HELP ! My PC has been compromised !!

[Lanwench [MVP - Exchange]]

Ricky <rsjoiner@NO_SPAMbellsouth.net> wrote:
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote in
> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>> Tom <t.wyckoff@verizon.net> wrote:
>>> Lanwench [MVP - Exchange] wrote:
>>>> Straight Talk <b__nice@hotmail.com> wrote:
>>>>
>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>>> wrote:
>>>>>> Last nite my PC behaves normally, but this morning, it took over
>>>>>> 1 hour to boot up the XP.
>>>>>>
>>>>>> Now, in the tasking tray, I see tons and tons of messages are
>>>>>> being sent out !
>>>>>>
>>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>>
>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan"
>>>>>> on those emails and the emails are jamming up the system.
>>>>>>
>>>>>> What can I do ????
>>>>>>
>>>>>> What software should I use to remove this security breach ????
>>>>>>
>>>>>> Please help !!!!
>>>>>>
>>>>>> Thank you !!
>>>>>
>>>>> You should of course revert to the latest known clean state -
>>>>> which ultimately means flatten and rebuild.
>>>>
>>>>
>>>> Well, that's a bit dire - it may not be at all necessary. It
>>>> *might* be, but it isn't the first thing I'd try.
>>>>
>>>>
>>> Well, you've certainly picked up some malware. I wonder how
>>> Symantec missed it.
>>
>> <looks around frantically, in sudden terror>
>>
>> I have? Oh my god! And I don't even *have* Symantec software on here!
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to
>> *me* .
>>
>> :-)
>>
> You must be the only one that doesn't have Symantec. ;-)

Oh, not by a long shot!

[David H. Lipman]

From: "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com>


>> You must be the only one that doesn't have Symantec. ;-)
|
| Oh, not by a long shot!
|

I wish people would not confuse Norton AV with Symantec AV.
The difference between the corporate offering (Symantec AV) vs. the retail offering (Norton
AV) is night and day.

It is the retail version that pisses people off.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Lanwench [MVP - Exchange]]

David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
> From: "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com>
>
>
>>> You must be the only one that doesn't have Symantec. ;-)
>>
>> Oh, not by a long shot!
>>
>
> I wish people would not confuse Norton AV with Symantec AV.
> The difference between the corporate offering (Symantec AV) vs. the
> retail offering (Norton AV) is night and day.
>
> It is the retail version that pisses people off.

Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
enterprise products, so I don't think I fall into the category of person to
which you refer. The only Symantec stuff I use at any client site is
BackupExec, and that's because I used to adore Veritas and Symantec hasn't
managed to entirely kill off that good product yet.

[bojimbo26one@aol.com]

On Sun, 9 Mar 2008 21:39:46 -0500, "Ricky"
<rsjoiner@NO_SPAMbellsouth.net> wrote:

>
>"Lanwench [MVP - Exchange]"
><lanwench@heybuddy.donotsendme.unsolicitedmailaty ahoo.com> wrote in message
>news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>> Tom <t.wyckoff@verizon.net> wrote:
>>> Lanwench [MVP - Exchange] wrote:
>>>> Straight Talk <b__nice@hotmail.com> wrote:
>>>>
>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>>> wrote:
>>>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>>>> hour to boot up the XP.
>>>>>>
>>>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>>>> sent out !
>>>>>>
>>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>>
>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>>>> those emails and the emails are jamming up the system.
>>>>>>
>>>>>> What can I do ????
>>>>>>
>>>>>> What software should I use to remove this security breach ????
>>>>>>
>>>>>> Please help !!!!
>>>>>>
>>>>>> Thank you !!
>>>>>
>>>>> You should of course revert to the latest known clean state - which
>>>>> ultimately means flatten and rebuild.
>>>>
>>>>
>>>> Well, that's a bit dire - it may not be at all necessary. It *might*
>>>> be, but it isn't the first thing I'd try.
>>>>
>>>>
>>> Well, you've certainly picked up some malware. I wonder how Symantec
>>> missed it.
>>
>> <looks around frantically, in sudden terror>
>>
>> I have? Oh my god! And I don't even *have* Symantec software on here!
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
>> .
>>
>> :-)
>>
>You must be the only one that doesn't have Symantec. ;-)

Had it on my first comp back in `99 for a month .

