Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mail Sending Problem


  • Please log in to reply
3 replies to this topic

#1 Maranello

Maranello

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 14 April 2008 - 05:56 PM

My computer have a a lot internet activity ! I checked out with another computer on the network(Linux, Iptables )
and find out that it`s sending mail to 240 different mail addresses. Those addresses are not in my address book.
I ran scan with AVG, Ad-Aware, NOD32, SpyBot S&D, Kaspersky and SUPERAntiSpyware.
I found some infections and removed them but
I can`t figure out "mail sending problem" ! sad.gif
Maybe this information is usefull: I`m not shore that it is related to this particular problem, but few weeks ago I
recived mail with title "Naked Britney Speares" and tryed to open it...



Deckard's System Scanner v20071014.68
Run by Luka on 2008-04-15 00:41:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Luka.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 00:45:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\INSTALL\dss.exe
C:\Program Files\Trend Micro\HijackThis\Luka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.hr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.savewealth.com/support/ie6/welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Shortcut to NET USE.lnk = C:\Documents and Settings\Luka\Desktop\NET USE.BAT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139966483125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175519655625
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F0B8445-0D10-435C-84F8-7D6676F5D704}: NameServer = 10.0.13.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe -k netsvcs
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 4240 bytes

-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-14 23:52:48 0 d-------- C:\Program Files\Trend Micro
2008-04-11 11:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-11 11:31:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-11 11:31:08 0 d-------- C:\Documents and Settings\Luka\Application Data\SUPERAntiSpyware.com
2008-04-11 11:30:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 00:35:28 0 d-------- C:\Documents and Settings\Luka\Application Data\Ethereal
2008-04-10 00:16:07 0 d-------- C:\Program Files\WinPcap
2008-04-10 00:15:12 0 d-------- C:\Program Files\Ethereal
2008-04-09 03:37:44 0 d-------- C:\Temp
2008-04-09 03:31:20 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-09 03:31:20 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-09 03:31:06 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-09 03:31:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 03:31:04 15136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-09 03:31:04 3184416 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-09 03:29:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-09 03:02:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-09 03:01:59 0 d-------- C:\Program Files\Security Task Manager <SECURI~1>
2008-04-09 02:54:49 0 dr-h----- C:\Documents and Settings\Luka\Recent
2008-04-09 02:30:21 0 d-------- C:\Documents and Settings\Luka\Application Data\Uniblue
2008-04-07 17:31:52 0 d-------- C:\Documents and Settings\Luka\Application Data\ESET
2008-04-07 17:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-07 17:03:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 17:03:35 0 d-------- C:\Program Files\SpywareBlaster
2008-04-07 15:49:25 0 d-------- C:\WINDOWS\Prefetch
2008-04-05 18:51:54 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-04 15:43:30 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-04 15:38:19 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-04-03 16:27:07 0 d-------- C:\VBS
2008-04-03 16:25:08 286720 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-04-03 16:25:07 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-03 15:27:03 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-02 14:30:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:12:58 0 d-------- C:\Program Files\Common Files\NSV
2008-04-01 21:01:02 0 d-------- C:\Program Files\ToniArts
2008-04-01 11:33:04 0 d-------- C:\Program Files\Lavasoft
2008-04-01 11:22:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-01 11:20:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-01 11:19:49 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-01 11:19:49 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-01 11:19:49 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-01 11:19:49 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-01 11:19:49 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-01 11:19:49 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-01 11:19:49 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-01 11:19:49 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-01 11:19:49 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-01 11:19:49 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-01 11:19:49 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-01 11:19:49 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-01 11:19:49 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-01 11:19:48 1794048 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-31 14:08:09 0 d-------- C:\DOKUMENTI
2008-03-31 07:21:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\WinIFixer.com
2008-03-31 07:20:35 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-31 07:20:35 0 dr------- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2008-04-11 11:30:51 0 d-------- C:\Program Files\Common Files
2008-04-07 15:41:18 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-01 21:01:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 11:50:58 0 d-------- C:\Documents and Settings\Luka\Application Data\Lavasoft
2008-02-20 10:43:11 0 d-------- C:\Program Files\ACAD2000


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [16.09.2004 16:15]
"RegistryMechanic"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [29.01.2007 23:02]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29.02.2008 16:03]

C:\Documents and Settings\Luka\Start Menu\Programs\Startup\
Shortcut to NET USE.lnk - C:\Documents and Settings\Luka\Desktop\NET USE.BAT [17.2.2006 16:30:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWOTOOLBOX]
C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe "-i"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-15 00:47:06 ------------

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:22 AM

Posted 28 April 2008 - 06:21 AM

Hello Maranello

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.

If you still need help, please post a new DSS.scan report to make sure nothing has changed. Please post only the main.txt report.


And I'll be happy to take a look at it for you.

Thanks, for your patience.

#3 Maranello

Maranello
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 12 May 2008 - 10:42 AM

Hello DASOS !

I just couldn`t wait that long so I formated disk and reinstelled OS !

Thanks for replying.

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:04:22 AM

Posted 12 May 2008 - 11:19 AM

Ok Maranello! Thanks and sorry.
:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users