Number of issues..

[ByTeWrangler]

If its okay with you why dont you post your Hijack this log here. And also see how many program are at start-up. Also one more thing why dont you try defragmenting your hard drive ( I would recommend diskeeper. its an excellent software)

[Und3ertak3r]

As I understand it Netsky collects email addresses from infected machines address books and then it picks one address at random and pretends to be from that address. In nutshell, Netsky has infected a computer that had your address in its address book..

Utter and absolute BULLSHIT - netsky and many other Viruses Will scan documents in your computer looking for email addies. Any virus writter wirth his salt knows that there are richer pickings in the header information of a email than you would find in the best corporate address book.. in saying that I spot a virii yesterday that uses the Windows address book..would be the first one in a long time..

If you want info on viruses go to the people who come up with the cures.. the AV companies..

where do I go for info..

http://securityresponse.symantec.com/
is my first port of call..

for info on netsky: http://securityresponse.symantec.com...tsky.p@mm.html

But remember Netsky is not the only Virus that farms a PC for email addies, and is not the only one that uses the "Mail Delivery Error" method of delivery

If your recieving a lot of these messages it is very likely that a pc on the domain (I am assuming that the pc is member of a larger network) is infected.. the admin could look for unusual traffic from a machine on Port 25.

As for your machine.. Follow through on the information given above.. to be certain that it is clean (prolly full of parasite crap - that is Adware -spyware)

Cheers

[BigZero]

As requested by ByteWrangler, Hijackthis log is as follow:

Logfile of HijackThis v1.98.2
Scan saved at 10:57:24 AM, on 1/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
d:\oracle\oracle9i\bin\ORACLE.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Security\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.zdnetindia.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A3ABD6-64ED-4605-B55F-FDC9F8B798E5}: NameServer = 202.144.115.4,202.144.66.6

ByteWrangler:

Honestly, I can't do defragmentation at this stage. As I have to finish lots of assignment of this sem module and have to prepare for the exam which is drawing near.. Sorry !

Und3ertak3r:

What do you think about Symantec support? Had you ever get a chance to call them and ask for support ? If not then go and ask for help, you'll change your opinion on the same day.

©opy®ight:

I had follow your suggestions and found that hardly some seconds(30-40) difference in booting when disabled norton at bootup. As stated earlier, being a kid and developer, I have plenty of application of my win2k box wiz..MS SQL Server 2000, Oracle 10g, Apache, J2SDK 1.3, Visual Studio dot net and what not... but none of them are booting at startup. I'll run thw application as and when needed.


With Thanks!
BigZero

[ByTeWrangler]

Greeting's:
The first line of your Hijackthis log shows that your version is old. you may want to download the newer version from : http://www.hijackthis.de/downloads/hijackthis_199.zip.

besides that i see no malware entries in the log. have you done an online scan in last few days also have you installed a firewall ?

[BigZero]

ByteWrangler,

There is hardly a difference between the newer version and 1.98.2.

Yes, I have done online scan in last few days. You might be wondering as you couldn't see any O16 DPF entries in the log. It's because I had remove all the O16 entries from the log when did the HJT scan last to last time.

As of now there is no firewall on my machine.

With Thanks !
BigZero