3 replies to this topic

[mikewild]

Logfile of HijackThis v1.99.1 Scan saved at 20:12:54, on 24/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Hi I've suddenly started getting 30+ mail delivery failures each day which are being sent to my e-mail address, but which I certainly didn't send. Interestingly, the senders address appears to be a random set of letters at my e-mail account. However the original e-mail does not appear in my sent items. These e-mails are then being bounced back by various blockers and filters on the web. I've got the latest McAffee anti virus software up and running - but that doesn't seem to be picking anything up. Any ideas? Regards Mike

[Doug]

Hi mikewild,

You've got a worm that is beyond annoying and in the realm of dangerous to your personal information and the personal address and information of anyone in your friends list or address book.

You can do a few things to get partially cleaned up and better ready to receive assistance over in the Malware Removal Forum, where you will ultimately need to go for expert assistance.

Please download, update, and run Spybot Search & Destroy and Ad-Aware SE Personal (both are free)
Download SpyBot Search & Destroy
Download (Free Version) Ad-Aware Personal
(The (Free) download is the fourth column)

If you need instructions for the above download, installation, update and run, read here:
How to install and setup SpyBot S & D and Ad-Aware

Next:
To get rid of Temp and Temporary Internet Files where this kind of malware hides and gets its first toe-hold in a machine:
Download, install and Run CleanUp! 4.51
http://www.stevengould.org

Next:
Run the following Online scans and post their Report back into this Forum Thread
Run Panda ActiveScan
Panda Active Scan
Run AVG Ewido Online Scan
AVG Ewido Online Scan


Next:
Create a New Folder on your C:\ Drive and Rename is to appear as follows --> C:\HiJackThis\

Go here to download HighJackThis.exe (fifth button down in the left-hand column)
Download HighJackThis.exe Here
Save HighJackThis.exe into your newly created Folder C:\HiJackThis\

Please run HighJackThis, by double clicking on HighJackThis.exe
Select "Run a system scan and save a log file"
HJT will scan your machine and create a NotePad Log of the HJT Scan.
In NotePad, Select Edit - Select All and then Copy

Paste the HighJackThis Log into the Malware Removal Forum as a New Topic, here:

http://forums.tomcoy...hp?showforum=27

Write a brief description of the problems you have encountered and give a link to this thread, so that the Expert will know what you've done up to this point.

Also include the link to this Forum where you will be posting your Panda ActiveScan and AVG Ewido Reports, since the Trusted Advisor that will respond to you over in the Malware Removal Forum will benefit from these reports.

Best Regards

[mikewild]

Many thanks Dough I've done just that, and the new post on the malware forum has now been posted Interestingly the AVG Ewido Online Scan didn't produce a log file since it thought my system was clean (it's definately not!) Let's see what the malware form comes back with Thanks for your help Mike

[Micah_6:8]

Consider this: It's possible you have no infection. Mass mailing email worms can "spoof" (falsify) the "from" address in emails they send. It's possible someone who has your email address in their addressbook has been infected with a mass mailing email worm that is using your email address as the "sender". But when the email is undeliverable, it get's bounced back to you. I used to run a website that received "bounced" emails almost everyday that we never sent. Obviously, someone who had the website email address in their addressbook was infected with such a worm. I looked at your HijackThis! log. Nothing of any consequence is present.