Registry ?

[Robin]

I have a virus , cant find it to get rid of it ! virus
scans says no virus found ( I'm sending thousands and
thousands of email, I have a virus )some of the research
talks about registry key values being changed , I've
looked at these but how do I know what is suppose to be
there !should there be any numbers,*, %,s at all
following these ?

HKEY_LOCAL_MACHINE\software\classes\exefile
\regfile
\scrfile
\batfile
\piffile
Its hard to look in your registry for added or modified
registry keys when you dont know what is normal !...Robin

 

[purplehaz]

What makes you think the email messages are being sent from you? If your
getting emails saying a email you sent was not delivered cause it had a
virus, or similar, then most likely you are not infected. It just happens
someone either had you in there address book and they got infected, then the
virus sends bogus emails using your name cause it found you in the address
book, making them look like they came from you, thus the returned email
messages you get. Or some spammer got your address and is using it to send
virus emails out. If this sounds like the case theres not much you can do,
except wait it out(it should stop), or change your email address. If you did
a virus scan with updated virus definitions and it came up clean, then most
likely you are fine.

 

[Robin]

Send and reciev taskbar shows me how much is coming in
and how much is going out by number !would that still
happen if it's a spammer of some sort ! We do have a
firewall installed , my email being spoofed was brought
up in another part of the group,and if thats the case ,
I'm still at a loss on how to prevent...Robin
it !

 

[purplehaz]

If you actually see emails going out of the outbox, then they are sent from
your machine. If you don't see them in the outbox or in the sent folder,
they may not be from you, but just a spammer. You could always temporarily
change your email servers to some bogus smtp server and if your OE tries to
send it will fail and you'll see the error message. This way you'd know if
its your computer or not. If you find it is your computer then I'd do
another virus scan with another product. If they are not you, but just
someone spoofing your address then all you can really do is change your
address.

 

[Robin]

No , the emails going out only show up in the
taskbar,there is nothing in my sent or outbox folders,
I've changed my email address ( same outlook) just
different address to see if it continues to happen !I
figure that if it starts happening again then it's a
virus and if not , then some one may just be useing the
address ! didnt hurt to try right ? Thanks , i'll keep
you posted ...Robin

 

[purplehaz]

Its sounding more and more like a virus/trojan.

No , the emails going out only show up in the
taskbar,there is nothing in my sent or outbox folders,
I've changed my email address ( same outlook) just
different address to see if it continues to happen !I
figure that if it starts happening again then it's a
virus and if not , then some one may just be useing the
address ! didnt hurt to try right ? Thanks , i'll keep
you posted ...Robin

 

[Alex Nichol]

I have a virus , cant find it to get rid of it ! virus
scans says no virus found ( I'm sending thousands and
thousands of email, I have a virus )some of the research
talks about registry key values being changed , I've
looked at these but how do I know what is suppose to be
there !should there be any numbers,*, %,s at all
following these ?

HKEY_LOCAL_MACHINE\software\classes\exefile
\regfile
\scrfile
\batfile
\piffile

The keys mentioned would all continue in the same way - at
\exefile\shell\open\command
the right pane should have its Default set to
"%1" %*

See http://www.kellys-korner-xp.com/xp_qr.htm#rpc
for a VBS script that will clear up the one probably giving the trouble
- if you in fact have it.

With this one it is possible that you do not, - but the virus is
picking up your address from the address book of an infected machine and
either mailing itself to you as a spurious 'bounce' or sending itself to
a third party, and the bounce from there is coming back to the apparent
'From' - which has been sent to 'you'