Virus sending out emails

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Terrafish, Jul 21, 2009.

  1. Terrafish

    Terrafish Private E-2

    Hi all,

    I'm having some problems with malware on my Toshiba laptop (with Windows Vista).

    On Monday morning, the contacts in one of my hotmail email addresses let me know that they recieved emails from me that I had not sent. The subject was "don't miss this!" and the content contained a URL address (stikkso.com). The emails are still present in my sent folder, although I never sent them myself.

    My computer has been acting quite slow lately, with around 40-50% CPU usage but with no particular program showing to be using it. It was particularly slow on start up (with around 90% CPU usage) and AVG (my antivirus) appeared to be constantly using a lot of the CPU at start up. So I uninstalled AVG last weekend (it was also taking over 6 hours to do a scan which was unusual).

    There was maybe a day between uninstalling AVG and installing Avast! (antivirus that I'm trying out instead). Could this have been enough to let the virus in? I am very careful with my emails and never click on any links or emails that are suspcious. I can't imagine where I got the virus from, if this is indeed what's causing my email to send out unauthorised emails.

    I scanned my computer with Avast! with nothing detected. I also tried to scan with Ad-Aware but it kept telling me that it was being used by another user (which isn't true to my knowledge) and that there was no definition file.

    I then went through your "READ & RUN ME FIRST" malware removal guide and followed all the steps. There didn't seem to be anything in particular that was detected, that I could see. But I'm not terribly good with computers. Is there any way for me to know whether there was a virus or whether it has been removed? I have attached the log files to this post.

    If there is any advice or information anyone can give me, I would really appreciate it :). Thank you.
     

    Attached Files:

    Terrafish, Jul 21, 2009
    #1
  2. Terrafish

    Terrafish Private E-2

    Here is the log file from MGtools. I hope this is the right file.
     

    Attached Files:

    Terrafish, Jul 21, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean.

    Malware detected in email databases has to be cleaned up by you. You have a few choices:

    1. delete the whole file which is not an option you normally want to use
    2. load the email folder that contains the infection and delete ALL unnecessary emails (hoping to remove the problem email) and then use the Mailbox Cleanup option to delete all old emails. Then compact the Outlook database to permanently remove data. See http://support.microsoft.com/kb/196990 If you do not cleanup and compact the databases, the deleted emails may still be leaving hidden information in the database that you just cannot see but a scanner may still pickup on it.
    3. create a new folder and move only emails you really need into the new folder and then delete the infected folder.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Jul 24, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds