Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Symantec Email Proxy

  • Please log in to reply
1 reply to this topic

#1 bumphuk


  • Members
  • 1 posts
  • Local time:12:26 AM

Posted 13 April 2007 - 09:14 PM


I have been infected by a virus in the last few days which I have hopefully appeared to resolve. I'm not here to request help with this (just yet), I just wanted to share my solution, since it's taken me around 20 hours to rid my system of this f***er, I wouldn't wish this on anyone else. Having searched the web with the name of this virus and it's stealth alias I found little info, so I'm guessing this may be a new strain.

The symptoms of this virus have bee described elsewhere on this forum and on the web - The virus manifests when multiple "Symantec Email Proxy" messages emerge from your system tray. The messages, usually headed with some guff about losing weight, are systematically sent to an alphabetical list of email addresses, in my case, all in the Yahoo.com domain. NIS tells you it is blocking large batches of messages from being sent from your computer although you may not using an email client or web browser.

I'm running Norton Internet Security, fully patched. Norton Antivirus does not detect this. Anyway, after trying many possible solutions given in numerous forums, I ran AntiVir and it detected a virus immediately after logon.

The name of the virus was given as TR/Proxy.Agent.KJ.35.

The virus runs in your process list under the name winlogon.exe, so if you've observed your process list to establish the cause, it will be impossible to detect. (Obviously, don't go into your Windows system folders and delete this file as it is necessary for your system to run.)

I hope this is helpful to anyone who encounters this evil bleep.

BC AdBot (Login to Remove)


#2 Rahina


    Security Helper

  • Members
  • 681 posts
  • Gender:Male
  • Location:Finland
  • Local time:09:26 AM

Posted 14 April 2007 - 03:08 AM

Hello Bumphuk! Welcome to the forums! My name is Rahina Rescue and i will be helping you with your malware issues.

Download HijackThis 1.99.1 from the following download location Here
When you are ready, please post a fresh Hijackthis logfile in your next reply to this thread.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users