"Li'l Abner" <blvstk@dogpatch.com> wrote in
news:Xns9E3E71C809AA4butter@wefb973cbe498:

> I have a Dell Windows XP SP3 here that has been spewing SPAM email.
> The owner has been warned by his ISP. I must be Googling for the
> wrong thing because all I can find about it is that it happens but
> no advice on what to do about it. There's detection tools to use on
> networks, routers, servers, etc. but nothing about the individual
> computer except for a couple of those "wipe it and start over"
> replies. I've done a full scan with MSE, MBAM, SAS, and ComboFix.
> MSE found nothing, MBAM found 18 MyWebSearch and 2 Trojan Vundo, SAS
> found a bunch of tracking cookies, and Combofix found nothing at
> all. For starters, how can I detect if the computer is still sending
> it? If it is, is it a virus or some king of malware? What does it
> take to get rid of it?

Hi Abner.

Sounds like you might have a windows system file patched. I'd recommend
you check the digital signatures on them. In order to determine if the
computer is still spamming, fire up Wireshark or SmartSniff and start
looking at the screen. You'll see it pretty quickly if the computer is
still being a nuisance.

fdsv is an excellent command line utility for verifying digital
signatures in files. You can find it here: http://www.kztechs.com

Boot the machine from a bart disc, use fdsv in each windows folder for
the .dlls and exe files. You can also check the system drivers. MS
files are digitally signed. When you find one that isn't; replace him
with one that is. You may be able to find a good copy in the dllcache
folder. Worst case, you'll have to extract one from a windows XP cd,
already with sp3.






--
Hackers are generally only very weakly motivated by conventional
rewards such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest
of work or other activities in terms of the challenges offered and the
toys they get to play with.