Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec Email Proxy Popup Windows


  • Please log in to reply
15 replies to this topic

#1 Andrew T Graham

Andrew T Graham

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 27 February 2008 - 02:26 PM

Hello,

My name is Andrew and i'm thinking my computer has been infected. I constantly get Symantec Email Proxy Popup windows as soon as my computer loads to the desktop. I do not have any email programs linked to Symantec and have seen other cases like this but not sure how to deal with it. I keep on ending the .exe file that is responsible for these popups when I log in but see this is only a temperary solution. I appreciate any help you can provide, and will be checking here very frequently to act on your advice.

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 28 February 2008 - 12:48 AM

Hello Andrew,

What is your operating system: Windows XP, Vista etc.?

What is the name and file path of the exe responsible?

Do you have any security programs in addition to Symantec?

Have you tried running Symantec in Safe Mode?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 28 February 2008 - 03:21 AM

1. Windows XP
2. The .exe responsible is CCAPP.EXE (but I think that's just the part of Symatec which is giving me the repeat warnings
3. I think I only have Symantec

I will try running in safe mode today.

Thanks for the quick response!!
Andrew

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 01 March 2008 - 01:53 AM

Hello Andrew,

Did Symantec find anything in Safe Mode?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 02 March 2008 - 07:52 AM

No same problem in safe mode.
Symantec can't find any virus, spyware etc. So i'm assuming this infections got itself in pretty deep.

Andrew

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 02 March 2008 - 01:23 PM

Thanks for the information Andrew. Let's try a scan SuperAntiSpyware in Safe Mode and see if it comes up with anything. You will, of course, install it in Normal Mode.

Please download and install SUPERAntiSpyware free found here: SUPERAntiSpyware

Be sure to click on the download button to the left, not on the free trial download on the right.

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
Reboot into Safe Mode
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
Reboot into Normal Mode
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.

Please post the log in your next reply.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 04 March 2008 - 11:36 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2008 at 04:29 PM

Application Version : 4.0.1154

Core Rules Database Version : 3413
Trace Rules Database Version: 1405

Scan type : Complete Scan
Total Scan Time : 01:14:24

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 4137
Registry threats detected : 26
File items scanned : 31953
File threats detected : 1

Adware.E404 Helper/Variant-A
HKLM\Software\Classes\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\InprocServer32
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\InprocServer32#ThreadingModel
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\ProgID
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\Programmable
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\TypeLib
HKCR\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}\VersionIndependentProgID
C:\PROGRAM FILES\HELPER\1204061474.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}

Adware.E404 Helper/Hij
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Thats my report.
Thanks for that run through you gave me
Think the Popup windows are still coming up though.
Thanks aton.

Andrew

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 04 March 2008 - 11:28 PM

Hello Andrew,

You're welcome. Thanks for posting the log. I'm going to turn this thread over to someone with more experience than I as I'm unfamiliar with the kind of infection you have.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 05 March 2008 - 01:44 PM

Ok, thanks again

Hope to talk to you again (hopefully not over something like this)
Andrew

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 05 March 2008 - 05:09 PM

Hello Andrew,

I've consulted with some malware experts, and they suggested that you post an HJT log.

Please follow the directions in this guide. If you can't do a step, skip it and go on to the next. Then create an HJT log, you will find the directions in step 9 of the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log. Also, include the link to this thread and say that we sent you there.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Please post the link to your new thread as a reply to this topic so we know you are receiving help in the HJT forum.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 05 March 2008 - 05:10 PM.
fix grammar

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 08 March 2008 - 06:25 PM

That guide helped alot.
Problem appears to fixed along with PC being alot cleaner.

Thanks aton
Andrew

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 08 March 2008 - 10:53 PM

Hello Andrew,

If you're certain your computer is disinfected, to prevent possible reinfection, you should now flush your restore points because some of the malware may have been saved in System Restore.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup (This link provides the directions for XP Pro. For XP Home, Disk Cleanup will begin to run immediately. Let it finish then click on the More Options Tab as indicated below.) to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Please post back when you have completed that step or if you have any problems or questions about it.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 12 March 2008 - 03:01 PM

Thanks.
All is going well now, no problems appearing and I have many prevention methods in place now.

Andrew

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 12 March 2008 - 09:32 PM

Hello Andrew,

I'm glad things are working out. To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 Andrew T Graham

Andrew T Graham
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 14 March 2008 - 01:45 PM

Thanks i'll work my way through them




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users