Help with mass mailing virus

[Jerry]

Can someone please tell me how to identify the mass mailing virus I have.
I have Norton 2005 which is up to date and it can't find a virus.
I also ran Trend-micro "House call" and it didn't find anything.

As soon as I connect to the internet I get boxes appearing on the screen
They are Norton boxes scanning outgoing mass mails, and after a while my
whole screen is full of boxes. My server rejects the e-mails as spam, I
think they are all addressed to Yahoo addresses which don't exist.
Pretty soon I cant use the computer, and have to disconnect from the
internet before closing the boxes.
As soon as I reconnect, it all starts again.
Any Ideas,

Thanks,

Jerry

 

[Nick FitzGerald]

Can someone please tell me how to identify the mass mailing virus I have.

Why do you think it is a _virus_??

I have Norton 2005 which is up to date and it can't find a virus.
I also ran Trend-micro "House call" and it didn't find anything.

Detection for new mass-mailing viruses tends to be added to such
products within minutes to hours of the initial release of such
viruses these days, though you may not see that in "end-user"
versions (such as your copy of NAV) such updates should be almost
immediate in "online" scanners (such as Trend's HouseCall).

As soon as I connect to the internet I get boxes appearing on the screen
They are Norton boxes scanning outgoing mass mails, and after a while my
whole screen is full of boxes. My server rejects the e-mails as spam, I
think they are all addressed to Yahoo addresses which don't exist.
Pretty soon I cant use the computer, and have to disconnect from the
internet before closing the boxes.
As soon as I reconnect, it all starts again.
Any Ideas,

It seems highly likely that you are running a spam-bot -- you will
be doing so unintentionally, of course, but that is almost certainly
what is happening. If you had an unknown (to NAV) mass-mailer, its
"worm blocking technology" would almost certainly have alerted you
to the fact it suspected you had a mass-mailer and it would be
stopping outgoing, (suspected) mass-mailer carrying messages. As
NAV is clearly not stopping these outgoing messages, it is highly
likely that the messages you are seeing NAV scan are spam.

If you are still having problems with this, please Email me at the
address in my headers and I'll try to help isolate the culprit and
assist you in removing it.

 

[Jörg Pötzsch]

I had the same problem. I installed tcpview and resolved the IP addresses
where the spam was coming from. One of them was 66.246.218.19. If you type
it in your browser, in a subdirectory the text of the spam message comes up.
I blocked the site in my router, and hope this will stop it, for the time
being.
Jörg

 

[Jerry]

Thanks for the tip, but my problem is not incoming mail but mass outgoing
emails from my PC.
I downloaded a trial of called F-secure Antivirus software and it found the
virus right away and renamed the file, it also found four other infected
files which Norton missed.

 

[Syncme]

Thanks for the tip, but my problem is not incoming mail but mass outgoing
emails from my PC.
I downloaded a trial of called F-secure Antivirus software and it found
the virus right away and renamed the file, it also found four other
infected files which Norton missed.

You can try any of these.
(Some even remove viruses)
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/indexie.php
http://www.symantec.com/cgi-bin/securitycheck.cgi
http://us.mcafee.com/root/mfs/default.asp
Even if it is not able to remove the virus it may identify it and you can
find manual removal instructions or we can help you find it.
An other tip is if you find a similar (behavior) virus you can try to use
the instruction to find it and even possibly get rid of it.
I would only recommend this to seasoned computer users because it almost
always involves editing the registry.
Without knowing what virus it is, it's impossible to give exact instructions
to remove it.