HELP ! My PC has been compromised !!

  • Thread starter Thread starter penang@freemail.c3.hu
  • Start date Start date
P

penang@freemail.c3.hu

Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP.

Now, in the tasking tray, I see tons and tons of messages are being
sent out !

I have not configure this PC to send out emails. I use webmails. But
now my PC is sending out tons and tons of emails !!

The symantec norton antivirus is doing the "Symantec Email Scan" on
those emails and the emails are jamming up the system.

What can I do ????

What software should I use to remove this security breach ????

Please help !!!!

Thank you !!
 
From:

| Last nite my PC behaves normally, but this morning, it took over 1
| hour to boot up the XP.
|
| Now, in the tasking tray, I see tons and tons of messages are being
| sent out !
|
| I have not configure this PC to send out emails. I use webmails. But
| now my PC is sending out tons and tons of emails !!
|
| The symantec norton antivirus is doing the "Symantec Email Scan" on
| those emails and the emails are jamming up the system.
|
| What can I do ????
|
| What software should I use to remove this security breach ????
|
| Please help !!!!
|
| Thank you !!



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal...n:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2....emoving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.


penang@freemail.c3.hu wrote:
> Last nite my PC behaves normally, but this morning, it took over 1
> hour to boot up the XP.
>
> Now, in the tasking tray, I see tons and tons of messages are being
> sent out !
>
> I have not configure this PC to send out emails. I use webmails. But
> now my PC is sending out tons and tons of emails !!
>
> The symantec norton antivirus is doing the "Symantec Email Scan" on
> those emails and the emails are jamming up the system.
>
> What can I do ????
>
> What software should I use to remove this security breach ????
>
> Please help !!!!
>
> Thank you !!
 
wrote in message
news:284d05e7-7d2a-425d-87fe-4279d9af68c8@e6g2000prf.googlegroups.com...
> Last nite my PC behaves normally, but this morning, it took over 1
> hour to boot up the XP.
>
> Now, in the tasking tray, I see tons and tons of messages are being
> sent out !
>
> I have not configure this PC to send out emails. I use webmails. But
> now my PC is sending out tons and tons of emails !!
>
> The symantec norton antivirus is doing the "Symantec Email Scan" on
> those emails and the emails are jamming up the system.
>
> What can I do ????
>
> What software should I use to remove this security breach ????
>
> Please help !!!!
>
> Thank you !!

The very first thing you should do is to disconnect the PC from any network
connection or telephone line, so that it cannot send anything. Then, you
can start scanning and manually searching for files that shouldn't be
running or in existence. Process Explorer and Hijack This are good
starting points.

Look for .exe and .dll files that have apparently random names. If you
delete them and new ones come back, there is another file that is creating
them you've missed.

Often these files are hidden away, so doing searches for hidden and system
files can often identify malware. Go to a command prompt, and from the
root directory use the dir command with the /a:h and /a:s switches to show
system and hidden files, and the /S switch to search all subdirectories.
At the end of the command, use the redirect to file to get a file you can
actually read: dir /ah /S >>list.txt

Clear *all* the temp folders and content.ie5 folders. This is a prime
location and entry point for malware. Look in the System32 folder for
files that shouldn't be there.

You can attach that drive to another well-protected system and scan it as a
hosted drive. Trying to gain control of an actively infected drive can be
difficult, but hosting it makes the process a lot easier since the
infections can't launch at boot.

Because you don't boot from it, there is very limited opportunity for
infection to spread to the host system. You might try using the Trend
Micro Housecall online scanner since its files are online they are much
harder to compromise.

HTH
-pk
 
On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:

>Last nite my PC behaves normally, but this morning, it took over 1
>hour to boot up the XP.
>
>Now, in the tasking tray, I see tons and tons of messages are being
>sent out !
>
>I have not configure this PC to send out emails. I use webmails. But
>now my PC is sending out tons and tons of emails !!
>
>The symantec norton antivirus is doing the "Symantec Email Scan" on
>those emails and the emails are jamming up the system.
>
>What can I do ????
>
>What software should I use to remove this security breach ????
>
>Please help !!!!
>
>Thank you !!

You should of course revert to the latest known clean state - which
ultimately means flatten and rebuild.
 
