scanning services that are available on the Internet. See the More
Information
section of this article for links to virus definition updates and free
online scans
from popular anti-virus software vendors.
Important: If you suspect that a computer is infected with malicious code,
we
recommend that you remove it from the network as soon as possible. We
recommend
this because a hacker may be using the system to launch Distributed Denial
of
Service (DDoS) attacks, to send unsolicited commercial e-mail, or to share
illegal
copies of software, music, and movies.
2. If the anti-virus scan identifies a malicious program on the system, use
the
anti-virus vendor's removal instructions. Additionally, review the threat
assessment and the technical details about the program on your anti-virus
vendor's
Web site. In particular, check to see if the program includes backdoor
capability.
Backdoor capability means that the program provides a way for the hacker to
regain
control of the system if the program is discovered and removed.
If the technical details about the program indicate that it has backdoor
capability, we recommend that you format the computer's hard drive and
reinstall
Windows securely. For information about securing Windows systems and
servers, visit
the following Web site:
Hardening Systems and Servers: Checklists and Guides
http://www.microsoft.com/technet/Security/topics/hardsys/default.mspx
3. If the anti-virus scan does not identify a malicious program on the
system, it
does not mean that the computer is not infected by malicious code. More
likely, it
means that the malicious program is a new program or variant, and the
latest virus
definitions do not detect it. In this case, contact the anti-virus vendor
to report
the problem, or open a support incident with Microsoft product support
services to
investigate.
4. After you complete the anti-virus scan, check the computer for other
malicious
programs, such as spyware or hacker tools. See the More Information section
of this
article for links to popular spyware and hacker detection tools.
5. Check all other computers on the network for malicious programs and
perform a
security analysis to identify vulnerabilities on the network. To analyze
network
security, we recommend using the Microsoft Baseline Security Analyzer
V1.2.1 tool.
For more information about this tool, visit the following Web site:
Microsoft Baseline Security Analyzer V1.2.1
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
The following is a list of suspect files that have been found on computers
affected
by the problem. Many of these files overwrite or spoof
the names of legitimate files and services. They often load from the
registry
sub-key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run:
abc.bat
ADMDLL.DLL
Adobea.exe
adobes.exe
Arial.exe
Arialfont.exe
Close.bat
clt.exe
cmd.exe
CRSS.EXE
CSIFCSVC.EXE
dll32.exe
Dvldr32.exe
expiorer.exe
fd.exe
filter.dll
FireDaemon.exe
Gates.txt
Gg.bat
HCMD.EXE
hidden32.exe
INST.EXE
invoker.exe
iroffer.exe
lps.exe
LOCK.EXE
LSASS.EXE
Mirc.ini
MP Tclockvv.exe
msapp.exe
MSASP.EXE
msexplorer.exe
mskces32
mskernel32.exe
mspass.exe
MSSAVE.EXE
net.exe
netbios.exe
Ocxdll.exe
pckill.exe
pidserv.exe
psexec.exe
PSEXESVC.EXE
READWRITE.EXE
regedit32.exe
registry.exe
root.bat
r-server.exe
screwed.exe
sec32.exe
secure.exe
Servudaemon.ini
SERVUEVENT.DLL
Shares.bat
shell32.exe
SOCK3.EXE
SPAC.TXT
start.bat
svchost32.exe
systemse.exe
sys32.exe
Syscfg.exe
Taskmngr.exe
tasp.exe
t-exec.dll
vmn32.exe
whynot.exe
win32.exe
win32load.exe
WINCPU.EXE
windowsupdate.bat
windowsupdate.exe
winmem.exe
Winmgnt.exe
Winshell
winspsv.exe
wmiprvse.exe
wuamgrd.exe
xsecure.bat
xsetup.bat
xshare.bat
ZMOKE.EXE
The following is a list of worms, trojans and backdoors that have been
found on
computers affected by this problem. Some of these are duplicates because
viruses
typically have multiple variants and aliases:
Backdoor.Agobot.gy
Backdoor.IRCBot.gen
Backdoor irc.flood.c
Backdoor irc.flood.e
Backdoor irc.flood.f
Backdoor.Dvldr
Backdoor.IRC.Aladinz
Backdoor.irc.flood
Backdoor.IRC.Zcrew
Backdoor.subseven
backdoor.wollf.16
BackGate Kit Trojan
BKDR_SDBOT.GEN
boncer
Deloder
HIDLE
ILoveYou
MIRC
mirc/shaz.a.worm
Sdbot
servu
Troj/Litmus-108
W32.HLLW.Deloder
W32/Deloder.worm
W32/Deloder-A
W32/Nackbot-A
W32.Randex.gen
W32/RBot-A
W32/Rbot-Y
Worm.Win32.Deloder
WORM_DELODER.A
WORM_RBOT.CC
Shilpa Sinha
This posting is provided "AS IS" with no warranties, and confers no rights.
