Unsent Email Warning

weralacroix · Sep 23, 2006

I have McAfee virusscan and it it tells me repeatedly:

Potential Worm Activity Detected!

The last few e-mails contained similar subject or body content
The thing is I only send e-mails through yahoo, my e-mail client,incredimail,is not
configured and it cannot send e-mails.

E-mail Subject: Log File

I stop the e-mail and the warning turns up again, I allow it to send and
it comes up again.
It says it is sent to "Ardamax Keylogger" <mrevilmuhaha@gawab.com>,subject: Log file,
Isn't this suspicious?!

Now I see that it sais the e-mail could not be sent,probably that's why it comes up all the time.
I searched and found that ardamax keylogger is a surveillance tool, I never installed it!!!
And it sends the file to a stranger, so something is up!!

I scanned with McAfee and except some gamespyarcade and things, it found these:
msnmsgr.exe
runmsg.exe
sttr.exe
installer.006
installer.007
tmp~2.exe
xnet.exe

Any solutions?

This is the Hijack log file:

EDIT: removed inline log

weralacroix · Sep 23, 2006

Sorry I rushed!!
I just did a full Mcafee antispyware scan and it found the ardamax keylogger.
It was these two:
installer.006
installer.007

DavidGP · Sep 23, 2006

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat

CounterSpy - ONLY IF you were not able to run Windows Defender

Bitdefender - from step 6

Panda Scan - from step 6

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

weralacroix · Sep 23, 2006

No!!!!!!!!!!!!!!!
It is still there trying to send the e-mail!!
What should I do?

Shadow_Puter_Dude · Sep 24, 2006

Follow the directions posted by Halo and attach the logs when finished.

weralacroix · Sep 24, 2006

I did follow the directions up to the spybot search.
for now, it seems ok.
If it occurs again I will
continue and post the logs.

Log in or Sign up

Unsent Email Warning

weralacroix Private E-2

weralacroix Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

weralacroix Private E-2

Shadow_Puter_Dude MG Authorized Malware Fighter

weralacroix Private E-2