Lots of issue..

[shyam]

Hello,

It appears to me that I have few issues on my windows 2000 box. Please help me to get rid of it. Few of the problems are :

1) I am continously getting email which has subject line " Mail Delivery (failure shyam@******.com)" from email id which seems to be valid in most of the case. But in reality, I never sent any emails to that ids. The content of email is even more intresting. It says something like this :

If the message will not displayed automatically,follow the link to read the delivered message.

Received message is available at:

http://www.*******.com/inbox/shyam/r...sessionid-8827

Please tell me what it's and how can I get rid of it ?

2) Secondly, I also getting emails at regular interval which has attachments of 24 bytes which has only 1-2 line of text like, Please read the important document, important document for you etc..

Help me to get rid of it also.

3)My computer takes lot of time in booting. It takes more then 6-7 minutes to show me the desktop.

Please guide me step by step..

Thanks in advance.

Shyam

Hi Shyam,

Depending on what email client you use ... you can block those emails.

For Outlook Express ... open OE ...select "tools" then message rules, then block senders list ... and add the offending addresses.

Outlook is ... Highlight the offending email , and select Actions ... then add to junk senders list.

Other clients have options as well ... if you aren't using either of these ... specify which client you're using and someone will provide direction.

As far as the slow boot ... are you experiencing any other problems with your PC?

dog -

[snowbound]

hmm... u could have malware on your system.

Another thing u could do is follow these instructions,

http://www.wilderssecurity.com/showthread.php?t=50662



snowbound

[shyam]

Thank you dog for quick reply.

Dog, the problem is each and everytime I recieved the similar type of emails from different email id. And, the frequency of email is 4-5 mails per day. FYI... I'm using Outlook express 2000.


As far as slow booting is concern then I did feel that computer oftenly hangs for a few seconds. If I open, real player, OE, 2-3 IE window then computer shows am using 100% resource that appears quite strange to me.

Shyam

Are the emails from the same domain? If they are ... and you don't receive any legit emails from that domain ... you could block the whole domain. (ie. microsoft.com)

Other than that ... you will either have to keep blocking individual address, until they're all blocked. Or you can change your email address.

Added note: Only use your real email address for personal use ... and setup a dummy account, with a free web email provider, for other things.

As for the other problems, you probably are infected with some type of malware. See the link Snowbound provided above.

Steve

[shyam]

Quote:

Originally Posted by snowbound

hmm... u could have malware on your system.

Another thing u could do is follow these instructions,

http://www.wilderssecurity.com/showthread.php?t=50662

snowbound

Snowbound, Thanks for the URL !

I could have the malware.. But,

1) Does it mean that in order to remove the malware I need to install all those software( 8-10) which is mentioned in the URL?

2) Secondly, I have windows 2000 operating system with service pack 4. I am using Norton 2003 having virus defination 12/4/2004.

Thanks for the response.

[shyam]

Quote:

Originally Posted by dog

Are the emails from the same domain? If they are ... and you don't receive any legit emails from that domain ... you could block the whole domain. (ie. microsoft.com)

Other than that ... you will either have to keep blocking individual address, until they're all blocked. Or you can change your email address.

Added note: Only use your real email address for personal use ... and setup a dummy account, with a free web email provider, for other things.

As for the other problems, you probably are infected with some type of malware. See the link Snowbound provided above.

Steve

Thanks for the response. This forum is really great...

Steve, am getting those emails from hotmail, Yahoo, msn and other famous domain. Secondly, that is my office account. I can't change it.. Lots of office email is coming every day on it.

Yes, I also have the same opinion as snowbound..

Shyam

Quote:

Originally Posted by shyam

Snowbound, Thanks for the URL !

I could have the malware.. But,

1) Does it mean that in order to remove the malware I need to install all those software( 8-10) which is mentioned in the URL?

2) Secondly, I have windows 2000 operating system with service pack 4. I am using Norton 2003 having virus defination 12/4/2004.

Thanks for the response.

If you wish ... Computer Cops (now known as Castle Cops ) - http://computercops.biz/index.php ... does provide HJT log cleaning service (free) ... read the FAQ before posting ... you can DL ... Hijack This from here - http://www.spywareinfoforum.com/~merijn/downloads.html ... Do NOT fix anything yourself as most of what is displayed is necessary for your PC to function. An expert will guide you through the process. Which will simplify the shown process greatly . ... If your company is a larger one ... be sure to check with the IT dept. and/or the companies policies to make sure you are within your rights to proceed with this.


