Author Topic: emission de mails multiples  (Read 15975 times)

0 Members and 1 Guest are viewing this topic.

mreynes

  • Guest
Re: emission de mails multiples
« Reply #15 on: June 28, 2007, 09:12:55 AM »
I did a repair install of Windows and the problem seems to be solve. I hope it won't come back  ::)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: emission de mails multiples
« Reply #16 on: June 28, 2007, 03:06:26 PM »
I hope not either, though I'm surprised a windows repair install made any difference. It wouldn't remove the trojan responsible for the spam emails being sent, the repair install only effects windows files, so very strange.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: emission de mails multiples
« Reply #17 on: June 29, 2007, 03:49:33 AM »
I hope not either, though I'm surprised a windows repair install made any difference. It wouldn't remove the trojan responsible for the spam emails being sent, the repair install only effects windows files, so very strange.
mreynes, David is right... overinstallation (windows repair) won't be able to solve infections... not of this kind.
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: emission de mails multiples
« Reply #18 on: June 29, 2007, 07:44:20 AM »
Why not?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: emission de mails multiples
« Reply #19 on: June 29, 2007, 02:03:27 PM »
Why not?
If TCP/IP settings would be overwritten (which does not ever happen in overinstallation, I've tested and I did not lose any of my settings), maybe, doing a Windows repair could help. If a system file is infected, maybe... But the most of infections it won't revert the situation. Well, my personal (and tested) experience.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: emission de mails multiples
« Reply #20 on: June 29, 2007, 03:40:13 PM »
The registry would essentially remain the same otherwise applications you have already installed wouldn't work after a repair install of windows. So the run entry for this piece of malware would still be there and so would the file/s, its smtp capability to send email without using the users email applications.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: emission de mails multiples
« Reply #21 on: June 29, 2007, 08:29:19 PM »
The registry would essentially remain the same
Some Windows keys could be changed, and then, they could 'solve' the problem created by the malware: for instance, TCP/IP settings could be changed by browser hijackers. Overinstallation *could* solve this.
But I can't see overinstallation as a cleaning method...
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89354
  • No support PMs thanks
Re: emission de mails multiples
« Reply #22 on: June 29, 2007, 08:34:51 PM »
It wouldn't change run commands to run the malware and I doubt the TCP/IP settings would be changed by spambot, it is the likes of newdotnet (adware) that hooks into the TCP/IP settings so when removed it can kill your ability to connect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: emission de mails multiples
« Reply #23 on: June 29, 2007, 09:42:08 PM »
That hooks into the TCP/IP settings so when removed it can kill your ability to connect.
If reinstallation get back the original TCP/IP settings, than it would be a 'cleaning' method. If not, like I (we) said before, reinstallation won't help at all...
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: emission de mails multiples
« Reply #24 on: June 30, 2007, 03:15:57 AM »
In at least one example of a spambot we have seen here recently I'm pretty certain it was a case of a modified Windows system service module that was doing the dirty work.  These spambots do not (unfortunately) all rely on having a startup entry any more that we can see and remove. They are also doing a better job of hiding within Windows systems services that do (as part of their real job) require access through the firewall.  Under these circumstances a Windows repair does stand a better chance of being effective than it would have done with some of the earlier spambots.  However, you guys are right that there are still the other sort out there with the startup entries so they would continue to be unaffected by the Windows repair.  We should no get stuck in the mental rut that all spambots will always work the same way.   

David,

I owe you a response on your post earlier in this thread on why your assumptions about what your firewall shows you and how it works are flawed.  I will get to it.

mreynes

  • Guest
Re: emission de mails multiples
« Reply #25 on: July 03, 2007, 08:46:54 AM »
You were right, the problem is back...  :'( >:(
The computer is running slowly, internet too and those strange mails sent :


Any idea how to destroy this trojan ?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: emission de mails multiples
« Reply #26 on: July 03, 2007, 09:47:13 AM »
It would help at  least to know what process is sending the spam.

Create the log I recommended ... then we will know where to start.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: emission de mails multiples
« Reply #27 on: July 03, 2007, 03:09:57 PM »
Create the log I recommended ... then we will know where to start.
If Alanrf is talking about Mail Scanner log... you can add the following line to the [MailScanner] section of <avast>\data\avast4.ini:
Log=20
Then generate some traffic, simulate the problem (i.e. force the avast mail scanner to time out by sending an email with attachment) and then post here the contents of the file <avast>\data\log\aswMaiSv.log

Details: http://forum.avast.com/index.php?topic=12234.msg103474#msg103474
The best things in life are free.