HELP ! My PC has been compromised !!

[penang@freemail.c3.hu]

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails. But
now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!

[David H. Lipman]

From: <penang@freemail.c3.hu>

| Last nite my PC behaves normally, but this morning, it took over 1
| hour to boot up the XP.
|
| Now, in the tasking tray, I see tons and tons of messages are being
| sent out !
|
| I have not configure this PC to send out emails. I use webmails. But
| now my PC is sending out tons and tons of emails !!
|
| The symantec norton antivirus is doing the "Symantec Email Scan" on
| those emails and the emails are jamming up the system.
|
| What can I do ????
|
| What software should I use to remove this security breach ????
|
| Please help !!!!
|
| Thank you !!



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[PA Bear [MS MVP]]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.


penang@freemail.c3.hu wrote:
> Last nite my PC behaves normally, but this morning, it took over 1
> hour to boot up the XP.
>
> Now, in the tasking tray, I see tons and tons of messages are being
> sent out !
>
> I have not configure this PC to send out emails. I use webmails. But
> now my PC is sending out tons and tons of emails !!
>
> The symantec norton antivirus is doing the "Symantec Email Scan" on
> those emails and the emails are jamming up the system.
>
> What can I do ????
>
> What software should I use to remove this security breach ????
>
> Please help !!!!
>
> Thank you !!

[David H. Lipman]

From: <penang@freemail.c3.hu>

| Last nite my PC behaves normally, but this morning, it took over 1
| hour to boot up the XP.
|
| Now, in the tasking tray, I see tons and tons of messages are being
| sent out !
|
| I have not configure this PC to send out emails. I use webmails. But
| now my PC is sending out tons and tons of emails !!
|
| The symantec norton antivirus is doing the "Symantec Email Scan" on
| those emails and the emails are jamming up the system.
|
| What can I do ????
|
| What software should I use to remove this security breach ????
|
| Please help !!!!
|
| Thank you !!



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Patrick Keenan]

<penang@freemail.c3.hu> wrote in message
news:284d05e7-7d2a-425d-87fe-4279d9af68c8@e6g2000prf.googlegroups.com...
> Last nite my PC behaves normally, but this morning, it took over 1
> hour to boot up the XP.
>
> Now, in the tasking tray, I see tons and tons of messages are being
> sent out !
>
> I have not configure this PC to send out emails. I use webmails. But
> now my PC is sending out tons and tons of emails !!
>
> The symantec norton antivirus is doing the "Symantec Email Scan" on
> those emails and the emails are jamming up the system.
>
> What can I do ????
>
> What software should I use to remove this security breach ????
>
> Please help !!!!
>
> Thank you !!

The very first thing you should do is to disconnect the PC from any network
connection or telephone line, so that it cannot send anything. Then, you
can start scanning and manually searching for files that shouldn't be
running or in existence. Process Explorer and Hijack This are good
starting points.

Look for .exe and .dll files that have apparently random names. If you
delete them and new ones come back, there is another file that is creating
them you've missed.

Often these files are hidden away, so doing searches for hidden and system
files can often identify malware. Go to a command prompt, and from the
root directory use the dir command with the /a:h and /a:s switches to show
system and hidden files, and the /S switch to search all subdirectories.
At the end of the command, use the redirect to file to get a file you can
actually read: dir /ah /S >>list.txt

Clear *all* the temp folders and content.ie5 folders. This is a prime
location and entry point for malware. Look in the System32 folder for
files that shouldn't be there.

You can attach that drive to another well-protected system and scan it as a
hosted drive. Trying to gain control of an actively infected drive can be
difficult, but hosting it makes the process a lot easier since the
infections can't launch at boot.

Because you don't boot from it, there is very limited opportunity for
infection to spread to the host system. You might try using the Trend
Micro Housecall online scanner; since its files are online they are much
harder to compromise.

HTH
-pk

[Lanwench [MVP - Exchange]]

Straight Talk <b__nice@hotmail.com> wrote:
> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:
>
>> Last nite my PC behaves normally, but this morning, it took over 1
>> hour to boot up the XP.
>>
>> Now, in the tasking tray, I see tons and tons of messages are being
>> sent out !
>>
>> I have not configure this PC to send out emails. I use webmails. But
>> now my PC is sending out tons and tons of emails !!
>>
>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>> those emails and the emails are jamming up the system.
>>
>> What can I do ????
>>
>> What software should I use to remove this security breach ????
>>
>> Please help !!!!
>>
>> Thank you !!
>
> You should of course revert to the latest known clean state - which
> ultimately means flatten and rebuild.

