Dustin <bughunter.dustin@gmail.com> wrote in
news:Xns9E3EA348F9529HHI2948AJD832@no:

> "Li'l Abner" <blvstk@dogpatch.com> wrote in
> news:Xns9E3E71C809AA4butter@wefb973cbe498:
>
>> I have a Dell Windows XP SP3 here that has been spewing SPAM email.
>> The owner has been warned by his ISP. I must be Googling for the
>> wrong thing because all I can find about it is that it happens but
>> no advice on what to do about it. There's detection tools to use on
>> networks, routers, servers, etc. but nothing about the individual
>> computer except for a couple of those "wipe it and start over"
>> replies. I've done a full scan with MSE, MBAM, SAS, and ComboFix.
>> MSE found nothing, MBAM found 18 MyWebSearch and 2 Trojan Vundo, SAS
>> found a bunch of tracking cookies, and Combofix found nothing at
>> all. For starters, how can I detect if the computer is still sending
>> it? If it is, is it a virus or some king of malware? What does it
>> take to get rid of it?
>
> Hi Abner.
>
> Sounds like you might have a windows system file patched. I'd recommend
> you check the digital signatures on them. In order to determine if the
> computer is still spamming, fire up Wireshark or SmartSniff and start
> looking at the screen. You'll see it pretty quickly if the computer is
> still being a nuisance.
>
> fdsv is an excellent command line utility for verifying digital
> signatures in files. You can find it here: http://www.kztechs.com
>
> Boot the machine from a bart disc, use fdsv in each windows folder for
> the .dlls and exe files. You can also check the system drivers. MS
> files are digitally signed. When you find one that isn't; replace him
> with one that is. You may be able to find a good copy in the dllcache
> folder. Worst case, you'll have to extract one from a windows XP cd,
> already with sp3.
>
>

Thanks Dustin. As you've probably already noticed, I replied to
VanguardLH's post above in detail before I saw yours, Dave's and John's.
You and Dave both mentioned Wireshark. Something like that was what I was
trying to Google for and never came up with. You always come up with good
stuff and I save your posts for future reference.
I read all your posts, no matter who you're replying to.
Some of the flames are even kind of neat! :-)

--
--- Everybody has a right to my opinion. ---