Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Virus, trojan, spyware...what have I got?

Reply
Thread Tools

Virus, trojan, spyware...what have I got?

 
 
Basilic
Guest
Posts: n/a
 
      01-21-2004
I've been notified that I have something on my computer which sends SPAM
e-mails without me realizing. I'd like to get rid of it and my ISP is
telling me to reformat my computer. This is something which I'd like to
avoid.

This is what I did so far,

1) Updated and ran AVG - no viruses found.
2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
3) Updated and ran Adaware - found lots of spyware and removed them.

I'm still convincedthat I have this SPAMware, because my network icon keeps
flashing shortly every second or so. When I check the network connections, I
see that I am sending (uploading) more than I'm receiving.

Any ideas of what I could use to find this and remove it? Running XP Pro
w/SP1 and all the updates installed.

PS I'm on an internal network, DSL, with the server running Norton Security
Suite - AV and firewall.

Thanks
Basilic


 
Reply With Quote
 
 
 
 
Colonel Flagg
Guest
Posts: n/a
 
      01-21-2004
In article <400dd3ca$1_2@aeinews.>, http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I've been notified that I have something on my computer which sends SPAM
> e-mails without me realizing. I'd like to get rid of it and my ISP is
> telling me to reformat my computer. This is something which I'd like to
> avoid.
>
> This is what I did so far,
>
> 1) Updated and ran AVG - no viruses found.
> 2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
> 3) Updated and ran Adaware - found lots of spyware and removed them.
>
> I'm still convincedthat I have this SPAMware, because my network icon keeps
> flashing shortly every second or so. When I check the network connections, I
> see that I am sending (uploading) more than I'm receiving.
>
> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.
>
> PS I'm on an internal network, DSL, with the server running Norton Security
> Suite - AV and firewall.
>
> Thanks
> Basilic
>
>
>




There's a new worm out that could be causing it, perhaps your anti-virus
hasn't added it to the definitions yet?



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
 
 
 
Glenn Jarvis
Guest
Posts: n/a
 
      01-21-2004
Colonel Flagg wrote:


>
> There's a new worm out that could be causing it, perhaps your anti-virus
> hasn't added it to the definitions yet?
>
>
>

AVG is good, but sometimes slow on updating their definitions. I just
removed it as it kept locking up the system lately. I just installed
F-Prot which has the latest definitions including that latest little
gift out there. So far , I've been clear (although I should be with the
caution I exercise). Isn't there a online virus scanner site? I can't
for the life of me remember where it was. Might help him in a jam till
he can find something more suitable. (Just a thought...)

 
Reply With Quote
 
Glenn Jarvis
Guest
Posts: n/a
 
      01-21-2004
Basilic wrote:


> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.
>
> PS I'm on an internal network, DSL, with the server running Norton Security
> Suite - AV and firewall.


Here's a couple of ideas, although I'm sure others will also add their
ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
things that AdAware can pick up on) as well as AdAware. Also, AVG is
slow somtimes updating their definition files. Might want to consider
another. I am also DSL, have an internal network, however, I run F-Prot
for virus protection and no firewall. I'm using the DI-604 router in
complete stealth mode. I also have the preview pane turned off in my
mail reader. I check all incoming email via viewing message source
first. Add the F-Prot email protection, and I seem to be in a good
position. So far, I've deleted 10 messages that have come in infected
without ever opening the gaffers. I replied to the Col., as there is a
site that has an online virus scanner that is usually up to date. Might
help you in a pinch, but I can't remember the url for it. Hopefully
someone here can

 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      01-21-2004
"Basilic" <(E-Mail Removed)> wrote in message news:400dd3ca$1_2@aeinews....
> I've been notified that I have something on my computer which sends SPAM
> e-mails without me realizing. I'd like to get rid of it and my ISP is
> telling me to reformat my computer. This is something which I'd like to
> avoid.
>
> This is what I did so far,
>
> 1) Updated and ran AVG - no viruses found.
> 2) Ran an online virus checker - housecall.antivirus.com - no viruses

found.
> 3) Updated and ran Adaware - found lots of spyware and removed them.
>
> I'm still convincedthat I have this SPAMware, because my network icon

keeps
> flashing shortly every second or so. When I check the network connections,

I
> see that I am sending (uploading) more than I'm receiving.
>
> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.


Hmm. Are you *positive* that the message was genuine?

While it's possible (if there is enough junk on there..) I would be *very*
surprised that an AUP team would tell you to /reformat/ a box. Smells like
the Irish Virus[1]

http://www.codecutters.org/spam/smtpheaders.html on how to check the headers
yourself (should come from their email server, probably 206.123.6.14 or
206.123.6.19).

netstat -a (typed into a Command Prompt window) lists current connections.
TCPview (IIRC from sysinternals.com) does this in real-time and gives you a
GUI to play with. Both should show any SMTP connections that are being
setup. Make sure that you're not running IE (or whatever, if you use
something else for email) at the time. You're looking for something on the
"smtp" port.

HTH

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

[1] "This is the Irish Virus. Please send this message to all your friends,
then reformat your drive. Tank you very much". As sent to me by a friend
from County Cork..


