My computer is sending out hidden spam emails.

Discussion in 'malware problems & news' started by Carbonated_Brains, Jul 8, 2004.

Thread Status:
Not open for further replies.
  1. Carbonated_Brains

    Carbonated_Brains Registered Member

    Jun 30, 2004
    I had a couple glitches a while back, and the AVG free virus scanner didn't pick up anything, so on a hunch I downloaded a Norton 30 day trial.

    Worked fine, picked up a couple viruses and deleted them.

    All of the sudden, I started getting these notices from Norton regarding emails that were apparently being sent from my computer without my knowledge. I did all sorts of different scans using norton, AVG, Ad-Aware, Spybot, HijackThis, and the like. Nothing came up that fixed the problem.

    I trashed norton, downloaded a trial of McAfee VirusScan. Picked up a few more viruses that the other programs missed, but now McAfee's "HAWK" program (which alerts you if your computer is sending more than, say, 3 emails in 30 seconds) is picking up dozens and dozens of email messages that my computer is supposedly trying to send.

    They're all spam emails of a pornographic nature, strangely enough, which is why I wont post the text here unless requested.

    I'm running a bunch of online virus scans now (trend micro, panda..) and hopefully it'll turn up something...does anybody have any other ideas?
  2. optigrab

    optigrab Registered Member

    Nov 6, 2002
    Brooklyn/NYC USA
  3. Carbonated_Brains

    Carbonated_Brains Registered Member

    Jun 30, 2004
    I tried TDS-3 and it turned up nothing, but I'll try the first two right now.

    And I installed Zonealarm, hoping to find some obviously errant process trying to use the Internet...after I set permissions for the regular programs, the emails were STILL getting sent.

    I'll activate the VirusScan firewall, kill Zonealarm, and try the 2 programs you suggested.
  4. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    You need to go here and f0llow steps one thru three and then post your HJT log here and an expert will help you . Please be patient they are very busy.

    thanks bigc
  5. Carbonated_Brains

    Carbonated_Brains Registered Member

    Jun 30, 2004
    I've already run just about EVERY spyware program, and HijackThis.

    Here's the log:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    F0 - system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: {8E4BFBA8-5414-4881-A410-4FD1AE512078} - {8E4BFBA8-5414-4881-A410-4FD1AE512078} - C:\WINDOWS\1089069173.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=070904 serial=DR12WTX-9999998-YSP lang=EN
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *
    O16 - DPF: Yahoo! Poker -
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
    O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
  6. Carbonated_Brains

    Carbonated_Brains Registered Member

    Jun 30, 2004
    Something more curious, right clicking on "System Idle Process" in Process Explorer shows it making TCP/IP connections in the form of "xx.xx.xx.xx:smtp"...

    I'm fairly certain that's not kosher.

    Whoops, posted my log in the wrong place, sorry.
  7. snowbound

    snowbound Retired Moderator

    Feb 18, 2003
    The Big Smoke
Thread Status:
Not open for further replies.