//flex table opened by JP
PDA

Click to See Complete Forum and Search --> : Spam Server

dajogejr
01-12-2006, 03:04 PM
Boys and Girls, I'm drawing a blank...help a brother out.

I have a W2K PC. The user downloaded an Active X he believes...turned this thing into a spam server. We use Corp 10.0...and it kept scanning outgoing...literally 100 messages a minute.

Tried:
SoBig removal tool, Nothing found
Netsky removal tool, nothing found

Ewido scanner, found 25 run 1, found 11 run two, deleted.
MS Anti Spy, found 12, deleted all.
CWS Shredder
NAV10.0 updated, scanned. Nothing.

It was too painful to stay online long enough to run a trend micro, panda and/or a kaspersky online scan. The screen filled literally with a dozen "scanning outgoing email messages" by SAV at a time.
Oh...ran the latest stinger by McAff...and hijack this as well.

What virus/trojan turns you into a spam server?

I'm 10 minutes away from a reload...I've saved his files he needs, and scanned them for infection, clean....

I'm drawing a blank here...
Midknyte
01-12-2006, 03:22 PM
normally, i would disconnect from the network and boot to safe mode first.

did you check the task manager processes? try autoruns and process explorer
http://www.sysinternals.com/ProcessesAndThreadsUtilities.html

did you try Antivir? it might also be a rootkit. try rootkit revealer or blacklight
Antivirus/Antispy (http://www.sysopt.com/forum/showthread.php?s=&threadid=161595)
dajogejr
01-12-2006, 03:31 PM
Honestly...MK...I worked on this thing for about 3-5 hours, off and on.
I got the user's data, and am formatting and installing windows now...

I'll give those a whirl next time around.
I thought there was a specific virus that did this, and I figured there was a removal tool.

Even in safe mode (with networking) it still shot off the 'mail....
Midknyte
01-12-2006, 03:36 PM
I physically disconnect the lan cable, then I transfer utilities from my flash drive or even a cd.

it would be handy to have a BartPE cd around. UBCD4Win gives you a good headstart. There is a plugin for Antivir on there.
http://ubcd4win.com/index.htm
dajogejr
01-12-2006, 03:38 PM
Thanks for the heads up... I have a Winternals ERD CD, but...it's for XP. Also, I left my knoppix CD at home. It's BartPE time for me, looks like...thanks!