Straight Talk wrote:
> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:
>
>> Last nite my PC behaves normally, but this morning, it took over 1
>> hour to boot up the XP.
>>
>> Now, in the tasking tray, I see tons and tons of messages are being
>> sent out !
>>
>> I have not configure this PC to send out emails. I use webmails. But
>> now my PC is sending out tons and tons of emails !!
>>
>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>> those emails and the emails are jamming up the system.
>>
>> What can I do ????
>>
>> What software should I use to remove this security breach ????
>>
>> Please help !!!!
>>
>> Thank you !!
>
> You should of course revert to the latest known clean state - which
> ultimately means flatten and rebuild.

Well, that's a bit dire - it may not be at all necessary. It *might* be, but
it isn't the first thing I'd try.
 

> >Thank you !!
>
> You should of course revert to the latest known clean state - which
> ultimately means flatten and rebuild.

1. Get some nice free spyware remover, or at least scanner to get the
names of parasites. SuperAntiSpyware or Malwarebytes anti-malware to
name a few that have free versions, spyware terminator, etc.
2. If you opt for software that offers free scans only (Spyware
Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it
finds, there might be free solutions/information about these
parasites. Especially if you want to get out from this freely. You can
pay for them, if you wish.
3. Post hijackthis logs in forums and wait for help.

For the future, I strongly suggest updating browser if you still use
IE older than 6. IE 7 is much better if your PC can handle it.
 
Lanwench [MVP - Exchange] wrote:
> Straight Talk wrote:
>
>>On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:
>>
>>
>>>Last nite my PC behaves normally, but this morning, it took over 1
>>>hour to boot up the XP.
>>>
>>>Now, in the tasking tray, I see tons and tons of messages are being
>>>sent out !
>>>
>>>I have not configure this PC to send out emails. I use webmails. But
>>>now my PC is sending out tons and tons of emails !!
>>>
>>>The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>those emails and the emails are jamming up the system.
>>>
>>>What can I do ????
>>>
>>>What software should I use to remove this security breach ????
>>>
>>>Please help !!!!
>>>
>>>Thank you !!
>>
>>You should of course revert to the latest known clean state - which
>>ultimately means flatten and rebuild.
>
>
> Well, that's a bit dire - it may not be at all necessary. It *might* be, but
> it isn't the first thing I'd try.
>
>
Well, you've certainly picked up some malware. I wonder how Symantec
missed it.
 
Tom wrote:
> Lanwench [MVP - Exchange] wrote:
>> Straight Talk wrote:
>>
>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>> wrote:
>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>> hour to boot up the XP.
>>>>
>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>> sent out !
>>>>
>>>> I have not configure this PC to send out emails. I use webmails.
>>>> But now my PC is sending out tons and tons of emails !!
>>>>
>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>> those emails and the emails are jamming up the system.
>>>>
>>>> What can I do ????
>>>>
>>>> What software should I use to remove this security breach ????
>>>>
>>>> Please help !!!!
>>>>
>>>> Thank you !!
>>>
>>> You should of course revert to the latest known clean state - which
>>> ultimately means flatten and rebuild.
>>
>>
>> Well, that's a bit dire - it may not be at all necessary. It *might*
>> be, but it isn't the first thing I'd try.
>>
>>
> Well, you've certainly picked up some malware. I wonder how Symantec
> missed it.



I have? Oh my god! And I don't even *have* Symantec software on here!

Wait. Symantec *is* malware, and you must not have meant to reply to *me* .

:-)
 
"Lanwench [MVP - Exchange]"
wrote in message
news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
> Tom wrote:
>> Lanwench [MVP - Exchange] wrote:
>>> Straight Talk wrote:
>>>
>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>> wrote:
>>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>>> hour to boot up the XP.
>>>>>
>>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>>> sent out !
>>>>>
>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>
>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>>> those emails and the emails are jamming up the system.
>>>>>
>>>>> What can I do ????
>>>>>
>>>>> What software should I use to remove this security breach ????
>>>>>
>>>>> Please help !!!!
>>>>>
>>>>> Thank you !!
>>>>
>>>> You should of course revert to the latest known clean state - which
>>>> ultimately means flatten and rebuild.
>>>
>>>
>>> Well, that's a bit dire - it may not be at all necessary. It *might*
>>> be, but it isn't the first thing I'd try.
>>>
>>>
>> Well, you've certainly picked up some malware. I wonder how Symantec
>> missed it.
>
>
>
> I have? Oh my god! And I don't even *have* Symantec software on here!
>
> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
> .
>
> :-)
>
You must be the only one that doesn't have Symantec. -)


--
Computers make very fast, very accurate mistakes.
 
