Thread: virus is trying to send emails
View Single Post
Old 01-06-2006, 06:23 AM   #1 (permalink)
boys2men
Registered User
 
Join Date: Jan 2006
Posts: 5
OS: XP


virus is trying to send emails
when i was surfing the net last sunday the norton antivirus pop up said that a virus was detected. backdoor trojan and has already been deleted. so i went on with my surfing and downloading. after a few minutes symantec mini windows appear simultaneously nonstop. it reached 50 windows.then it slowed down my surfing speed. actually i can't do anything anymore. the windows kept on popping up interfering with my surfing then the page load very slowly and almost always results in page error. so i disconnected hoping that when i reconnect the problem will be gone....

so i found out that when i connect to the internet after 2 minutes the common client CC App will appear in the taskbar then a mini symantec window will appear on the lower right or left of my monitor.about 40
windows will appear all at the same time. then the message states "scanning message 1 of 1" when the scanning reached 100% a symantec email proxy window will appear stating "your email message was unable to be sent because your mail server rejected the recepient 452 too many recepients received this hour." or "your email message to <ente60@msn.com> with the subject ----- was unable to be sent because the connection to your mail server was interupted. pls open your mail client and re send msg from the sent message folder"

here's the thing... i'm not sending any emails. my yahoo account wasn't even open. i never used my outlook.then the email address attached in the symantec window... i dont know any of them...

I have downloaded hijackthis, and have extarcted the following log file. What do I have to do next guys. Please help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:56:10 PM, on

6/01/2006
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00

SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32

\winlogon.exe
C:\WINDOWS\system32

\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common

Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common

Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common

Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common

Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program

Files\Java\jre1.5.0_06

\bin\jusched.exe
C:\Program

Files\Synaptics\SynTP\SynTPLpr.

exe
C:\Program

Files\Synaptics\SynTP\SynTPEnh.

exe
C:\Program Files\Common

Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick

Launch Buttons\EabServr.exe
C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe
C:\Program

Files\Musicmatch\Musicmatch

Jukebox\mm_tray.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.

exe
C:\WINDOWS\system32

\rundll32.exe
C:\Program Files\Common

Files\InstallShield\UpdateServi

ce\issch.exe
C:\Program Files\Google\Google

Desktop

Search\GoogleDesktop.exe
C:\Program

Files\iTunes\iTunesHelper.exe
C:\Program

Files\QuickTime\qttask.exe
C:\Program Files\Common

Files\VCClient\VCMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\Program Files\ewido\security

suite\ewidoguard.exe
C:\Program

Files\Musicmatch\Musicmatch

Jukebox\mim.exe
C:\Program Files\Google\Google

Desktop

Search\GoogleDesktopIndex.exe
C:\Program Files\Common

Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton

AntiVirus\navapsvc.exe
C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Google\Google

Desktop

Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google

Desktop

Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32

\UAService7.exe
C:\Program Files\Common

Files\Symantec Shared\Security

Center\SymWSC.exe
C:\Program

Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google

Desktop

Search\GoogleDesktopOE.exe
C:\Program Files\Microsoft

AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Norton

AntiVirus\OPScan.exe
C:\Documents and

Settings\George\Desktop\hijackt

his_sfx.exe
C:\Program

Files\HijackThis\HijackThis.exe
C:\Program

Files\Messenger\msmsgs.exe

R1 -

HKCU\Software\Microsoft\Interne

t

Explorer\Main,Default_Page_URL

= about:blank
R1 -

HKCU\Software\Microsoft\Interne

t

Explorer\Main,Default_Search_UR

L = about:blank
R1 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/r

dr?

TYPE=3&tp=iesearch&locale=EN_AU

&c=Q105&bd=presario&pf=laptop
R1 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Search Page =

about:blank
R1 -

HKLM\Software\Microsoft\Interne

t

Explorer\Main,Default_Page_URL

= about:blank
R0 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Local Page =

about:blank
R0 -

HKLM\Software\Microsoft\Interne

t Explorer\Main,Local Page =

about:blank
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06

\bin\ssv.dll
O2 - BHO: Google Toolbar Helper

- {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-

FADC6B084872} - C:\Program

Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus

- {42CDD1BF-3FFB-4238-8AD1-

7859DF00B1D6} - C:\Program

Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32

\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run:

[SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06

\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr]

C:\Program

Files\Synaptics\SynTP\SynTPLpr.

exe
O4 - HKLM\..\Run: [SynTPEnh]

C:\Program

Files\Synaptics\SynTP\SynTPEnh.

exe
O4 - HKLM\..\Run: [ccApp]

