I just got a call, and will be working on this problem later tonight...just figured I'd try to get a heads up with this one, hoping that if I post about it in advance, someone will recognize the problem from their past experiences and offer some (extremely) helpfull advice!

I got a call from a friend last night and she said that all of a sudden, she gets pop ups saying "symantec email proxy", and it seemed as if all the computer was doing was sending emails, and wouldn't let her do anything else. Bear in mind that all this was over the phone, so I haven't seen the actual error, but she said that "symantec email proxy" was exactly what it said. I talked her through some stuff and she said that it doesn't seem to have anything at all in the programs under "symantec client security" (which is a version of nortons anti virus), or anything under "Nortons". Not even a partial match.

Has anyone ever heard of anything like this before? Any advice on how to approach this one?

Thanks in advance for all your help!!!!!

From this explanation it sounds as if she has been attacked. I will post the cleaning proceeders to possiblly get this under control. After running these cleaning programs & rebooting several times I would also recommend posting a HJT Log in the HJT Forum to have someone take a look and make sure everything is clean and not reinstalling upon reboot.

See this article:
Taking out the trash

See this article:
The Parasite Fight


Have you tried a complete cleaning to see if that helps?

Show all Files & Folders
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Run these free tools.

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger/

Trendmicro (free virus scan only)
http://housecall.trendmicro.com/

Ewido (free Trojan Scan)
http://www.ewido.net/en/download/

Adware SE (update after installing)
http://www.lavasoftusa.com/software/adaware/

Spybot S&D (update after installing)
http://www.download.com/Spybot-Search-Dest...4-10122137.html


After doing this and the problems are not better feel free to post a HJT log.
Be sure to read the How to submit a HJT Log and submit it to the appropriate forum. HJT Forum links provided below.

How to submit a Hijackthis Log
http://www.bleepingcomputer.com/forums/How...s_Log-t956.html

HJT Forum
http://www.bleepingcomputer.com/forums/Hij...alysis-f22.html

Thanks for the help River_Rat, and BTW, those articles are jampacked with great (and helpful!) info....i'll end up printing them out when I get home!

I've yet to actually look at the computer, so I haven't cleaned it or done anything at all yet. I was just hoping that someone would say "Oh, ya, that happened to me a few months ago. Just click this and delete that and do this and this and it's fixed." LOL! I posted it because I've never run into a mass emailing program/virus before, so I was unsure of how to approach it!

Thanks!






















Man, I love this site!

Sounds great Steve let us know how things are progressing.


Grinler puts a lot of work into this place and is packed with all kinds of information.
One can read for weeks and still not see it all..

Check all these too:
http://www.bleepingcomputer.com/tutorials/
http://www.bleepingcomputer.com/resources/
http://www.bleepingcomputer.com/glossary/

I've put a post in the HJT area. I'll have to go from there, because when I got there last night, OMG it was bad.....kinda. I didn't see ANYTHING to do with mass mailing of anything at all! I did notice that their symantec antivirus was uninstalled......weird thing is that it's removed from their computer completely, with the exception being the symantec live update. I know that when you uninstall symantec manually, it automatically removes the live update part of the program...but it was still there, and I couldn't find the folders for the symantec AV anywheres, only folders for the live update.

Despite the fact that there was no longer any AV on the comp, I couldn't get to the internet, and there were pop ups....blank because they couldn't get to the internet either (ha ha!). I had run a bunch of those programs that you recommended, and when I left I was able to get to the internet with only 1 or 2 pop ups....pretty good progress if I don't say so myself!

Well, I'll have to wait and see what comes out of that post in the HJT area.

Thanks for the help River_Rat! I appreciate it!

By all means equip that computer with a resident anti-virus and a firewall as soon as possible. This will prevent any further infestation, and prevent any malware from contacting the web.
Regards,
John

You're Welcome Steve, sounds as if you are on the right track.

I personally am not a big fan of Norton or McAfee (resource hogs) JMO, there are several free Antivirus & Firewall programs that in my opinion work just as good as long as you practice Safe Hex...

Safe Hex - Safe Computing Tips
http://www.claymania.com/safe-hex.html

Have you tried to access the internet thru Safe Mode with Networking? You could download your security software and the boot to windows for the install.

Good luck.

Their computer is running....just not as well as it should. I think that I'm going to switch them over to free AV as suggested. As far as resources, all they do on that computer is print checks (they own a business) and browse the internet. No gaming, photoshoping or anything of that sort that requires a lot from the cpu.

I ran it in safe mode to do the adaware and ewido scans. I tried to walk her through it on the phone, but she's computer illiterate LOL!