Well, that's a bit dire - it may not be at all necessary. It *might* be, but
it isn't the first thing I'd try.

[giedrius.majauskas@gmail.com]

> >Thank you !!
>
> You should of course revert to the latest known clean state - which
> ultimately means flatten and rebuild.

1. Get some nice free spyware remover, or at least scanner to get the
names of parasites. SuperAntiSpyware or Malwarebytes anti-malware to
name a few that have free versions, spyware terminator, etc.
2. If you opt for software that offers free scans only (Spyware
Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it
finds, there might be free solutions/information about these
parasites. Especially if you want to get out from this freely. You can
pay for them, if you wish.
3. Post hijackthis logs in forums and wait for help.

For the future, I strongly suggest updating browser if you still use
IE older than 6. IE 7 is much better if your PC can handle it.

[Tom]

Lanwench [MVP - Exchange] wrote:
> Straight Talk <b__nice@hotmail.com> wrote:
>
>>On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:
>>
>>
>>>Last nite my PC behaves normally, but this morning, it took over 1
>>>hour to boot up the XP.
>>>
>>>Now, in the tasking tray, I see tons and tons of messages are being
>>>sent out !
>>>
>>>I have not configure this PC to send out emails. I use webmails. But
>>>now my PC is sending out tons and tons of emails !!
>>>
>>>The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>those emails and the emails are jamming up the system.
>>>
>>>What can I do ????
>>>
>>>What software should I use to remove this security breach ????
>>>
>>>Please help !!!!
>>>
>>>Thank you !!
>>
>>You should of course revert to the latest known clean state - which
>>ultimately means flatten and rebuild.
>
>
> Well, that's a bit dire - it may not be at all necessary. It *might* be, but
> it isn't the first thing I'd try.
>
>
Well, you've certainly picked up some malware. I wonder how Symantec
missed it.

[Lanwench [MVP - Exchange]]

Tom <t.wyckoff@verizon.net> wrote:
> Lanwench [MVP - Exchange] wrote:
>> Straight Talk <b__nice@hotmail.com> wrote:
>>
>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>> wrote:
>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>> hour to boot up the XP.
>>>>
>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>> sent out !
>>>>
>>>> I have not configure this PC to send out emails. I use webmails.
>>>> But now my PC is sending out tons and tons of emails !!
>>>>
>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>> those emails and the emails are jamming up the system.
>>>>
>>>> What can I do ????
>>>>
>>>> What software should I use to remove this security breach ????
>>>>
>>>> Please help !!!!
>>>>
>>>> Thank you !!
>>>
>>> You should of course revert to the latest known clean state - which
>>> ultimately means flatten and rebuild.
>>
>>
>> Well, that's a bit dire - it may not be at all necessary. It *might*
>> be, but it isn't the first thing I'd try.
>>
>>
> Well, you've certainly picked up some malware. I wonder how Symantec
> missed it.

<looks around frantically, in sudden terror>

I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to *me* .

:-)

[Ricky]

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote in message
news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
> Tom <t.wyckoff@verizon.net> wrote:
>> Lanwench [MVP - Exchange] wrote:
>>> Straight Talk <b__nice@hotmail.com> wrote:
>>>
>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>> wrote:
>>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>>> hour to boot up the XP.
>>>>>
>>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>>> sent out !
>>>>>
>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>
>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>>> those emails and the emails are jamming up the system.
>>>>>
>>>>> What can I do ????
>>>>>
>>>>> What software should I use to remove this security breach ????
>>>>>
>>>>> Please help !!!!
>>>>>
>>>>> Thank you !!
>>>>
>>>> You should of course revert to the latest known clean state - which
>>>> ultimately means flatten and rebuild.
>>>
>>>
>>> Well, that's a bit dire - it may not be at all necessary. It *might*
>>> be, but it isn't the first thing I'd try.
>>>
>>>
>> Well, you've certainly picked up some malware. I wonder how Symantec
>> missed it.
>
> <looks around frantically, in sudden terror>
>
> I have? Oh my god! And I don't even *have* Symantec software on here!
>
> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
> .
>
> :-)
>
You must be the only one that doesn't have Symantec. ;-)


--
Computers make very fast, very accurate mistakes.