Virus, trojan, spyware...what have I got?

I've been notified that I have something on my computer which sends SPAM
e-mails without me realizing. I'd like to get rid of it and my ISP is
telling me to reformat my computer. This is something which I'd like to
avoid.

This is what I did so far,

1) Updated and ran AVG - no viruses found.
2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
3) Updated and ran Adaware - found lots of spyware and removed them.

I'm still convincedthat I have this SPAMware, because my network icon keeps
flashing shortly every second or so. When I check the network connections, I
see that I am sending (uploading) more than I'm receiving.

Any ideas of what I could use to find this and remove it? Running XP Pro
w/SP1 and all the updates installed.

PS I'm on an internal network, DSL, with the server running Norton Security
Suite - AV and firewall.

Thanks
Basilic

Basilic

In article <400dd3ca$1_2@aeinews.>, says...
> I've been notified that I have something on my computer which sends SPAM
> e-mails without me realizing. I'd like to get rid of it and my ISP is
> telling me to reformat my computer. This is something which I'd like to
> avoid.
>
> This is what I did so far,
>
> 1) Updated and ran AVG - no viruses found.
> 2) Ran an online virus checker - housecall.antivirus.com - no viruses found.
> 3) Updated and ran Adaware - found lots of spyware and removed them.
>
> I'm still convincedthat I have this SPAMware, because my network icon keeps
> flashing shortly every second or so. When I check the network connections, I
> see that I am sending (uploading) more than I'm receiving.
>
> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.
>
> PS I'm on an internal network, DSL, with the server running Norton Security
> Suite - AV and firewall.
>
> Thanks
> Basilic
>
>
>



There's a new worm out that could be causing it, perhaps your anti-virus
hasn't added it to the definitions yet?



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg wrote:


>
> There's a new worm out that could be causing it, perhaps your anti-virus
> hasn't added it to the definitions yet?
>
>
>
AVG is good, but sometimes slow on updating their definitions. I just
removed it as it kept locking up the system lately. I just installed
F-Prot which has the latest definitions including that latest little
gift out there. So far , I've been clear (although I should be with the
caution I exercise). Isn't there a online virus scanner site? I can't
for the life of me remember where it was. Might help him in a jam till
he can find something more suitable. (Just a thought...)

Basilic wrote:


> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.
>
> PS I'm on an internal network, DSL, with the server running Norton Security
> Suite - AV and firewall.

Here's a couple of ideas, although I'm sure others will also add their
ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
things that AdAware can pick up on) as well as AdAware. Also, AVG is
slow somtimes updating their definition files. Might want to consider
another. I am also DSL, have an internal network, however, I run F-Prot
for virus protection and no firewall. I'm using the DI-604 router in
complete stealth mode. I also have the preview pane turned off in my
mail reader. I check all incoming email via viewing message source
first. Add the F-Prot email protection, and I seem to be in a good
position. So far, I've deleted 10 messages that have come in infected
without ever opening the gaffers. I replied to the Col., as there is a
site that has an online virus scanner that is usually up to date. Might
help you in a pinch, but I can't remember the url for it. Hopefully
someone here can

"Basilic" <> wrote in message news:400dd3ca$1_2@aeinews....
> I've been notified that I have something on my computer which sends SPAM
> e-mails without me realizing. I'd like to get rid of it and my ISP is
> telling me to reformat my computer. This is something which I'd like to
> avoid.
>
> This is what I did so far,
>
> 1) Updated and ran AVG - no viruses found.
> 2) Ran an online virus checker - housecall.antivirus.com - no viruses
found.
> 3) Updated and ran Adaware - found lots of spyware and removed them.
>
> I'm still convincedthat I have this SPAMware, because my network icon
keeps
> flashing shortly every second or so. When I check the network connections,
I
> see that I am sending (uploading) more than I'm receiving.
>
> Any ideas of what I could use to find this and remove it? Running XP Pro
> w/SP1 and all the updates installed.

Hmm. Are you *positive* that the message was genuine?

While it's possible (if there is enough junk on there..) I would be *very*
surprised that an AUP team would tell you to /reformat/ a box. Smells like
the Irish Virus[1]

http://www.codecutters.org/spam/smtpheaders.html on how to check the headers
yourself (should come from their email server, probably 206.123.6.14 or
206.123.6.19).

netstat -a (typed into a Command Prompt window) lists current connections.
TCPview (IIRC from sysinternals.com) does this in real-time and gives you a
GUI to play with. Both should show any SMTP connections that are being
setup. Make sure that you're not running IE (or whatever, if you use
something else for email) at the time. You're looking for something on the
"smtp" port.

