|
|
09-03-2008, 07:57 AM
|
#1 |
|
Guest
Posts: n/a
|
HELP ! My PC has been compromised !!
Last nite my PC behaves normally, but this morning, it took over 1
hour to boot up the XP. Now, in the tasking tray, I see tons and tons of messages are being sent out ! I have not configure this PC to send out emails. I use webmails. But now my PC is sending out tons and tons of emails !! The symantec norton antivirus is doing the "Symantec Email Scan" on those emails and the emails are jamming up the system. What can I do ???? What software should I use to remove this security breach ???? Please help !!!! Thank you !! |
|
|
09-03-2008, 07:57 AM
|
#3 |
|
Guest
Posts: n/a
|
Re: HELP ! My PC has been compromised !!
Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_R...:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/...moving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, http://aumha.net/viewforum.php?f=30, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. penang@freemail.c3.hu wrote: > Last nite my PC behaves normally, but this morning, it took over 1 > hour to boot up the XP. > > Now, in the tasking tray, I see tons and tons of messages are being > sent out ! > > I have not configure this PC to send out emails. I use webmails. But > now my PC is sending out tons and tons of emails !! > > The symantec norton antivirus is doing the "Symantec Email Scan" on > those emails and the emails are jamming up the system. > > What can I do ???? > > What software should I use to remove this security breach ???? > > Please help !!!! > > Thank you !! |
|
|
|
09-03-2008, 09:06 AM
|
#5 |
|
Guest
Posts: n/a
|
Re: HELP ! My PC has been compromised !!
<penang@freemail.c3.hu> wrote in message
news:284d05e7-7d2a-425d-87fe-4279d9af68c8@e6g2000prf.googlegroups.com... > Last nite my PC behaves normally, but this morning, it took over 1 > hour to boot up the XP. > > Now, in the tasking tray, I see tons and tons of messages are being > sent out ! > > I have not configure this PC to send out emails. I use webmails. But > now my PC is sending out tons and tons of emails !! > > The symantec norton antivirus is doing the "Symantec Email Scan" on > those emails and the emails are jamming up the system. > > What can I do ???? > > What software should I use to remove this security breach ???? > > Please help !!!! > > Thank you !! The very first thing you should do is to disconnect the PC from any network connection or telephone line, so that it cannot send anything. Then, you can start scanning and manually searching for files that shouldn't be running or in existence. Process Explorer and Hijack This are good starting points. Look for .exe and .dll files that have apparently random names. If you delete them and new ones come back, there is another file that is creating them you've missed. Often these files are hidden away, so doing searches for hidden and system files can often identify malware. Go to a command prompt, and from the root directory use the dir command with the /a:h and /a:s switches to show system and hidden files, and the /S switch to search all subdirectories. At the end of the command, use the redirect to file to get a file you can actually read: dir /ah /S >>list.txt Clear *all* the temp folders and content.ie5 folders. This is a prime location and entry point for malware. Look in the System32 folder for files that shouldn't be there. You can attach that drive to another well-protected system and scan it as a hosted drive. Trying to gain control of an actively infected drive can be difficult, but hosting it makes the process a lot easier since the infections can't launch at boot. Because you don't boot from it, there is very limited opportunity for infection to spread to the host system. You might try using the Trend Micro Housecall online scanner; since its files are online they are much harder to compromise. HTH -pk |
|
|
|
04-04-2008, 03:50 PM
|
#6 |
|
Guest
Posts: n/a
|
Re: HELP ! My PC has been compromised !!
Ok, you are victim of a internet worm, that seem to spread by mail.
a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like "explroer.exe". best would be making a hijackthis log and sending it to some people, known to handle them (or here). |
|
|
|
04-04-2008, 05:50 PM
|
#7 |
|
Guest
Posts: n/a
|
Re: HELP ! My PC has been compromised !!
"Delta" <bla@bla.net> wrote in message
news:93B6E4D1-7E61-4E53-A4C3-6EC502809B7D@microsoft.com... > Ok, you are victim of a internet worm, that seem to spread by mail. > a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names > like "explroer.exe". > best would be making a hijackthis log and sending it to some people, known > to handle them (or here). > I assume that Delta meant "(NOT here)" from a old post by Frank Saunders: *************************************** First eliminate any scumware. See Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines http://mvps.org/winhelp2002/unwanted.htm especially http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch Note that AdAware and SpyBot S & D will each catch some things the other won't. Also, each needs to be updated with the program's update function before every use, even when just downloaded. There's also a lot more to do than just those two programs. CWShredder is also available here: http://www.kellys-korner-xp.com/regs...cwshredder.zip **Post your HijackThis log to http://forums.spywareinfo.com/ or the Spyware forum at http://forum.aumha.org/ for expert analysis, not here.** Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder may be found on this page: http://aumha.org/a/parasite.htm. If nothing there helps, please post back to this thread. ******************************************** -- HTH Sandy |
|
|
|
04-04-2008, 05:50 PM
|
#8 |
|
Guest
Posts: n/a
|
Re: HELP ! My PC has been compromised !!
From: "Delta" <bla@bla.net>
| Ok, you are victim of a internet worm, that seem to spread by mail. | a) kill all suspicious processes like "rcgvejmrg.exe" OR MISTYPED names like | "explroer.exe". | best would be making a hijackthis log and sending it to some people, known | to handle them (or here). No HJT logs posted in any Microsoft news group or posted to Usenet at large. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
