Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: noob problem

  1. #1

    noob problem

    My computer at home keeps sending out the same (i think) emails to the same people periodically. It did it today, on the 10th, etc.
    I am not manually sending them. Does anyone have any suggestions? I followed the chinese email thread here. It was about the kletz virus which does not sound like the ones my system is sending out. i don't think as i do not see any attachments on the outgoing messages.
    any help is appreciated.
    Len

    edit: i did some digging on the site and think i will try some of the suggestions i found. i will be back to update.

  2. #2
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    i don't think as i do not see any attachments on the outgoing messages.
    Might want to scan your computer for viruses just in case.
    http://housecall.trendmicro.com/

    Do a netstat - turn off all programs using the internet first (games/instant messaging/web browser). Then set your firewall to block all suspicious IP address (except for localhost/127.0.0.1)

    You might want to check out a program called "FPort" - it shows all the programs that are using the internet and what port they are going through. Its a very effective weapon against trojan horses.

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    Alot of virus's nowaday's spoof the senders address. If your computer is not infected, but people are still getting messages that you didn't send, this maybe whats happening. Someone else, with your email address in their address book, gets infected with the virus. The virus then takes your address, and tries to send to everyone that this address book contains. If it hits a mail relay that auto responds, it replies back to the "sender." Which in this case would get back to you. Anyhoo I hope that helps a little.

    As for online virus scanners, check out this thread.

    http://www.antionline.com/showthread...hreadid=243291

  4. #4
    Reload it and do everyone a favor.

  5. #5
    You said it was sending them periodically - try leaving your computer off for a day and see if they still get them. This way you can eliminate your PC (or a faked email, pretending to be you - depends how it turns out)
    \"Death is more universal than life; everyone dies but not everyone lives.\"
    A. Sachs

  6. #6
    Excellent suggestions. I have already done most of them. So it lends me to the conclusion that I am not a complete idiot (i am missing a few parts).
    Housecall - only found one virus - worm_cult.b I have tried getting rid of that little SOB before and it keeps popping back up.
    I will look into FPort.
    I have left my computer off for days at a time. Problem is the periodic nature of the issue is random (or seems to be).
    Also, I caught my computer sending the messages yesterday. I was reading an email when I looked down at the status bar and lo and behold - "sending message 6...."was the message on the status bar. So it would appear that the emails are coming from my computer.
    I also checked out the Kletz issue, to be safe. Nothing.
    I have also run bitdefender. Nothing scanned. A couple of the emails were originally sent over a year ago.
    Any more suggestions, plz let me know.
    Len

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    cult.b information - http://www.avp.ch/avpve/worms/email/cultb.stm

    Scan your computer again, then write down the infected file on a piece of paper. Then turn off system restore( go here if you dont know how), then go into safe mode (go here if you dont know how). Then delete the infected file, and scan again. If the infected file is a system file or a file that your computer needs to operate correctly, then dont delete it and scan your computer.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    well, according to symantec here, http://securityresponse.symantec.com...cult.b@mm.html , this virus uses its own SMTP engine, so if you caught your mail client sending something out you probably have something else, first things first, get rid of the virus you have. Turn off system restore so it doesn't come back... here are removal instructions, i couldn't find a tool for you sorry

    http://securityresponse.symantec.com...a.html#removal

    Anyhoo did you try the online virus scanners? If you suspect another virus hit it with two or three and see what comes up.

  9. #9
    i am using win98se. I don't have a restore. I will check to make sure it finally got rid of cult.b
    thanks for the "removal instructions" but the link was actually a "removal" definition. but thanks anyway.
    i have run bitdefender and housecall. cult.b was the only one found.
    Would this virus be the cause of me little email recurrance?
    Len

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    Gah! Sorry about that, the first link actually has removal instructions. Right now the virus theory is what we have to go on, so lets try to go with that theory first off. Its possible it could be a piece of spyware or something, but i'm unfamiliar with these mailing messages, as that sounds more like a virus to me.

    If you go to the run command, type regedit. I HIGHLY recommend backing up the registry before making changes, to do this, go to export, name it backup.reg or something like that, and save it. From there, simply follow these steps. (from symantec earlier link)

    Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    Then click OK. (The Registry Editor opens.)

    Navigate to the key:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    In the right pane, delete the value:

    NvCpTdaemon wuauqmr.exe

    Navigate to, and then delete the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WDXDriver

    Navigate to the key:

    HKEY_CURRENT_USER\SOFTWARE\KAZAA\LocalContent

    In the right pane, delete the value:

    Dir0 012345:%System%\jdfghtrg\
    Exit the Registry Editor.

    Once you get this taken care of, I recommend you update your anti virus definitions. You didn't mention any local AV earlier, so let me step in and recommend a free AV. www.grisoft.com, is the link to get AVG, a pretty nifty free AV. If you still have problems after that, message back and I'll do what I can to help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •