Suspicious "Outgoing Mail"

[Cupra666]

Hi All,Newbie to these forums.

Currently using avast 4 home which im very happy with.

However i have a few issues which would appreciate your help,in my icon tray im often seeing a small envelope with a blue policelight in front?! when i move my curser over the top im seeing a lot of unknown mail address.
Also often seeing
"avast connection time out" Internet Connection Elapsed Continue Waiting?
(taskdir.exe->mta-v24.mail.yahoo.com:25)

Also when i open avast on access scanner,under Internet mail im seeing many unknown internet address' under the "last scanned" section.

Ive also tried a search on these forums and saw many posts talking about a certain brazilian guy who managed to sort out the problem,mine is very similar to this but after taking the steps he advised,my problem still persists!!

I currently cannot open my favorites folder too,keep seeing "send error report to microsoft",has this got anything to do with it do you think?

Any help would be much appreciated

[DavidR]

It looks like you have an email spambot, as a temporary measure use your firewall block taskdir.exe from connecting to the internet.

Ive also tried a search on these forums and saw many posts talking about a certain brazilian guy who managed to sort out the problem,mine is very similar to this but after taking the steps he advised,my problem still persists!!

If you can explain what you have tried it will avoid us repeating what you may have tried and wasting time.

What is your firewall and OS ?

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

A google search for taskdir.exe returns many hits.
http://www.greatis.com/appdata/d/SysDir/t/taskdir.exe_Removal.htm
http://forums.spywareinfo.com/index.php?showtopic=71034 - see first reply.

[Cupra666]

Thanks,i've blocked taskdir.exe and it seems to have stopped the problem for now.

The Brazilian guy said to delete,any found entries containing"exmodula.exe." in C/Documents and Settings/Me/Local Settings/Temp.

I found no visible entries.

He then said to do a search on the registry for "exmodula".Again,there were no existing files.

I then proceeded to do a HijackThis scan looking for smss.exe,as he advised,under C/Windows/System Folder (not the System32 Folder which i know i should not touch).However there were no results from System Folder.

I searched my registry for smss.exe anyway and the only thing i found was under HKEY_LOCAL_MACHINE/SYSTEM/Control set 002/Control/Terminal Server/System procs.

It seems very strange as the "symptoms" of my problem are near enough exact as to that of the Brazilian guy.

The post he wrote is num.27 in the following link just in case your interested
http://www.commentcamarche.net/forum/affich-2090178-xxexmodulae-exe-inconu-du-web

I am using ZoneAlarm Pro Firewall,and i'm on Windows XP SP2.

Ive also tried running Ewido Security Suite,on a Full System Scan it crashes at about half way...this is due to,i believe,my possible corrupt favorites folder and/or corrupt user profile?? do you think??

However on a Fast System Scan it runs ok,this is the report.....

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         20:58:28, 26/03/2006
 + Report-Checksum:      B0B6F5B7

 + Scan result:

   [2024] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Cleaned with backup
   [1240] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [1392] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [1680] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [1996] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [596] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [376] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
   [3780] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning


::Report End

[DavidR]

Thanks,i've blocked taskdir.exe and it seems to have stopped the problem for now.

This is only masking the problem not resolving it, as it still exists and will be trying to get out but being blocked.

I would suggest that you try booting into safe mode and start and run ewido from safe mode.

The 'system' folder in win9x/winME is effectively the system32 folder in a winXP so the reference could be the same, just the slight difference in OS.

You could try to delete the taskdir.dll and taskdir.exe files using 'Unlocker' http://ccollomb.free.fr/unlocker/ is also good as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.