wrote in message
news:284d05e7-7d2a-425d-87fe-4279d9af68c8@e6g2000prf.googlegroups.com...
> Last nite my PC behaves normally, but this morning, it took over 1
> hour to boot up the XP.
>
> Now, in the tasking tray, I see tons and tons of messages are being
> sent out !
>
> I have not configure this PC to send out emails. I use webmails. But
> now my PC is sending out tons and tons of emails !!
>
> The symantec norton antivirus is doing the "Symantec Email Scan" on
> those emails and the emails are jamming up the system.
>
> What can I do ????
>
> What software should I use to remove this security breach ????
>
> Please help !!!!
>
> Thank you !!
The very first thing you should do is to disconnect the PC from any network
connection or telephone line, so that it cannot send anything. Then, you
can start scanning and manually searching for files that shouldn't be
running or in existence. Process Explorer and Hijack This are good
starting points.
Look for .exe and .dll files that have apparently random names. If you
delete them and new ones come back, there is another file that is creating
them you've missed.
Often these files are hidden away, so doing searches for hidden and system
files can often identify malware. Go to a command prompt, and from the
root directory use the dir command with the /a:h and /a:s switches to show
system and hidden files, and the /S switch to search all subdirectories.
At the end of the command, use the redirect to file to get a file you can
actually read: dir /ah /S >>list.txt
Clear *all* the temp folders and content.ie5 folders. This is a prime
location and entry point for malware. Look in the System32 folder for
files that shouldn't be there.
You can attach that drive to another well-protected system and scan it as a
hosted drive. Trying to gain control of an actively infected drive can be
difficult, but hosting it makes the process a lot easier since the
infections can't launch at boot.
Because you don't boot from it, there is very limited opportunity for
infection to spread to the host system. You might try using the Trend
Micro Housecall online scanner since its files are online they are much
harder to compromise.
HTH
-pk