outgoing mail 'youre wife wants it bigger?!'

[gvoo]

Hey people, sorry if this is a rubbish question but I'm not a techie really. My PC recently became infected with loads of trojans/worms etc, some of which are real SOB to get rid of. I think my friend was downloading stuff off soulseek, and I forgot to reinstall avast when I upgraded. Any, I'm still doing battle with SDbot.worm and other goodies that avast isn't reconising (it's sayin my pc is clean now), so I'm now going through other 14 day free trial software like counter spy etc and mcfee's stinger programme.
As I'm trying to do this I keep getting a virus warning from avast saying 'Suspicious Message!'
and

There are too many identical e-mails in appointed time


Sender:  "Mark A. Conley" <markaconleyox@blueyonder.co.uk>
Recipient:  andrews@harpo.com
Subject:  Is it big enough?


I click 'dont send' when this comes up but I have no idea what they're going on about? When I check the resident scanner on internet mail it seems to be continually scanning outgoing spam emails about dicks and viagra? Outgoing from who? I don't know who they're being sent from or to? Could someone tell me whats going on? Thanks, people! 

[gvoo]

okay, I've been reading up on all the other replies that people have put up on exatly the same problem and I've run through their solutions.

So to clarify:

I already have spybot, adaware, the 15day free trial of counter spy and avast installed. I also have spyware blaster installed but my pc obviously isnt clean so I dont know whether I should uninstall this. Avast takes a day to run a scan and says its clean. I've just ran counter spy and removed two adawares and now says its clean. Adaware says it's clean. I've just run the mcfee stinger and it reckons its removed the sdbot.worm virus. I run spy bot and ever time I run it I keep getting a 'LSA' virus on spybot which I remove but when I startup its there again. I'm on windows 2000 and I haven't got any other secuity measure apart from avast. I'm too poor to pay for anything. When I try to run hijack this something flashes up very quickly then disappears! go figure? Help! :-)

[essexboy]

Sounds like you are a zombie (in the sense that you have a spam bot) I would suggest a safe mode scan with ewido (free) followed by a boot scan with avast. Do you have a firewall? if not I suggest you get one fast ZAfree initially 'cos it is easy to set up.
LINKS Ewidohttp://www.ewido.net/en/
           ZA Free http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

[gvoo]

thank you essex boy, I am trying to sort my pc out!! I know this sound stoopid, but how do you run a boot time startup on both of these?

[essexboy]

OK crossed replies.  The lssas you will continue to get until you get a firewall, although Avast should stop this, do you have the network shield enabled? Spywareblaster needs to be installed on a clean machine so when you are clear rinstall it.  24 hours is a long time for an AVAST scan how big is your drive?

[gvoo]

Thanks, I have everything on avast installed on high. When I first installed avast is told me I had resident memory virusus and automatically started a boot scan. I'll try the other options. should I uninstall spyware blaster?

[essexboy]

Still crossed OK.  Restart your system and press the F8 key when it starts rebooting you should then get an option to boot in safe mode, Select safe mode without network.  Once you are in run Ewido (you may have to search in programme files for it) Once that has completed then start Avast interface select the menu and select boot scan, your system will reboot and scan.  But first ensure Ewido and Avast are updated before you commence

[essexboy]

No keep spware blaster until you are clean then uninstal and reinstall

[gvoo]

oh, and I have 160gb or 200gb harddrive, mostley filled with MP3s and other such poo! :-)

[essexboy]

OK so when you scan uncheck the scan archive section and if you are happy with your mp3's safety then you can exclude them from the scan

[gvoo]

thank you essex boy!  I have to go out now but shall try everything you say when I get back! Can I contact you to tell you how its going/more support if I'm failing miserably?

[essexboy]

Certainly either post back to this thread or PM me Oh and welcome to avast

[gvoo]

Thank you, I'll do all your suggestions and let you know how i get on when i get back xx

[gvoo]

hey there essex boy! Right, I did everything you told me to last night. Thank god I did! Ewido is amazing, when I ran it in safe mode I found 444 infected files after everything else said I was pretty much clear. This included three trojans and a worm! I then ran avast in safe mode, it didn't find anything. I then rebooted and installed zonealarm as you said. I started the PC this morning and ran spybot and the same LSA warning came up! I copied results to file:

LSA: Settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-1390067357-854245398-1060284298-1000\SYSTEM\CurrentControlSet\Control\Lsa

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

From reading up on the internet it seems that the windows security center stuff are false positives. Is the LSA thing a false positive as well? Ewido, spybot, adaware and counterspy cant find anything.

Thanks for your help, very much appreciated.

 

[DavidR]

I've had false positive detections with Spybot S&D, AdAware and Ewido, so nothing is immune to False Positive detections. So don't take anything at face value always check (as you have done).

It is hard to say if something is an FP without a little experience (and you are getting it in spades), but when I update one of my security software tools (not avast), I run a scan straight after it. This way I get an idea that the new detections could be as a result of the new signatures added in the update and I check them a little more throughly, if in doubt you can move them to the quarantine. If I'm sure they are OK I ignore/leave them.

If you experience a problem after quarantine system won't boot or running problems, you can try to boot into safe mode, run the respective program and restore items from quarantine.

After the next update I move the items out of quarantine and scan again on occasion some are found to be OK, so don't rush to delete items in any form of quarantine.