Steve

[snowbound]

Quote:

Originally Posted by shyam

Snowbound, Thanks for the URL !

I could have the malware.. But,

1) Does it mean that in order to remove the malware I need to install all those software( 8-10) which is mentioned in the URL?

Thanks for the response.

Well, in order to aradicate most Malware, following all the steps is best.

As dog said, u can simplify the process by posting a hijackthis log at one of the sites listed here,

http://www.wilderssecurity.com/showthread.php?t=50662



snowbound

[Newkid]

Hello Shyam,

Welcome to Wilders

Shyam, your machine is infected with W32.Netsky.P@mm virus. I'd strongly recommend you to scan machine fully with Norton Antivirus in safe mode.

Boot your machine in safe mode by tapping F8 key at startup and then scan all the drives fully with Norton Antivirus.

Then, Reboot your machine again and boot in normal mode. Go here and download the removal tool.

Print this page for instructions.

When you've done all, reboot your machine and let us know the outcome before you move to castlecops.

[shyam]

Quote:

Originally Posted by Newkid

Hello Shyam,

Welcome to Wilders

Shyam, your machine is infected with W32.Netsky.P@mm virus. I'd strongly recommend you to scan machine fully with Norton Antivirus in safe mode.

Boot your machine in safe mode by tapping F8 key at startup and then scan all the drives fully with Norton Antivirus.

Then, Reboot your machine again and boot in normal mode. Go here and download the removal tool.

Print this page for instructions.

When you've done all, reboot your machine and let us know the outcome before you move to castlecops.

Hello Newkid,

Thank You Very Much !

You are very true... I did scan computer with updated Norton Antivirus. It found few infected files and successfully remove it from my computer. As you said, then I installed the removal tool and follow the instructions mentioned in the URL. Removal tool also found few changes in the registry and successfully patch it. I think, first issues has been sorted. Thank you !

What about my other queries ? Shall I go ahead now and post the hijackthis log at CASTLECOPS ?

Thanks Snowbound for the URL. I'll check it later on.

Shyam

[Newkid]

Quote:

Originally Posted by shyam

What about my other queries ? Shall I go ahead now and post the hijackthis log at CASTLECOPS ?

Shyam

Shyam, I guess, your two issues has been sorted now.

If you wish....As Steve( Dog) said, Computer Cops does provide the HJT cleaning services. You can show them the log for review.

As far as the third queries are concern then will you please tell us something about your machine configuration ?

[shyam]

Thanks Newkid for the response and sorry for delay. I was bit busy in my office work.

There is one bad news. Yesterday, I again received one such type of email.. Does it means that am again infected with the same virus as you mentioned in your post ?

Secondly, my system configuration as follows :

Microsoft Windows 2000 5.00.2195 with Service Pack 4
Interl Celeron CPU 1.70 Ghz
512 MB SD RAM
40 GB Hard disk

Please tell me do you want other details as well.

Thirdly, I noticed one more issue on my computer. I have 2 NTFS, 20 GB each, partition . I find that both of my disk is shared automatically with a shared name C$ and D$. Everytime, I have to disable the share but as soon as I reboot computer, It comes automatically. Is it any defect ?? Am worried because my computer is on the net almost 10-12 hours per day.

Please help me.
Shyam

[Newkid]

Quote:

Originally Posted by shyam

Thanks Newkid for the response and sorry for delay. I was bit busy in my office work.

There is one bad news. Yesterday, I again received one such type of email.. Does it means that am again infected with the same virus as you mentioned in your post ?

Secondly, my system configuration as follows :

Microsoft Windows 2000 5.00.2195 with Service Pack 4
Interl Celeron CPU 1.70 Ghz
512 MB SD RAM
40 GB Hard disk

Please tell me do you want other details as well.

Thirdly, I noticed one more issue on my computer. I have 2 NTFS, 20 GB each, partition . I find that both of my disk is shared automatically with a shared name C$ and D$. Everytime, I have to disable the share but as soon as I reboot computer, It comes automatically. Is it any defect ?? Am worried because my computer is on the net almost 10-12 hours per day.

Please help me.
Shyam

Shyam, it's better to take one problem at a time.

Did you again open the attachment ? If not then I guess this time you received such email not because of your machine. One of your frnd list(email list) is infected with this worm and from their the worm harvested your address. And if yes, then please do all the things which were told you to do earlier.

At the end, did you post your log at Castlecops or any of the other website ?

With Thanks !
Newkid