« previous next »
Pages: [1]   Go Down

Author Topic: SMTP activity like a mailer worm  (Read 3101 times)

0 Members and 1 Guest are viewing this topic.

Mander

  • Guest
SMTP activity like a mailer worm
« on: November 16, 2006, 10:58:11 AM »
In the last days, at random times, Avast 4 pro detects a lot of similar mail getting out (obviously I was not sending anything). After that I receive a lot of "Mail Delivery error". The addresses in those mails are not in my address book.
A complete full scan of the system with Avast a few days ago did not reveal any mass mailer worm installed.
Similar complete scans with Pest Patrol, Spybot S&D and Adaware did not reveal anything.

This morning at about nine same Avast message of similar emails getting out at rapid pace. Some of them had attachements that Avast does not recognize as infected files:

Ce_nsured.zip
Ce_nsured1.zip

[Would like to attach those files, but I see that the .zip extension is not allowed]

A manual inspection of the WINNT\System32 directory showed two suspicious files:

WebQuick.dll
WebQuick_.dll

That I somewhere found on the net being a BHO trojan.

Is it possible that they have dl'ed a massmailer worm that is not recognized by avast and that is running in my system?
[O.S.: Win2k]
[Mail Client: Eudora 6]

Thanks
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: SMTP activity like a mailer worm
« Reply #1 on: November 16, 2006, 02:01:37 PM »
Quote from: Mander on November 16, 2006, 10:58:11 AM
Is it possible that they have dl'ed a massmailer worm that is not recognized by avast and that is running in my system?
Yes. It's possible  :'(
It will be good if you download, install, update and run other trojan remover tools:
a-squared
Free AVG Antispyware
SUPERantispyware
Spyware Terminator
Logged
The best things in life are free.

Mander

  • Guest
Re: SMTP activity like a mailer worm
« Reply #2 on: November 16, 2006, 02:19:20 PM »
Done already, I've spent all morning, and removed WebQuick_dll.

Corrected entries in the registry about BHO.

No way to analyze the zip file my system was tring to spam?

Thanks
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89065
  • No support PMs thanks
Re: SMTP activity like a mailer worm
« Reply #3 on: November 16, 2006, 02:31:51 PM »
Quote
Is it possible that they have dl'ed a massmailer worm that is not recognized by avast and that is running in my system?

I think that it is very possible.

You could also check the offending/suspect file/attachments at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If they are detected as malware, undetected by avast. Send the sample to virus@avast.com zipped and password protected with password in email body and undetected virus/malware in the subject.

If any of these anti-spyware tools detect a trojan undetected by avast, before dealing with it send a sample to avast as above.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »