How do I delete a spamming file?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have inadvertantly been infected by a spamming virus. Now my computer is
spamming emails all over the place. The source of the virus is some supposed
e-card place. I have tried a full blown virus scan of my computer with no
avail. Now, I need to know how to kill the virus head on.
 
braceyr said:
I have inadvertantly been infected by a spamming virus. Now my computer is
spamming emails all over the place. The source of the virus is some
supposed
e-card place. I have tried a full blown virus scan of my computer with no
avail. Now, I need to know how to kill the virus head on.

Try a diffferent AV product? I found that Avast was one of the few to offer
a boot-time scan - which was needed to get rid of a virus on a friend's PC


--
John Blessing

http://www.LbeHelpdesk.com - Help Desk software priced to suit all
businesses
http://www.room-booking-software.com - Schedule rooms & equipment bookings
for your meeting/class over the web.
http://www.lbetoolbox.com - Remove Duplicates from MS Outlook, find/replace,
send newsletters
 
Hi John,

I am using Avast. I want to kill a virus that is running below the radar
and spewing out hundreds of unwanted emails. Avast is picking up the emails
if they look like they are duplicates or something suspicious, but that it
won't direct me to the source of the emails.

braceyr
 
braceyr said:
I am using Avast. I want to kill a virus that is running below the radar
and spewing out hundreds of unwanted emails. Avast is picking up the
emails
if they look like they are duplicates or something suspicious, but that it
won't direct me to the source of the emails.


I hate to ask a stupid question, but, if your anti-virus software won't find
the virus, how do you know you *have* a virus? What evidence do you have
that your machine is actually infected?

Do you have a network trace or evidence that the emails are actually coming
from your machine? (hint: Just because you're getting failed delivery
notices to your email address doesn't mean that your machine actually sent
them)

Do you see some particular process running that you know is a virus?

What is the name of the virus you have? That goes a long way to finding out
how to remove it, let alone how to verify that you actually have it.
 
I also would echo the post by F. H. Can you post the info on those questions.
 
Dear Peter and F.H.,

Thanks for responding.

How do I know that something is wacky? When clicking on the icon for the
Avast virus scanner, the window that pops up shows that it has scanned 1600
outgoing emails just today - 7/4/07. Also, as I am working online, Avast
will issue a warning that a possible infection is present due to many
outgoing emails strangely similar. At one point today, I could not even
respond to the warning, click back to what I was working on, and begin to
focus, before the next warning was issued. Even as I am keying in this
message, more than 100 emails have been sent.

Will be listening.
 
braceyr said:
How do I know that something is wacky? When clicking on the icon for the
Avast virus scanner, the window that pops up shows that it has scanned
1600
outgoing emails just today - 7/4/07. Also, as I am working online, Avast
will issue a warning that a possible infection is present due to many
outgoing emails strangely similar. At one point today, I could not even
respond to the warning, click back to what I was working on, and begin to
focus, before the next warning was issued. Even as I am keying in this
message, more than 100 emails have been sent.

I would shut down as much as possible, including IM programs, news readers,
web browsers, weather updaters, etc etc etc, and go to a command prompt and
run 'netstat -bona' and look at what is currently talking on the internet,
along with the process name, and look for the process that is sending the
messages.

But, honestly, I'd wager this isn't an Outlook issue anymore. If you need
some help, feel free to post what netstat -bona gives you. I can't
guarantee that it's the right steps. I mean, something like
microsoft.public.security.virus might be a better option.

You may want to try the Windows Live OneCare Safety Scanner first:
http://www.microsoft.com/protect/products/computer/safetyscanner.mspx.
 
Dear F.H.:

I greatly appreciate your help on this matter.

I will concur with your assessment that it is no longer an Outlook issue.
The emails would continue to spew down the line even after the Outlook
program has been closed down.

I took your last bit of advice first - Windows Live Care. I let it run the
full scan/defrag/register clean ... Anyway when it was finished the emails
continued to spew. I had to leave, so I put the computer into hibernation
with the thought that I would have the pleasure of continuing the saga at a
later time. But now that I have restarted my computer, I think that the Live
Care might have done the clean up anyway - the email have ceased. I am
crossing my fingers at the moment, because I am using a wireless connection
now vs. cable then and at a different location.

I will keep you posted if things should change.
 
Dear F.H.:

We back to square 1.

I now have some more time to work on this current issue. I ran the netstat
-bona and here is the output:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1140
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 3708
[alg.exe]

TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 368
[GoogleDesktop.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 3292
[ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 192.168.1.47:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:4399 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4403 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4405 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4409 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4411 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4414 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4416 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4429 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4433 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4435 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4437 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4441 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4448 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4452 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4456 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4460 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4462 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4464 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4466 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4468 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4470 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4474 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4478 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4481 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4488 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4493 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:12025 127.0.0.1:4407 TIME_WAIT 0
TCP 192.168.1.47:4301 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4313 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4418 217.33.193.149:25 TIME_WAIT 0
TCP 192.168.1.47:4442 165.76.8.44:25 TIME_WAIT 0
TCP 192.168.1.47:4467 203.138.180.240:25 TIME_WAIT 0
TCP 192.168.1.47:4479 202.86.5.23:25 TIME_WAIT 0
UDP 0.0.0.0:1089 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:500 *:* 868
[lsass.exe]

UDP 0.0.0.0:3776 *:* 2592
[mcrdsvc.exe]

UDP 0.0.0.0:1117 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1086 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1090 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:4500 *:* 868
[lsass.exe]

UDP 0.0.0.0:1088 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1084 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1041 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1083 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1087 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:15703 *:* 856
[services.exe]

UDP 0.0.0.0:1085 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 127.0.0.1:2071 *:* 1176
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\winrnr.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:2922 *:* 3124
[iexplore.exe]

UDP 127.0.0.1:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:3860 *:* 256
[HelpCtr.exe]

UDP 127.0.0.1:3477 *:* 408
[HelpHost.exe]

UDP 192.168.1.47:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.1.47:138 *:* 4
[System]

UDP 192.168.1.47:137 *:* 4
[System]

UDP 192.168.1.47:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

Thanks for the help!
 
