G
Guest
Let me explain this problem again, while I am not juggling work, multiple
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.
There is a hack coming in through the Outlook.exe this occurs during the
send/receive process, at which time while the outlook.exe file is being
changed, it will hang for some time. Eventually the email goes out, but the
time it takes is more than it would have taken to have emailed over 10x the
information being sent, moreover, I get a System Admin return mail ( I am
System Admin) telling me this recipient is not in their list of allowed hosts
error #5.7.1. Also after the Outlook.exe gets changed, the Outlookimap.dll,
and the vviewer.dll get changed as well.
After the Outlook.exe change (it may be changed up to three more times)
during the send and receive process. The scvhost.exe ends up getting changed
after there are no more changes to the Outlook.exe being made.
Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
gotomeeting.exe. Gotomeeting is OBVIOUSLY not part of either the XP or Vista
OS, but it is another .exe that has access to the internet!
This keeps happening and is not just happening to me, my boss has had
similar issues, and several reports have come in to our security solution
provider regarding the Outlook.exe change. However they have done system
captures and cannot find anything. Which, according to the security solution
provider, means that the virus/Bot is on the same “levelâ€, not that it does
not exist.
This aspect may be unrelated, but just in case it is not. In the Vista
environment, I made a change to the open with selection for a hidden system
file, and accidentally left the box checked to apply my selection to all
files of this type, and the system did so with a slight pause. I believed
this to be an “INI†file as this changed the metrics for the smaller pop-up
windows in Vista were now full screen windows. These windows include the Copy
To and Move To,etc… windows which are normally smaller and not sizeable when
you are selecting which folder to send , copy, or move the file to. The
windows do not get bigger unless you mess with the metrics, which is why I
assumed that it is an “INI†file I am talking about.
This setting to open my Mysterious “INI†file, which may not have been an
ini file (as was so helpfully pointed out yesterday by some of the people
here) was retained by my system after flashing the BIOS, scrubbing my hard
drive, reformatting with NTFS, and reinstalling the OS only with NO internet
connection, these windows were still opening up full screen, but this only
happens in Vista, these windows stay the same size in XP, even after
installing other software, and importing my files. But the change, or lack
thereof, remains obvious in Vista.
I have repeated these steps multiple times, and included in the last effort
was a replacement of the motherboard, but the old CMOS and the Old raw hard
drive were still used, and the windows metrics setting that had been
accidentally changed, was still there and the windows that should be smaller
are still opening up full screen in Vista.
As I said I do not know if there is a relationship between the two, but
there is usually something left behind in a system for the hacker to use
later, so… Thanks for all the friendly advice!
support techs, and trying to get a quick blurb out there for the user base,
and maybe some insight.
There is a hack coming in through the Outlook.exe this occurs during the
send/receive process, at which time while the outlook.exe file is being
changed, it will hang for some time. Eventually the email goes out, but the
time it takes is more than it would have taken to have emailed over 10x the
information being sent, moreover, I get a System Admin return mail ( I am
System Admin) telling me this recipient is not in their list of allowed hosts
error #5.7.1. Also after the Outlook.exe gets changed, the Outlookimap.dll,
and the vviewer.dll get changed as well.
After the Outlook.exe change (it may be changed up to three more times)
during the send and receive process. The scvhost.exe ends up getting changed
after there are no more changes to the Outlook.exe being made.
Other exe files that are being changed are: iexplorer.exe, ieuser.exe, &
gotomeeting.exe. Gotomeeting is OBVIOUSLY not part of either the XP or Vista
OS, but it is another .exe that has access to the internet!
This keeps happening and is not just happening to me, my boss has had
similar issues, and several reports have come in to our security solution
provider regarding the Outlook.exe change. However they have done system
captures and cannot find anything. Which, according to the security solution
provider, means that the virus/Bot is on the same “levelâ€, not that it does
not exist.
This aspect may be unrelated, but just in case it is not. In the Vista
environment, I made a change to the open with selection for a hidden system
file, and accidentally left the box checked to apply my selection to all
files of this type, and the system did so with a slight pause. I believed
this to be an “INI†file as this changed the metrics for the smaller pop-up
windows in Vista were now full screen windows. These windows include the Copy
To and Move To,etc… windows which are normally smaller and not sizeable when
you are selecting which folder to send , copy, or move the file to. The
windows do not get bigger unless you mess with the metrics, which is why I
assumed that it is an “INI†file I am talking about.
This setting to open my Mysterious “INI†file, which may not have been an
ini file (as was so helpfully pointed out yesterday by some of the people
here) was retained by my system after flashing the BIOS, scrubbing my hard
drive, reformatting with NTFS, and reinstalling the OS only with NO internet
connection, these windows were still opening up full screen, but this only
happens in Vista, these windows stay the same size in XP, even after
installing other software, and importing my files. But the change, or lack
thereof, remains obvious in Vista.
I have repeated these steps multiple times, and included in the last effort
was a replacement of the motherboard, but the old CMOS and the Old raw hard
drive were still used, and the windows metrics setting that had been
accidentally changed, was still there and the windows that should be smaller
are still opening up full screen in Vista.
As I said I do not know if there is a relationship between the two, but
there is usually something left behind in a system for the hacker to use
later, so… Thanks for all the friendly advice!