Other > Viruses and worms

winxp outlook express sending multiple E mail attachments SOLVED I THINK

<< < (2/2)

tlaingt:

I now have online armor firewall installed with all systems active.
I have been running TCP but unable to understand what I should be looking for
or how to interpret what I am looking for although I have taken snap shot at various times of sending message with attachments.
Below the property file, can anyone find something in here?
I let it send 3 times before I deleted the send file.


Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe2.prod.shaw.ca [10.0.162.8])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with ESMTP id <0K0300BBTUZV5MB0@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145])
 by pd2mr5so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep
 5 2006)) with ESMTP id <0K0300GZ3UZ2JV60@pd2mr5so.prod.shaw.ca> for
 plid@shaw.ca (ORCPT plid@shaw.ca); Tue, 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from acer56fb35423d ([24.68.225.203])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with SMTP id <0K0300LJXUXODO20@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:13:46 -0600 (MDT)
Date: Tue, 29 Apr 2008 14:13:00 -0700
From: lcc <plid@shaw.ca>
Subject: [WARNING - NOT VIRUS SCANNED] Re: VVVVVVVVVVVVVV PLID 3 20L.jpg [02/25]
To: lcc <plid@shaw.ca>
Message-id: <002f01c8aa3d$dd2c63e0$cbe14418@acer56fb35423d>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-Priority: 3
X-MSMail-priority: Normal
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Outbound message
X-Antivirus-Status: Clean
Original-recipient: rfc822;plid@shaw.ca
X-Antivirus: AVG for E-mail 7.5.524 [269.23.6/1402]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-48178FFB553F======="
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Inbound message
X-Antivirus-Status: Clean

Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe2.prod.shaw.ca [10.0.162.8])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with ESMTP id <0K0300BBTUZV5MB0@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145])
 by pd2mr5so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep
 5 2006)) with ESMTP id <0K0300GZ3UZ2JV60@pd2mr5so.prod.shaw.ca> for
 plid@shaw.ca (ORCPT plid@shaw.ca); Tue, 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from acer56fb35423d ([24.68.225.203])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with SMTP id <0K0300LJXUXODO20@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:13:46 -0600 (MDT)
Date: Tue, 29 Apr 2008 14:13:00 -0700
From: lcc <plid@shaw.ca>
Subject: [WARNING - NOT VIRUS SCANNED] Re: VVVVVVVVVVVVVV PLID 3 20L.jpg [02/25]
To: lcc <plid@shaw.ca>
Message-id: <002f01c8aa3d$dd2c63e0$cbe14418@acer56fb35423d>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-Priority: 3
X-MSMail-priority: Normal
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Outbound message
X-Antivirus-Status: Clean
Original-recipient: rfc822;plid@shaw.ca
X-Antivirus: AVG for E-mail 7.5.524 [269.23.6/1402]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-48178FFB553F======="
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Inbound message
X-Antivirus-Status: Clean

Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe2.prod.shaw.ca [10.0.162.8])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with ESMTP id <0K0300BBTUZV5MB0@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145])
 by pd2mr5so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep
 5 2006)) with ESMTP id <0K0300GZ3UZ2JV60@pd2mr5so.prod.shaw.ca> for
 plid@shaw.ca (ORCPT plid@shaw.ca); Tue, 29 Apr 2008 15:14:19 -0600 (MDT)
Received: from acer56fb35423d ([24.68.225.203])
 by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep  5 2006))
 with SMTP id <0K0300LJXUXODO20@l-daemon> for plid@shaw.ca; Tue,
 29 Apr 2008 15:13:46 -0600 (MDT)
Date: Tue, 29 Apr 2008 14:13:00 -0700
From: lcc <plid@shaw.ca>
Subject: [WARNING - NOT VIRUS SCANNED] Re: VVVVVVVVVVVVVV PLID 3 20L.jpg [02/25]
To: lcc <plid@shaw.ca>
Message-id: <002f01c8aa3d$dd2c63e0$cbe14418@acer56fb35423d>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-Priority: 3
X-MSMail-priority: Normal
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Outbound message
X-Antivirus-Status: Clean
Original-recipient: rfc822;plid@shaw.ca
X-Antivirus: AVG for E-mail 7.5.524 [269.23.6/1402]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-48178FFB553F======="
X-Antivirus: avast! (VPS 080429-1, 04/29/2008), Inbound message
X-Antivirus-Status: Clean

I have been searching etc almost all day for the past week & find nothing.
Terry

DavidR:
You run tcpview when the email is going out or before you can leave it running as it only shows connections, see image and you can see the processes that have connections and which are outbound to the internet.

tlaingt:
Finally paid for and got

Spyware Doctor with AntiVirus
and
Registry Mechanic

It found numerous problems, things seem to be back to normal  FINALLY.

The Trojan causing the problem seems to have been " Popuper"

Thanks for all the help and suggestions, really appreciated.

I now have avast running
Online Armor
and Spyware doc running





Lisandro:

--- Quote from: tlaingt on May 02, 2008, 06:52:54 PM ---Spyware Doctor with AntiVirus
--- End quote ---
I think it will conflict with avast.

Navigation

[0] Message Index

[*] Previous page

Go to full version