Dear F.H.:

I had mentioned this issue of spamming to a friend of mine to is in IT. He
had a program called Hijackthis that brought up all the processes that
computer was performing. He notice one line that wasn't quite right dealing
with a Google sub-routine. When he deleted the file associate with the
identified "line," he thought that he had done the job. But just as he was
going to leave, Avast pulled up an infected file that had been unmasked. He
was able to delete the infected file and he/we are hoping that the source of
the spamming has been taken care of.

Thanks again for your help. You help me better communicate with my friend
what I had observed, and then he was able to better look for a solution!!

braceyr said:
Dear F.H.:

We back to square 1.

I now have some more time to work on this current issue. I ran the netstat
-bona and here is the output:
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1140
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 3708
[alg.exe]

TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 368
[GoogleDesktop.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 3292
[ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 3016
[ashMaiSv.exe]

TCP 192.168.1.47:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:4399 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4403 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4405 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4409 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4411 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4414 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4416 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4429 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4433 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4435 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4437 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4441 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4448 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4452 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4456 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4460 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4462 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4464 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4466 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4468 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4470 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4474 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4478 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4481 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4488 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4493 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:12025 127.0.0.1:4407 TIME_WAIT 0
TCP 192.168.1.47:4301 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4313 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4418 217.33.193.149:25 TIME_WAIT 0
TCP 192.168.1.47:4442 165.76.8.44:25 TIME_WAIT 0
TCP 192.168.1.47:4467 203.138.180.240:25 TIME_WAIT 0
TCP 192.168.1.47:4479 202.86.5.23:25 TIME_WAIT 0
UDP 0.0.0.0:1089 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:500 *:* 868
[lsass.exe]

UDP 0.0.0.0:3776 *:* 2592
[mcrdsvc.exe]

UDP 0.0.0.0:1117 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1086 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1090 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:4500 *:* 868
[lsass.exe]

UDP 0.0.0.0:1088 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1084 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1041 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1083 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:1087 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 0.0.0.0:15703 *:* 856
[services.exe]

UDP 0.0.0.0:1085 *:* 1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP 127.0.0.1:2071 *:* 1176
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\winrnr.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:2922 *:* 3124
[iexplore.exe]

UDP 127.0.0.1:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:3860 *:* 256
[HelpCtr.exe]

UDP 127.0.0.1:3477 *:* 408
[HelpHost.exe]

UDP 192.168.1.47:1900 *:* 2360
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.1.47:138 *:* 4
[System]

UDP 192.168.1.47:137 *:* 4
[System]

UDP 192.168.1.47:123 *:* 1176
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

Thanks for the help!



braceyr said:
Dear F.H.:

I greatly appreciate your help on this matter.

I will concur with your assessment that it is no longer an Outlook issue.
The emails would continue to spew down the line even after the Outlook
program has been closed down.

I took your last bit of advice first - Windows Live Care. I let it run the
full scan/defrag/register clean ... Anyway when it was finished the emails
continued to spew. I had to leave, so I put the computer into hibernation
with the thought that I would have the pleasure of continuing the saga at a
later time. But now that I have restarted my computer, I think that the Live
Care might have done the clean up anyway - the email have ceased. I am
crossing my fingers at the moment, because I am using a wireless connection
now vs. cable then and at a different location.

I will keep you posted if things should change.
 
Excellent to hear. I was digging through the processes in that list, and I
left the one that was standout below. That was the only process that was
actually talking outbound on port 25, which is the SMTP port that a process
would be talking to outbound to send a message. So, it's something that
(was now hopefully past tense) running under svchost.exe. The next step
would have been to do a search for any 'extra' svchost.exe's on the machine
in odd places, which may have found the program, or it may simply be a
process that ingratiates itself into svchost (which is a pretty common task
in Windows: http://support.microsoft.com/kb/314056 describes it).

--
f.h.
braceyr said:
Dear F.H.:

I had mentioned this issue of spamming to a friend of mine to is in IT.
He
had a program called Hijackthis that brought up all the processes that
computer was performing. He notice one line that wasn't quite right
dealing
with a Google sub-routine. When he deleted the file associate with the
identified "line," he thought that he had done the job. But just as he
was
going to leave, Avast pulled up an infected file that had been unmasked.
He
was able to delete the infected file and he/we are hoping that the source
of
the spamming has been taken care of.

Thanks again for your help. You help me better communicate with my friend
what I had observed, and then he was able to better look for a solution!!
TCP 127.0.0.1:4399 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4403 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4405 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4409 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4411 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4414 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4416 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4429 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4433 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4435 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4437 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4441 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4448 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4452 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4456 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4460 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4462 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4464 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4466 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4468 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4470 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4474 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4478 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4481 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4488 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:4493 127.0.0.1:12025 TIME_WAIT 0
TCP 127.0.0.1:12025 127.0.0.1:4407 TIME_WAIT 0
TCP 192.168.1.47:4301 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4313 207.46.192.254:80 TIME_WAIT 0
TCP 192.168.1.47:4418 217.33.193.149:25 TIME_WAIT 0
TCP 192.168.1.47:4442 165.76.8.44:25 TIME_WAIT 0
TCP 192.168.1.47:4467 203.138.180.240:25 TIME_WAIT 0
TCP 192.168.1.47:4479 202.86.5.23:25 TIME_WAIT 0
UDP 0.0.0.0:1089 *:*
1224
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top