Ricky wrote:
> "Lanwench [MVP - Exchange]"
> wrote in
> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>> Tom wrote:
>>> Lanwench [MVP - Exchange] wrote:
>>>> Straight Talk wrote:
>>>>
>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>>> wrote:
>>>>>> Last nite my PC behaves normally, but this morning, it took over
>>>>>> 1 hour to boot up the XP.
>>>>>>
>>>>>> Now, in the tasking tray, I see tons and tons of messages are
>>>>>> being sent out !
>>>>>>
>>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>>
>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan"
>>>>>> on those emails and the emails are jamming up the system.
>>>>>>
>>>>>> What can I do ????
>>>>>>
>>>>>> What software should I use to remove this security breach ????
>>>>>>
>>>>>> Please help !!!!
>>>>>>
>>>>>> Thank you !!
>>>>>
>>>>> You should of course revert to the latest known clean state -
>>>>> which ultimately means flatten and rebuild.
>>>>
>>>>
>>>> Well, that's a bit dire - it may not be at all necessary. It
>>>> *might* be, but it isn't the first thing I'd try.
>>>>
>>>>
>>> Well, you've certainly picked up some malware. I wonder how
>>> Symantec missed it.
>>
>>
>>
>> I have? Oh my god! And I don't even *have* Symantec software on here!
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to
>> *me* .
>>
>> :-)
>>
> You must be the only one that doesn't have Symantec. -)

Oh, not by a long shot!
 
David H. Lipman wrote:
> From: "Lanwench [MVP - Exchange]"
>
>
>
>>> You must be the only one that doesn't have Symantec. -)
>>
>> Oh, not by a long shot!
>>
>
> I wish people would not confuse Norton AV with Symantec AV.
> The difference between the corporate offering (Symantec AV) vs. the
> retail offering (Norton AV) is night and day.
>
> It is the retail version that pisses people off.

Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
enterprise products, so I don't think I fall into the category of person to
which you refer. The only Symantec stuff I use at any client site is
BackupExec, and that's because I used to adore Veritas and Symantec hasn't
managed to entirely kill off that good product yet.
 
On Sun, 9 Mar 2008 11:09:17 -0400, "Lanwench [MVP - Exchange]"
wrote:

>Straight Talk wrote:
>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu wrote:
>>
>>> Last nite my PC behaves normally, but this morning, it took over 1
>>> hour to boot up the XP.
>>>
>>> Now, in the tasking tray, I see tons and tons of messages are being
>>> sent out !
>>>
>>> I have not configure this PC to send out emails. I use webmails. But
>>> now my PC is sending out tons and tons of emails !!
>>>
>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>> those emails and the emails are jamming up the system.
>>>
>>> What can I do ????
>>>
>>> What software should I use to remove this security breach ????
>>>
>>> Please help !!!!
>>>
>>> Thank you !!
>>
>> You should of course revert to the latest known clean state - which
>> ultimately means flatten and rebuild.
>
>Well, that's a bit dire - it may not be at all necessary.

Problem is, you wouldn't be able to tell whether it is or not unless
you have a baseline.

>It *might* be, but it isn't the first thing I'd try.

Trial and error against malware is a common but very stupid approach.
 
On Sun, 9 Mar 2008 09:01:08 -0700 (PDT), giedrius.majauskas@gmail.com
wrote:

>
>> >Thank you !!
>>
>> You should of course revert to the latest known clean state - which
>> ultimately means flatten and rebuild.
>
>1. Get some nice free spyware remover, or at least scanner to get the
>names of parasites.

How about getting a clue instead.

>SuperAntiSpyware or Malwarebytes anti-malware to
>name a few that have free versions, spyware terminator, etc.

What makes you believe these will work? - Advertising?

>2. If you opt for software that offers free scans only (Spyware
>Doctor, CounterSpy, SpySpweeper, etc), google for spyware names it
>finds, there might be free solutions/information about these
>parasites. Especially if you want to get out from this freely. You can
>pay for them, if you wish.

Yeah, fill up your machine with anti-crap.....

>3. Post hijackthis logs in forums and wait for help.
>
>For the future, I strongly suggest updating browser if you still use
>IE older than 6. IE 7 is much better if your PC can handle it.