[David H. Lipman]

From: "Lanwench [MVP - Exchange]" <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com>


|
| Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
| enterprise products, so I don't think I fall into the category of person to
| which you refer. The only Symantec stuff I use at any client site is
| BackupExec, and that's because I used to adore Veritas and Symantec hasn't
| managed to entirely kill off that good product yet.
|

That, I agree with you.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Frank Saunders MS-MVP IE,OE/WM]

"Ricky" <rsjoiner@NO_SPAMbellsouth.net> wrote in message
news:Wb1Bj.5481$r76.533@bignews8.bellsouth.net...
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote in
> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
>> .
>>
>> :-)
>>
> You must be the only one that doesn't have Symantec. ;-)


Wouldn't have it anywhere near one of my machines or a customer's.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email

[Frank Saunders MS-MVP IE,OE/WM]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:WK1Bj.2731$HA3.948@trnddc02...
> From: "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com>
>
>
>>> You must be the only one that doesn't have Symantec. ;-)
> |
> | Oh, not by a long shot!
> |
>
> I wish people would not confuse Norton AV with Symantec AV.
> The difference between the corporate offering (Symantec AV) vs. the retail
> offering (Norton
> AV) is night and day.
>
> It is the retail version that pisses people off.


If they foist that crap on the poor, ignorant public they don't deserve
respect for anything.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email

[Lanwench [MVP - Exchange]]

Straight Talk <b__nice@hotmail.com> wrote:

<snipped for length>
>>>
>>> You should of course revert to the latest known clean state - which
>>> ultimately means flatten and rebuild.
>>
>> Well, that's a bit dire - it may not be at all necessary.
>
> Problem is, you wouldn't be able to tell whether it is or not unless
> you have a baseline.
>
>> It *might* be, but it isn't the first thing I'd try.
>
> Trial and error against malware is a common but very stupid approach.

Nonsense. It depends entirely on the severity of the infestation. I won't
spend hours and hours on a troubled workstation, but if I can pretty easily
remove a not-very-invasive piece of malware or two, I simply do so. I don't
tell a client, "Sorry; I saw a popup - it's format time!" What is a "stupid
approach" (I merely quote you; I tend not to use such derogatory language)
is any hard and fast rule applied blindly regardless of situation.

[Lanwench [MVP - Exchange]]

Straight Talk <b__nice@hotmail.com> wrote:
> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote:
>
>> Straight Talk <b__nice@hotmail.com> wrote:
>
>>> Trial and error against malware is a common but very stupid
>>> approach.
>>
>> Nonsense.
>
> Not really.
>
>> It depends entirely on the severity of the infestation.
>
> Precisely. A severity you cannot determine without having a baseline.
>
>> I won't spend hours and hours on a troubled workstation, but if I
>> can pretty easily remove a not-very-invasive piece of malware or
>> two, I simply do so.
>
> And how exactly do you verify that the machine is now back in a
> reliable state?

Because it works and has no further symptoms when I run thorough scans.
That's generally good enough for a home user. Sorry, I'm bored now - done
with this thread. Have fun storming the castle.

[FromTheRafters]

"Straight Talk" <b__nice@hotmail.com> wrote in message
news:9u5ct3pf7c04vnkkj3ut9k0f5ft72kfqj0@4ax.com...
> On Mon, 10 Mar 2008 11:35:37 -0400, "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote:
>
>>Straight Talk <b__nice@hotmail.com> wrote:
>
>>> Trial and error against malware is a common but very stupid approach.
>>
>>Nonsense.
>
> Not really.
>
>>It depends entirely on the severity of the infestation.
>
> Precisely. A severity you cannot determine without having a baseline.
>
>>I won't spend hours and hours on a troubled workstation, but if I can
>>pretty easily
>>remove a not-very-invasive piece of malware or two, I simply do so.
>
> And how exactly do you verify that the machine is now back in a
> reliable state?

If you know what changes a malware made, you
can often reverse those changes and get the system
back to as reliable as it was before the malware hit.

Yes...it is that 'if' that is the bugger. Many malwares
allow communication outside the system so you no
longer know exactly what changes were made and
it is time to flatten and rebuild if you desire any sense
of confidence in its integrity.