 
Reply With Quote
 
Basilic
Guest
Posts: n/a
 
      01-21-2004

"Glenn Jarvis" <(E-Mail Removed)> wrote in message
news:7tmPb.15936$(E-Mail Removed). ..
> Basilic wrote:
>
>
> > Any ideas of what I could use to find this and remove it? Running XP Pro
> > w/SP1 and all the updates installed.
> >
> > PS I'm on an internal network, DSL, with the server running Norton

Security
> > Suite - AV and firewall.

>
> Here's a couple of ideas, although I'm sure others will also add their
> ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
> things that AdAware can pick up on) as well as AdAware. Also, AVG is
> slow somtimes updating their definition files. Might want to consider
> another. I am also DSL, have an internal network, however, I run F-Prot
> for virus protection and no firewall. I'm using the DI-604 router in
> complete stealth mode. I also have the preview pane turned off in my
> mail reader. I check all incoming email via viewing message source
> first. Add the F-Prot email protection, and I seem to be in a good
> position. So far, I've deleted 10 messages that have come in infected
> without ever opening the gaffers. I replied to the Col., as there is a
> site that has an online virus scanner that is usually up to date. Might
> help you in a pinch, but I can't remember the url for it. Hopefully
> someone here can
>


Thanks for the info. I'll get Spybot to compliment Adaware.

I'm going to get ride of AVG as I found a copy of Norton. Norton is
installed at work and never had any trouble with viruses, ever. But I will
try F-Prot as well.

The online scanner can be found at www.housecall.antivirus.com , it's from
the makers of PC-cillin.


 
Reply With Quote
 
Colonel Flagg
Guest
Posts: n/a
 
      01-21-2004
In article <400ebfc7_4@aeinews.>, (E-Mail Removed) says...
>
> "Glenn Jarvis" <(E-Mail Removed)> wrote in message
> news:7tmPb.15936$(E-Mail Removed). ..
> > Basilic wrote:
> >
> >
> > > Any ideas of what I could use to find this and remove it? Running XP Pro
> > > w/SP1 and all the updates installed.
> > >
> > > PS I'm on an internal network, DSL, with the server running Norton

> Security
> > > Suite - AV and firewall.

> >
> > Here's a couple of ideas, although I'm sure others will also add their
> > ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
> > things that AdAware can pick up on) as well as AdAware. Also, AVG is
> > slow somtimes updating their definition files. Might want to consider
> > another. I am also DSL, have an internal network, however, I run F-Prot
> > for virus protection and no firewall. I'm using the DI-604 router in
> > complete stealth mode. I also have the preview pane turned off in my
> > mail reader. I check all incoming email via viewing message source
> > first. Add the F-Prot email protection, and I seem to be in a good
> > position. So far, I've deleted 10 messages that have come in infected
> > without ever opening the gaffers. I replied to the Col., as there is a
> > site that has an online virus scanner that is usually up to date. Might
> > help you in a pinch, but I can't remember the url for it. Hopefully
> > someone here can
> >

>
> Thanks for the info. I'll get Spybot to compliment Adaware.
>
> I'm going to get ride of AVG as I found a copy of Norton. Norton is
> installed at work and never had any trouble with viruses, ever. But I will
> try F-Prot as well.
>
> The online scanner can be found at www.housecall.antivirus.com , it's from
> the makers of PC-cillin.
>
>
>



I'd put my trust in AVG, F-Prot or F-Secure WAAAAY before I'd trust
Norton or McAfee.



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
Ben Measures
Guest
Posts: n/a
 
      01-22-2004
Glenn Jarvis wrote:
> Colonel Flagg wrote:
>
>
>>
>> There's a new worm out that could be causing it, perhaps your
>> anti-virus hasn't added it to the definitions yet?
>>
>>
>>

> AVG is good, but sometimes slow on updating their definitions. I just
> removed it as it kept locking up the system lately. I just installed
> F-Prot which has the latest definitions including that latest little
> gift out there. So far , I've been clear (although I should be with the
> caution I exercise). Isn't there a online virus scanner site? I can't
> for the life of me remember where it was. Might help him in a jam till
> he can find something more suitable. (Just a thought...)
>

http://housecall.trendmicro.com/

Really very good.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

 
Reply With Quote
 
vb
Guest
Posts: n/a
 
      01-22-2004

"Ben Measures" <(E-Mail Removed)> wrote in message
news:CAKPb.990$(E-Mail Removed)...
> >

> http://housecall.trendmicro.com/
>
> Really very good.
>
> --
> Ben M.


I agree, the Trend Micro scan is good.

V.B.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I have to have the WEP # set for file sharing? =?Utf-8?B?SGVscCBtZSBJIGNhbicndCBzaGFyZSE=?= Wireless Networking 3 11-01-2005 05:37 AM
have you got any of these i can have spike240 Case Modding 4 09-14-2005 03:48 AM
do i have to have.... =?Utf-8?B?amFrZQ==?= Wireless Networking 1 03-11-2005 06:05 PM
do I have to have a windows OS to start a New pc when the mwssage no ntldr foun darinsray Microsoft Certification 3 04-28-2004 06:50 AM
do I have to have a windows OS to start a New pc when the mwssage no ntldr foun darinsray Microsoft Certification 0 04-24-2004 06:15 AM



Advertisments