Had blaster virus, now mass email attempts from my comp

L

Linda I

Hi,
I had and fixed the blaster.exe worm that was causing my pc to
constantly reboot. Since then I have downloaded and installed symantec
trialware firewall and antivirus. I updated the virus manually and ran
it. It did not find anything. But now when I return to my computer
after being away for an hour or whatever, it is attempting to send
out hundeds of email with a .ru extension. I haven't seen anything
about this and ran several mass email fixes that all say I don't have
that particular worm. Norton shows nothing. Do you think this is still
related to blaster? I never had a virus before and now this back to
back. Thanks for any suggestions,
Linda
 
C

Conor

Hi,
I had and fixed the blaster.exe worm that was causing my pc to
constantly reboot. Since then I have downloaded and installed symantec
trialware firewall and antivirus. I updated the virus manually and ran
it. It did not find anything. But now when I return to my computer
after being away for an hour or whatever, it is attempting to send
out hundeds of email with a .ru extension. I haven't seen anything
about this and ran several mass email fixes that all say I don't have
that particular worm. Norton shows nothing. Do you think this is still
related to blaster? I never had a virus before and now this back to
back. Thanks for any suggestions,
Linda
Click to expand...
Install a firewall such as the free version of Sygate.

--
________________________
Conor Turton
(e-mail address removed)
ICQ:31909763
________________________
 
D

David H. Lipman

Linda:

Read URL: http://vil.nai.com/vil/content/v_100539.htm

After that the real password stealer is executed. It contacts the smtp server at
194.67.23.10 and mails the encoded passwords found on the system.

From:[email protected]
To:[email protected]
Subject: Password from [sysinfo]
[encoded password]

See if this matches what you find.

Dave


| Hi,
| I had and fixed the blaster.exe worm that was causing my pc to
| constantly reboot. Since then I have downloaded and installed symantec
| trialware firewall and antivirus. I updated the virus manually and ran
| it. It did not find anything. But now when I return to my computer
| after being away for an hour or whatever, it is attempting to send
| out hundeds of email with a .ru extension. I haven't seen anything
| about this and ran several mass email fixes that all say I don't have
| that particular worm. Norton shows nothing. Do you think this is still
| related to blaster? I never had a virus before and now this back to
| back. Thanks for any suggestions,
| Linda
 
N

Nick FitzGerald

Linda I said:
I had and fixed the blaster.exe worm that was causing my pc to
constantly reboot. Since then I have downloaded and installed symantec
trialware firewall and antivirus. I updated the virus manually and ran
it. It did not find anything. But now when I return to my computer
after being away for an hour or whatever, it is attempting to send
out hundeds of email with a .ru extension. ...
Click to expand...

"it is attempting" obviously, at one level, means "your computer", but how do
you know "it" is attempting to send all this Email?
... I haven't seen anything
about this and ran several mass email fixes that all say I don't have
that particular worm. Norton shows nothing. Do you think this is still
related to blaster? I never had a virus before and now this back to
back. Thanks for any suggestions,
Click to expand...

This is ceratinly _not_ related to Blaster, at least in the strict sense that
there is absolutely no formal relationship between Blaster and any mass-
mailing malware or "spam-ware". However, the fact that your machine was in
the Internet vulnerable to the DCOM RPC hole (and probably much else as well)
suggests that your machine would be a juicy target for all manner of scumware
and the folk who trade in or off such. Most likely your machine was
compromised -- either through the DCOM RPC vulnerability, one of many, many
others common in popular MS OSes, or through weak administrative passwords --
by someone intent on installing an open relay or some form of spam-ware around
the same time as you were noticing Blaster symptoms.

What you need to do now is locate the program(s) that are doing the mailing,
stop them and preferably send samples to the AV companies so they can add
detection of this to help protect others in future.
 
D

Duane Arnold

Hi,
I had and fixed the blaster.exe worm that was causing my pc to
constantly reboot. Since then I have downloaded and installed symantec
trialware firewall and antivirus. I updated the virus manually and ran
it. It did not find anything. But now when I return to my computer
after being away for an hour or whatever, it is attempting to send
out hundeds of email with a .ru extension. I haven't seen anything
about this and ran several mass email fixes that all say I don't have
that particular worm. Norton shows nothing. Do you think this is still
related to blaster? I never had a virus before and now this back to
back. Thanks for any suggestions,
Linda
Click to expand...

I forgot it could be using SMTP too.

Duane :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help with mass mailing virus 4
Blaster seems to have popped up again on my PC - urgent advice sought 3
Help! Blaster removal Tools did not remove virus. Now what? 5
Virus? 6
unknown virus 1
Blaster Worm? Not? What then? 4
Virus on my comp 4
Suspected Virus/Worm Causing PC to Power Off 24

Top