HELP ! My PC has been compromised !!

[penang]

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails. But
now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

 

[David H. Lipman]

From: <[email protected]>

| Last nite my PC behaves normally, but this morning, it took over 1
| hour to boot up the XP.
|
| Now, in the tasking tray, I see tons and tons of messages are being
| sent out !
|
| I have not configure this PC to send out emails. I use webmails. But
| now my PC is sending out tons and tons of emails !!
|
| The symantec norton antivirus is doing the "Symantec Email Scan" on
| those emails and the emails are jamming up the system.
|
| What can I do ????
|
| What software should I use to remove this security breach ????
|
| Please help !!!!
|
| Thank you !!



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[PA Bear [MS MVP]]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Patrick Keenan]

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails. But
now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

The very first thing you should do is to disconnect the PC from any network
connection or telephone line, so that it cannot send anything. Then, you
can start scanning and manually searching for files that shouldn't be
running or in existence. Process Explorer and Hijack This are good
starting points.

Look for .exe and .dll files that have apparently random names. If you
delete them and new ones come back, there is another file that is creating
them you've missed.

Often these files are hidden away, so doing searches for hidden and system
files can often identify malware. Go to a command prompt, and from the
root directory use the dir command with the /a:h and /a:s switches to show
system and hidden files, and the /S switch to search all subdirectories.
At the end of the command, use the redirect to file to get a file you can
actually read: dir /ah /S >>list.txt

Clear *all* the temp folders and content.ie5 folders. This is a prime
location and entry point for malware. Look in the System32 folder for
files that shouldn't be there.

You can attach that drive to another well-protected system and scan it as a
hosted drive. Trying to gain control of an actively infected drive can be
difficult, but hosting it makes the process a lot easier since the
infections can't launch at boot.

Because you don't boot from it, there is very limited opportunity for
infection to spread to the host system. You might try using the Trend
Micro Housecall online scanner; since its files are online they are much
harder to compromise.

HTH
-pk

 

[Straight Talk]

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails. But
now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

You should of course revert to the latest known clean state - which
ultimately means flatten and rebuild.

 

[Lanwench [MVP - Exchange]]

You should of course revert to the latest known clean state - which
ultimately means flatten and rebuild.

Well, that's a bit dire - it may not be at all necessary. It *might* be, but
it isn't the first thing I'd try.

 

[giedrius.majauskas]

You should of course revert to the latest known clean state - which
ultimately means flatten and rebuild.

1. Get some nice free spyware remover, or at least scanner to get the
names of parasites. SuperAntiSpyware or Malwarebytes anti-malware to
name a few that have free versions, spyware terminator, etc.
2. If you opt for software that offers free scans only (Spyware
Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it
finds, there might be free solutions/information about these
parasites. Especially if you want to get out from this freely. You can
pay for them, if you wish.
3. Post hijackthis logs in forums and wait for help.

For the future, I strongly suggest updating browser if you still use
IE older than 6. IE 7 is much better if your PC can handle it.

 

[Tom]

Well, that's a bit dire - it may not be at all necessary. It *might* be, but
it isn't the first thing I'd try.

Well, you've certainly picked up some malware. I wonder how Symantec
missed it.

 

[Lanwench [MVP - Exchange]]

Well, you've certainly picked up some malware. I wonder how Symantec
missed it.

<looks around frantically, in sudden terror>

I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to *me* .

 

[Ricky]

"Lanwench [MVP - Exchange]"

<looks around frantically, in sudden terror>

I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to *me*
.

You must be the only one that doesn't have Symantec. ;-)

 

[Lanwench [MVP - Exchange]]

"Lanwench [MVP - Exchange]"

Lanwench [MVP - Exchange] wrote:

Last nite my PC behaves normally, but this morning, it took over
1 hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are
being sent out !

I have not configure this PC to send out emails. I use webmails.
But now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan"
on those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

You should of course revert to the latest known clean state -
which ultimately means flatten and rebuild.


Well, that's a bit dire - it may not be at all necessary. It
*might* be, but it isn't the first thing I'd try.


Well, you've certainly picked up some malware. I wonder how
Symantec missed it.