HTH

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

[1] "This is the Irish Virus. Please send this message to all your friends,
then reformat your drive. Tank you very much". As sent to me by a friend
from County Cork..

"Glenn Jarvis" <> wrote in message
news:7tmPb.15936$. ..
> Basilic wrote:
>
>
> > Any ideas of what I could use to find this and remove it? Running XP Pro
> > w/SP1 and all the updates installed.
> >
> > PS I'm on an internal network, DSL, with the server running Norton
Security
> > Suite - AV and firewall.
>
> Here's a couple of ideas, although I'm sure others will also add their
> ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
> things that AdAware can pick up on) as well as AdAware. Also, AVG is
> slow somtimes updating their definition files. Might want to consider
> another. I am also DSL, have an internal network, however, I run F-Prot
> for virus protection and no firewall. I'm using the DI-604 router in
> complete stealth mode. I also have the preview pane turned off in my
> mail reader. I check all incoming email via viewing message source
> first. Add the F-Prot email protection, and I seem to be in a good
> position. So far, I've deleted 10 messages that have come in infected
> without ever opening the gaffers. I replied to the Col., as there is a
> site that has an online virus scanner that is usually up to date. Might
> help you in a pinch, but I can't remember the url for it. Hopefully
> someone here can
>

Thanks for the info. I'll get Spybot to compliment Adaware.

I'm going to get ride of AVG as I found a copy of Norton. Norton is
installed at work and never had any trouble with viruses, ever. But I will
try F-Prot as well.

The online scanner can be found at www.housecall.antivirus.com , it's from
the makers of PC-cillin.

In article <400ebfc7_4@aeinews.>, says...
>
> "Glenn Jarvis" <> wrote in message
> news:7tmPb.15936$. ..
> > Basilic wrote:
> >
> >
> > > Any ideas of what I could use to find this and remove it? Running XP Pro
> > > w/SP1 and all the updates installed.
> > >
> > > PS I'm on an internal network, DSL, with the server running Norton
> Security
> > > Suite - AV and firewall.
> >
> > Here's a couple of ideas, although I'm sure others will also add their
> > ideas as well. AdAware can miss some stuff. I use SpyBot(it can miss
> > things that AdAware can pick up on) as well as AdAware. Also, AVG is
> > slow somtimes updating their definition files. Might want to consider
> > another. I am also DSL, have an internal network, however, I run F-Prot
> > for virus protection and no firewall. I'm using the DI-604 router in
> > complete stealth mode. I also have the preview pane turned off in my
> > mail reader. I check all incoming email via viewing message source
> > first. Add the F-Prot email protection, and I seem to be in a good
> > position. So far, I've deleted 10 messages that have come in infected
> > without ever opening the gaffers. I replied to the Col., as there is a
> > site that has an online virus scanner that is usually up to date. Might
> > help you in a pinch, but I can't remember the url for it. Hopefully
> > someone here can
> >
>
> Thanks for the info. I'll get Spybot to compliment Adaware.
>
> I'm going to get ride of AVG as I found a copy of Norton. Norton is
> installed at work and never had any trouble with viruses, ever. But I will
> try F-Prot as well.
>
> The online scanner can be found at www.housecall.antivirus.com , it's from
> the makers of PC-cillin.
>
>
>


I'd put my trust in AVG, F-Prot or F-Secure WAAAAY before I'd trust
Norton or McAfee.



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Glenn Jarvis wrote:
> Colonel Flagg wrote:
>
>
>>
>> There's a new worm out that could be causing it, perhaps your
>> anti-virus hasn't added it to the definitions yet?
>>
>>
>>
> AVG is good, but sometimes slow on updating their definitions. I just
> removed it as it kept locking up the system lately. I just installed
> F-Prot which has the latest definitions including that latest little
> gift out there. So far , I've been clear (although I should be with the
> caution I exercise). Isn't there a online virus scanner site? I can't
> for the life of me remember where it was. Might help him in a jam till
> he can find something more suitable. (Just a thought...)
>
http://housecall.trendmicro.com/

Really very good.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

"Ben Measures" <> wrote in message
news:CAKPb.990$...
> >
> http://housecall.trendmicro.com/
>
> Really very good.
>
> --
> Ben M.

I agree, the Trend Micro scan is good.

V.B.