Better stay away from IE completely (with IE7 on Vista in protected
mode as a possible exception).
 
On Sun, 9 Mar 2008 21:39:46 -0500, "Ricky"
wrote:

>
>"Lanwench [MVP - Exchange]"
> wrote in message
>news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>> Tom wrote:
>>> Lanwench [MVP - Exchange] wrote:
>>>> Straight Talk wrote:
>>>>
>>>>> On Sat, 8 Mar 2008 16:43:53 -0800 (PST), penang@freemail.c3.hu
>>>>> wrote:
>>>>>> Last nite my PC behaves normally, but this morning, it took over 1
>>>>>> hour to boot up the XP.
>>>>>>
>>>>>> Now, in the tasking tray, I see tons and tons of messages are being
>>>>>> sent out !
>>>>>>
>>>>>> I have not configure this PC to send out emails. I use webmails.
>>>>>> But now my PC is sending out tons and tons of emails !!
>>>>>>
>>>>>> The symantec norton antivirus is doing the "Symantec Email Scan" on
>>>>>> those emails and the emails are jamming up the system.
>>>>>>
>>>>>> What can I do ????
>>>>>>
>>>>>> What software should I use to remove this security breach ????
>>>>>>
>>>>>> Please help !!!!
>>>>>>
>>>>>> Thank you !!
>>>>>
>>>>> You should of course revert to the latest known clean state - which
>>>>> ultimately means flatten and rebuild.
>>>>
>>>>
>>>> Well, that's a bit dire - it may not be at all necessary. It *might*
>>>> be, but it isn't the first thing I'd try.
>>>>
>>>>
>>> Well, you've certainly picked up some malware. I wonder how Symantec
>>> missed it.
>>
>>
>>
>> I have? Oh my god! And I don't even *have* Symantec software on here!
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
>> .
>>
>> :-)
>>
>You must be the only one that doesn't have Symantec. -)

Had it on my first comp back in `99 for a month .
 
From: "Lanwench [MVP - Exchange]"


|
| Well, I'm pretty pissed off at Symantec's abyssmal tech support for their
| enterprise products, so I don't think I fall into the category of person to
| which you refer. The only Symantec stuff I use at any client site is
| BackupExec, and that's because I used to adore Veritas and Symantec hasn't
| managed to entirely kill off that good product yet.
|

That, I agree with you.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"Ricky" wrote in message
news:Wb1Bj.5481$r76.533@bignews8.bellsouth.net...
>
> "Lanwench [MVP - Exchange]"
> wrote in
> message news:uckc29kgIHA.748@TK2MSFTNGP04.phx.gbl...
>>
>> Wait. Symantec *is* malware, and you must not have meant to reply to *me*
>> .
>>
>> :-)
>>
> You must be the only one that doesn't have Symantec. -)


Wouldn't have it anywhere near one of my machines or a customer's.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email
 
"David H. Lipman" wrote in message
news:WK1Bj.2731$HA3.948@trnddc02...
> From: "Lanwench [MVP - Exchange]"
>
>
>
>>> You must be the only one that doesn't have Symantec. -)
> |
> | Oh, not by a long shot!
> |
>
> I wish people would not confuse Norton AV with Symantec AV.
> The difference between the corporate offering (Symantec AV) vs. the retail
> offering (Norton
> AV) is night and day.
>
> It is the retail version that pisses people off.


If they foist that crap on the poor, ignorant public they don't deserve
respect for anything.

--
Frank Saunders MS-MVP IE,OE/WM
www.fjsmjs.com
Do not reply with email
 
Straight Talk wrote:


>>>
>>> You should of course revert to the latest known clean state - which
>>> ultimately means flatten and rebuild.
>>
>> Well, that's a bit dire - it may not be at all necessary.
>
> Problem is, you wouldn't be able to tell whether it is or not unless
> you have a baseline.
>
>> It *might* be, but it isn't the first thing I'd try.
>
> Trial and error against malware is a common but very stupid approach.

Nonsense. It depends entirely on the severity of the infestation. I won't
spend hours and hours on a troubled workstation, but if I can pretty easily
remove a not-very-invasive piece of malware or two, I simply do so. I don't
tell a client, "Sorry I saw a popup - it's format time!" What is a "stupid
approach" (I merely quote you I tend not to use such derogatory language)
is any hard and fast rule applied blindly regardless of situation.
 
Back
Top