<looks around frantically, in sudden terror>

I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to
*me* .

You must be the only one that doesn't have Symantec. ;-)

Oh, not by a long shot!

 

[David H. Lipman]

|
| Oh, not by a long shot!
|

I wish people would not confuse Norton AV with Symantec AV.
The difference between the corporate offering (Symantec AV) vs. the retail offering (Norton
AV) is night and day.

It is the retail version that pisses people off.

 

[Lanwench [MVP - Exchange]]

I wish people would not confuse Norton AV with Symantec AV.
The difference between the corporate offering (Symantec AV) vs. the
retail offering (Norton AV) is night and day.

It is the retail version that pisses people off.

Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
enterprise products, so I don't think I fall into the category of person to
which you refer. The only Symantec stuff I use at any client site is
BackupExec, and that's because I used to adore Veritas and Symantec hasn't
managed to entirely kill off that good product yet.

 

[Straight Talk]

Well, that's a bit dire - it may not be at all necessary.

Problem is, you wouldn't be able to tell whether it is or not unless
you have a baseline.

It *might* be, but it isn't the first thing I'd try.

Trial and error against malware is a common but very stupid approach.

 

[Straight Talk]

1. Get some nice free spyware remover, or at least scanner to get the
names of parasites.

How about getting a clue instead.

SuperAntiSpyware or Malwarebytes anti-malware to
name a few that have free versions, spyware terminator, etc.

What makes you believe these will work? - Advertising?

2. If you opt for software that offers free scans only (Spyware
Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it
finds, there might be free solutions/information about these
parasites. Especially if you want to get out from this freely. You can
pay for them, if you wish.

Yeah, fill up your machine with anti-crap.....

3. Post hijackthis logs in forums and wait for help.

For the future, I strongly suggest updating browser if you still use
IE older than 6. IE 7 is much better if your PC can handle it.

Better stay away from IE completely (with IE7 on Vista in protected
mode as a possible exception).

 

[bojimbo26one]

"Lanwench [MVP - Exchange]"

Lanwench [MVP - Exchange] wrote:

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails.
But now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

You should of course revert to the latest known clean state - which
ultimately means flatten and rebuild.


Well, that's a bit dire - it may not be at all necessary. It *might*
be, but it isn't the first thing I'd try.


Well, you've certainly picked up some malware. I wonder how Symantec
missed it.

<looks around frantically, in sudden terror>

I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to *me*
.

You must be the only one that doesn't have Symantec. ;-)

Had it on my first comp back in `99 for a month .

 

[David H. Lipman]

From: "Lanwench [MVP - Exchange]" <[email protected]>


|
| Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
| enterprise products, so I don't think I fall into the category of person to
| which you refer. The only Symantec stuff I use at any client site is
| BackupExec, and that's because I used to adore Veritas and Symantec hasn't
| managed to entirely kill off that good product yet.
|

That, I agree with you.

 

[Frank Saunders MS-MVP IE,OE/WM]

"Lanwench [MVP - Exchange]"

Wait. Symantec *is* malware, and you must not have meant to reply to *me*
.

You must be the only one that doesn't have Symantec. ;-)

Wouldn't have it anywhere near one of my machines or a customer's.

 

[Frank Saunders MS-MVP IE,OE/WM]

|
| Oh, not by a long shot!
|

I wish people would not confuse Norton AV with Symantec AV.
The difference between the corporate offering (Symantec AV) vs. the retail
offering (Norton
AV) is night and day.

It is the retail version that pisses people off.

If they foist that crap on the poor, ignorant public they don't deserve
respect for anything.

 

[Lanwench [MVP - Exchange]]

Problem is, you wouldn't be able to tell whether it is or not unless
you have a baseline.


Trial and error against malware is a common but very stupid approach.

Nonsense. It depends entirely on the severity of the infestation. I won't
spend hours and hours on a troubled workstation, but if I can pretty easily
remove a not-very-invasive piece of malware or two, I simply do so. I don't
tell a client, "Sorry; I saw a popup - it's format time!" What is a "stupid
approach" (I merely quote you; I tend not to use such derogatory language)
is any hard and fast rule applied blindly regardless of situation.