"C:\Program Files\Common

Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run:

[SSC_UserPrompt] C:\Program

Files\Common Files\Symantec

Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run:

[eabconfg.cpl] C:\Program

Files\HPQ\Quick Launch

Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset]

C:\Program Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1]

C:\WINDOWS\ime\imkr6_1

\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002]

C:\WINDOWS\system32

\IME\PINTLGNT\ImScInst.exe

/SYNC
O4 - HKLM\..\Run:

[PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run: [PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run: [Symantec

NetDriver Monitor] C:\PROGRA~1

\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ]

"C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot]

C:\Program

Files\Musicmatch\Musicmatch

Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray]

C:\Program

Files\Musicmatch\Musicmatch

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsched.

exe" -osboot
O4 - HKLM\..\Run:

[BluetoothAuthenticationAgent]

rundll32.exe

bthprops.cpl,,BluetoothAuthenti

cationAgent
O4 - HKLM\..\Run:

[ISUSScheduler] "C:\Program

Files\Common

Files\InstallShield\UpdateServi

ce\issch.exe" -start
O4 - HKLM\..\Run:

[UpdateManager] "C:\Program

Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Google

Desktop Search] "C:\Program

Files\Google\Google Desktop

Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run:

[iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [Error Nuker]

C:\Program Files\Error

Nuker\bin\ErrorNuker.exe

autostart
O4 - HKCU\..\Run: [CU2]

C:\Program Files\Common

Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe

Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O8 - Extra context menu item:

&Google Search -

res://c:\program

files\google\GoogleToolbar2.dll

/cmsearch.html
O8 - Extra context menu item:

Backward Links -

res://c:\program

files\google\GoogleToolbar2.dll

/cmbacklinks.html
O8 - Extra context menu item:

Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar2.dll

/cmcache.html
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4

\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item:

Similar Pages -

res://c:\program

files\google\GoogleToolbar2.dll

/cmsimilar.html
O8 - Extra context menu item:

Translate into English -

res://c:\program

files\google\GoogleToolbar2.dll

/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program

Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra 'Tools' menuitem:

Sun Java Console - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1

\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a:

C:\Program Files\Internet

Explorer\PLUGINS\npqtplugin5.dl

l
O14 - IERESET.INF:

START_PAGE_URL=http://ie.redire

ct.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_AU&c

=Q105&bd=presario&pf=laptop
O15 - Trusted Zone:

*.musicmatch.com
O15 - Trusted Zone:

*.musicmatch.com (HKLM)
O16 - DPF: {15A02B79-60BB-42B8

-814E-BF8364106B9E} (Pco3

Window (Commsec) Control) -

http://images.commsec.com.au/do

wnloads/pco3/Pco3X_Commsec.cab
O16 - DPF: {17492023-C23A-453E

-A040-C7C580BBF700} (Windows

Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/

?linkid=39204
O16 - DPF: {6414512B-B978-451D

-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microso

ft.com/v5consumer/V5Controls/en

/x86/client/wuweb_site.cab?

1115639608982
O16 - DPF: {B38870E4-7ECB-40DA

-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadContr

ol Class) -

http://messenger.msn.com/downlo

ad/MsnMessengerSetupDownloader.

cab
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-

8E305202313F} - "C:\PROGRA~1

\MSNMES~1\msgrapp.dll" (file

missing)
O20 - Winlogon Notify: igfxcui

- C:\WINDOWS\SYSTEM32

\igfxsrvc.dll
O20 - Winlogon Notify: msupdate

- C:\WINDOWS\SYSTEM32

\msupdate32.dll
O23 - Service: Symantec Event

Manager (ccEvtMgr) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec

Password Validation (ccPwdSvc)

- Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec

Settings Manager (ccSetMgr) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: ewido security

suite control - ewido networks

- C:\Program

Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security

suite guard - ewido networks -

C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: HP WMI Interface

(hpqwmi) - Hewlett-Packard

Development Company, L.P. -

C:\Program

Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe
O23 - Service: iPodService -

Apple Computer, Inc. -

C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus

Auto-Protect Service (navapsvc)

- Symantec Corporation -

C:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus

Firewall Monitor Service

(NPFMntor) - Symantec

Corporation - C:\Program

Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan -

Symantec Corporation -

C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking

Service (SBService) - Symantec

Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1

\SBServ.exe
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec

SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C:\Program

Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec Corporation

- C:\Program Files\Common

Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: SecuROM User

Access Service (V7)

(UserAccess7) - Unknown owner -

C:\WINDOWS\system32

\UAService7.exe
boys2men is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here