My computer is sending out email viruses?

[ppreheim]

I work at a high school teaching basic computer applications. Our schools computer tech (who I do not trust) came to me and informed me that this computer was sending out viruses through email even though email had never been set up on it. I have done all the steps in the "do this first thread". There were 5 hits in the panda scan that I will post along with the HJT. If I trusted the teach I would have him fix it but that would mean the computer would be out of my hands for about 6 months. With 36 kids a class and only 32 computers it is vital I get this one back online as soon as possible. Please help!

[ppreheim]

Sorry, the HJT log below was made whilein safe mode. The one attached to this message was made after a normal boot.

[chaslang]

You HJT log appears to be from safe mode. We require normal boot mode logs.

Did you run BitDefender? Did you save the log to attach it?

Observations:
1) You antivirus program does not seem to be installed properly. Components that I would expect to see auto loading at run time do not exist. I only see two service entries for McAfee. Is it an old version? Something seems to be missing.

2) You do not appear to have a firewall installed. This is not a good idea.

You log show no major problems other than above but a normal boot mode log may show otherwise.

You can delete the one file Panda found below:

C:\Documents and Settings\student\Local Settings\Temporary Internet Files\Content.IE5\43TVQ2ZP\mysearch_default_hplogo2[1].gif

[chaslang]

Okay! In normal boot mode, more of the normal processes from McAfee seem to be running okay. So that application is probably fine.

I see no signs of any malware. We could did a little deeper (and look for a rootkit) but are you sure that students are not sending stuff out using this PC. How is the computer tech observing that this PC is emailing viruses? Is he looking at logs somewhere like in a hardware firewall or similar? Or is someone getting the email with viruses attached?

[ppreheim]

I deleted everything from the temporary internet files per the panda find.

Over the summer my lab was used by another teacher who did not monitor the students while they used/played with these computers. I have many with malware/spyware that I am getting to. I am positive they used their online email accounts to send/receive. The outlook express and the explorer email have never been set up however. The tech said he traced the senders ip address to this computers ip. I do not trust him but I took the computer offline when he told me this and am trying to get it cleaned. He did not inform me how the email was sent other than it was infecting other computers on the network (huge school district).

Digging a little deeper is entirely up to you. Thanks for everything so far.

[chaslang]

Well IP addresses can be spoofed (faked) too.

Please follow the below steps...

1. Please download and unzip Rootkit Revealer to your desktop.
2. Please leave the defaults set as they are to:
   • Hide NTFS Metadata Files: this option is on by default
   • Scan Registry: this option is on by default.
3. Launch rootkit revealer on the system and press the Scan button.
4. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
5. The log can be very large please edit out the items in the following folders in the log : C:\System Volume Information, if in the log, before posting it.
6. Please attach the the log here in this thread to your next post.

[ppreheim]

I ran the program but I must have done something wrong. I attached the log but it was very short. I ran the program a 2nd time and it found nothing.

I am also experiencing an error on boot on occasion. Will write that down next time I see it. Some Web program is experiencing an error.

Let me know what I did wrong so I can fix it and do it right.

[ppreheim]

The error I get upon boot is a problem with WebscanX. Microsoft says it is a problem with Mcafee.

[chaslang]

Quote:

Originally Posted by ppreheim

The error I get upon boot is a problem with WebscanX. Microsoft says it is a problem with Mcafee.

Remember earlier I did say:

Quote:

Observations:
1) You antivirus program does not seem to be installed properly. Components that I would expect to see auto loading at run time do not exist. I only see two service entries for McAfee. Is it an old version? Something seems to be missing.

WebscanX is part of McAfee. It handles the security scan for web related applications such as e-mails, file-downloads, and web applets ( Java/ActiveX ). So perhaps my first observation was correct and you are missing some required component from McAfee. You may need to uninstall McAfee, reboot, then reinstall and then re-update.

No root kits were found.

[ppreheim]

Quote:

Originally Posted by chaslang

No root kits were found.

Is that a good thing? I am hoping it is, lol.


I really can't stand McAfee as its really hard to update and I am much more familiar with Avast. Too bad Avast is only free for home use. Any suggestions on a free antivirus application for business/school use?

[chaslang]

Quote:

Originally Posted by ppreheim

Is that a good thing? I am hoping it is, lol.

Yes it was a good thing.

Quote:

Originally Posted by ppreheim

I really can't stand McAfee as its really hard to update and I am much more familiar with Avast. Too bad Avast is only free for home use. Any suggestions on a free antivirus application for business/school use?

There are not too many of them around and they may not give you full coverage (like scanning emails, files etc).

The only one I know of here on MGs is ClamAV I don't know anything about it.

[ppreheim]

Thanks for everything!!!!!!

[chaslang]

You're welcome!