a hidden program (virus) send hundred e-mail - Can you have any experience on something similar ?
Posted
by Aristos
on Super User
See other posts from Super User
or by Aristos
Published on 2010-04-15T07:41:22Z
Indexed on
2010/04/15
7:43 UTC
Read the original article
Hit count: 427
virus
|windows-xp
In one tablet computer yesterday I make the usually automatic updates from ms. This tablet have comodo firewall, and and old nod32.
After that I notice very soon, that something start sending hundred smtp e-mail the moment the tablet computer is connected to the internet.
Also the previous t time I have make updates, some 'virus' gets on the computer but I find very easy and stop it from run. I find using the autostart from sysinternals, and the process explorer. This virus has also break the automatic update from ms, and lost a lot of time to fix it.
This is my usually practice when some call me to delete a virus from xp, I use the process explorer and autostart to locate the program, and delete it from everywhere.
How ever the last one is so hard to locate.
0.I delete everything from temp directorys and search for suspicious files everywhere, run the nod32,
1.I use the TCPView to see witch program sending the smpt (I see hundred open smpt connections sending emails) but the SMTP was opened by the main service program.
2. I use the process monitor to locate whats happens but find again the main service that do the job.
3.I start delete many thinks on process explorer, but did not found the one that send the emails
4.I open many times the autorun but did not find there also something suspicion, I stop some thinks, but nothing happends.
5.From the last time that I suspect that this virus come to my computer and I partial remove it, he has broke my windows update, to fix it I lost a lot of time, searching on Internet for the error - it was just a register to a dll.
6.From what I suspect something is trigger after the ms update.
7.For the moment I block the email ports, and try to find a way to locate it.
I like to notice here that everything is genius - and I mean everything.
I believe that this virus pass from a page, or from an e-mail that this computer receive it in the past.
Any help or information are appreciate.
If you know anything similar, if you know how this virus send emails and how can I locate it, if you know any anti-virus anti-spyware program that maybe can find it.
If you know how a virus gets after the ms updates.
Million thanks.
© Super User or respective owner