Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

services.exe is sending spam mails

Started by thomasjohansen , Aug 31 2010 03:17 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 thomasjohansen

thomasjohansen

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:02:33 AM

Posted 31 August 2010 - 03:17 AM

Hi, need help in identifying and removing the program causing one of my users pc sending spam mails.

The program "What's running" shows that services.exe is constantly sending mails. I cant identifying it closer to find the source.
I have scanned with Trend micro.
I have tried booting up on a "bitdefender rescue disk" to check for rootkits but dont completes the boot.



**************SOLVED**********************
It was these files which made the problems, found it with GMER.

It was obvious, since the files was "new" all the time.



2010-08-19 14:28:43 759808 ----a-w- c:\windows\system32\drivers\ueqxsvl.sys
2010-08-19 14:25:51 142 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-08-31 07:24:06 585504 ----a-w- c:\windows\system32\drivers\aec.sys

Edited by thomasjohansen, 31 August 2010 - 05:08 AM.

BC AdBot (Login to Remove)

 

#2 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
    •  
  • Gender:Female
  • Local time:08:33 PM

Posted 31 August 2010 - 10:06 PM

Since your issue seems to be solved I will now close this topic. Thank you for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,

Pandy~
Forum Moderator

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·