Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 17:48
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my hotmail is emailing viruses or spam, stop it??
Show topics
 
Forums
Forums
My Hotmail is emailing viruses or spam, stop it??
  Jump to:
 
Posted Message
tdurham
Newbie
_ 		24. May 2006 @ 05:25 _ Link to this message    Send private message to this user   
My hotmail is sending a virus or spam email to everyone on my messenger list. It has done so twice. I need to stop this any help would be great

Here is the message it is mailing,

Date: Wed, 17 May 2006 11:37:29 -0300

Hi! How are you?
You know I've created my own website!
Can you check how it works?
It's http://www.kisenfad.com/test
Can you see video?
Bye!
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		24. May 2006 @ 09:43 _ Link to this message    Send private message to this user   
Hi tdurham. You propably have malware on your computer that is sending those messages. Please post a HijackThis log to here and we'll get you cleaned.

Instructions for posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
[ + quote]
tdurham
Newbie
_ 		24. May 2006 @ 17:03 _ Link to this message    Send private message to this user   
Thanks for the help my email list will appreciate it


here is the log,

Logfile of HijackThis v1.99.1
Scan saved at 6:02:21 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\etlisrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Oracle\Ora817\BIN\TNSLSNR.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
c:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hub.slb.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hub.slb.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Sun ONE Synchronization - iPlanet] C:\Program Files\Common Files\XCPCSync\Translators\iPlanet\iPlanetTray.exe
O4 - HKLM\..\Run: [Password Reminder] remind.vbs
O4 - HKLM\..\Run: [RUNRADTRAY] C:\PROGRA~1\Novadigm\radtray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [GetInfo] C:\Program Files\Network Associates\Common Framework\GetInfo.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.slb.com
O17 - HKLM\Software\..\Telephony: DomainName = nam.slb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.slb.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: slbScCertProp - %windir%\system32\ScCertProp.dll (file missing)
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
O23 - Service: Entrust/TrueDelete(TM) (ETDSVC) - Entrust Technologies Ltd. - C:\WINDOWS\system32\etdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OracleOraHome817Agent - Oracle Corporation - C:\Oracle\Ora817\bin\dbsnmp.exe
O23 - Service: OracleOraHome817ClientCache - Unknown owner - C:\Oracle\Ora817\BIN\ONRSD.EXE
O23 - Service: OracleOraHome817DataGatherer - Oracle Corporation - C:\Oracle\Ora817\bin\vppdc.exe
O23 - Service: OracleOraHome817HTTPServer - Unknown owner - C:\Oracle\Ora817\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome817PagingServer - Unknown owner - C:\Oracle\Ora817/bin/pagntsrv.exe
O23 - Service: OracleOraHome817TNSListener - Unknown owner - C:\Oracle\Ora817\BIN\TNSLSNR.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
[ + quote]
JaPK
Senior Member
_ 		24. May 2006 @ 22:00 _ Link to this message    Send private message to this user   
Hi again.

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Do you know anything about this entry?

O4 - HKLM\..\Run: [Password Reminder] remind.vbs

Then you could run th following virus scan:

Download eScan to your desktop -> http://www.spywareinfo.dk/download/mwav.exe
Run the file mwav.exe and unzip it to its default location, C:\Kaspersky

1. Updating the scanner (close the eScan window if open)
-> Go to My Computer
-> C:\
-> Kaspersky
-> Run the file kavupd.exe, it starts downloading updates
-> When downloading is finished, go to C:\Downloads
-> Copy all the files in the Downloads folder by pressing CTRL+A and then CTRL+C
-> Then go back to the C:\Kaspersky folder and paste the files by pressing CTRL+V
-> Answer Yes to all when it asks about replacing files
-> Now the scanner has been updated

2. Scanner settings
-> Go to folder C:\Kaspersky and run the file mwavscan.com (or mwavscan.exe)
-> The scanner window opens
-> Select the same settings than in this picture -> http://koti.mbnet.fi/pattaya1/eScan6.jpg
-> When ready, press the Scan Clean button
-> Scanning for infections begins

3. Posting the results
-> When the scan has finished (scan may take a quite long time), you'll need to post the findings
-> Copy all the text in this field -> http://koti.mbnet.fi/pattaya1/eScan10.jpg
-> Click the field, press CTRL+A, CTRL+C
-> Then open Notepad and paste the findings into a new document by pressing CTRL+V
-> Save the document to your desktop
-> Post the contents of that textfile to here
[ + quote]
tdurham
Newbie
_ 		26. May 2006 @ 05:43 _ Link to this message    Send private message to this user   
I don't know anything about that particular entry?


I went through all the directions you posted (thanks again) and yet there was nothing in the field you specified. THis is a bran new computer the problem began on an old computer that is not connected. Hotmail has sent one mass email since through my account though.

Am I stuck having to delete the account I've had for almost 10 years now? This would be a real pain....
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		26. May 2006 @ 09:59 _ Link to this message    Send private message to this user   
Ok it is possible that your email adress has been added to some spamming list...

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O4 - HKLM\..\Run: [Password Reminder] remind.vbs
O20 - Winlogon Notify: slbScCertProp - %windir%\system32\ScCertProp.dll (file missing)

Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: remind.vbs

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my hotmail is emailing viruses or spam, stop it??
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork