suspicious message alert but no virus?

[zhola]

Hi i am new to this so im sorry if i dont give enough technical info. also as my own computer is difficult to use due to this issue im writing this from memory on my works PC.

i run avast on my XP laptop i have service pack 2 and avast always updates regually my ISP is toucan i have broadband through a thompson modem (i think)

about 4 days ago i started to get a pop up from avast saying that too many identical/suspicious messages where being sent from my PC, its asks me what i want to do i always select do not send but its just constantly flashingt up if i try and use the net

i have run a full scan, a boot time scan a memory scan, a full scan in safe mode and it can find nothing. i have also run AVG and Ad-aware again no results

there are a few files that it says it cannot scan some of those i am used to seeing (search and destroy has nnever been able to be scanned by avast) but there are 3 i dont recognize they are in my windows download folder and (they start with numbers i think it was 119 then a whole load more numbers)

the messages are your usual enhance your manhood or make her want you more types that are being sent and there doesnt seem to be much of a pattern in the email address they are being sent to or from.

can any one offer any advise?

i will try to add more details from home if i can get online for long enough again im sorry i cant give more info now.

[DavidR]

You appear to have an undetected or hidden trojan spambot on your system. These mass mailers are often hidden by a rootkit.

Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight - Direct link, ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe


If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
If using winXP or Vista SUPERantispyware On-Demand only in free version.

[zhola]

thank you for your assistance

i have run all of your recomended tools and some items have been found and removed but the problem still persists

i have turned off the avast scan of out going mail so i can use the net without the constant barage of pop ups but i still have an unwanted intrusion on my computer which i obviously dont want.

can any one offer further advice?

this would be a lot easier if avast gave the problem a name wouldnt it!!!!


thank you

[DavidR]

Hiding the symptom isn't advised, if your system is sending out spam you need to stop it not only for those being spammed, but your ISP could well identify your account sending mass emails and could come down heavily.

and a competent firewall should be able to block unauthorised outbound connections, what is your firewall ?

Did you run SAS from safe mode, if not try that and on conclusion it usually gives a report on what it found, post the contents here (you may need to use more than one post to copy and paste if it is large).

Also useful as a diagnostic tool - FileHippo Download - HiJackThis - HJT Information HiJackThis Tutorial.

Download and run HJT and post the contents of the log file (cut and paste) into this topic, you may need to split it over two or more posts depending on how large it is.

[giunz]

Hello from me as well.My friend got probably the same spamware.He gets warning of wanting to send spam mail.He has scanned and added to chest whatever he found.I advised him to run aimfix,spybot search and destroy,ccleaner but the problem kept coming.Finally he ran adaware.When it reaches a certain point,it reboots the computer.What would you advise me to do?Should i follow the same method you mensioned before?
PS:he probably got this virus when he clicked on a link sent through msn.As it seems the contact had the same virus.Thank you.

[DavidR]

Start by working through the suggestions given previously and report the findings.