I have vista and was running One-Care Anti virus and firewall. Some how a virus came into my system.
I have uninstalled One-Care and installed Avast Antivirus software that has a boot scan. I did the boot scan and it found 5 viruses on my system. Avast took care of those. I installed Comodo firewall just because i think it better to have a firewall installed.
I then Installed MalwareByts Anti malware soft-wear and it found one attack. And deleted it.
So far all sounds good but
I am still receiving messages in my Email saying that my email i sent did not go thrue and gives me the email addresses where it was supposed to go. I do not Email very much and all these addresses where not sent by me.
I will also add that i did try Ad-Aware, Spy-blaster and Avg and others and all say everything is Good.
I am still getting theses could not be delivered emails that i did not send. when i look at the date the error message says the recent date of today.....
Has any one run in to this? If so how long does it take for those could not be delivered emails to get out of the Email system?
I will tell you it has been since Friday since all scans have been showing up with no viruses.
If you have had this virus. Let me know what you did to get rid of it.
Any help would be appreciated
Thanks
Well he definitely did have some malware found by HiJack this, and removeit pro.
They are Back. crash is in the future.
Wellll....thinking about "format C"?
"A friend in Israel had a similar problem, but it was the ISP that was infected. I wonder if that was your problem.Well he definitely did have some malware found by HiJack this, and removeit pro."
Naaah....it was just one of your skins, Jim....
Seriously though, I think you've gotten to the point of formatting your drive, mate....hope you have a clean backup.
i am talking about full crash. start all over. and may be just through it out the window. lol
I forgot to add. this is really funny.
I cleaned the startup menu. not sure why but after running Hijack this and RemoveIt. all emails stop. The funny thing is next thing i know is restore and backup is on my clean startup menu. I did not even run it. then emails come back.
Then Jim tells me to delete the two things from hijack this all things go good again. no emails.
Since i was suspicious of restore and back up thing. I cleared the start menu again. next thing you know backup and restore is on it again and emails are back.
Any ideas how it gets back on there.
I have never use that so it should not be on the start menu
Sounds like the virus is using backup and restore to activate the email worm again. Programs appear on the left side of the start menu based on frequency of use.
Turn off system restore on all drives, reboot, delete backups, reboot, run the progs that let you get rid of the worm to begin with. Once all this is done, turn system restore back on. If this don't work, I could probably fix it if I had it. But you are about to the point where a format is called for. It may be a polymorphic virus, which stays ahead of the virus programs by changing into some other form every so often. http://www.webopedia.com/TERM/P/polymorphic_virus.html
Jim did all above. Scans have come up empty handed. If you dont mind i can send you a hiJack this doc to see if you can find some more or new ones.
this is crazy. to think I had Anti-virus and firewall with spyblaster install to make me feel safe.
Send away, I wish I was there. Fixing this kind of thing is a lot easier hands on. I have found precious little I can't fix. If I can get my hands on it. That's why a PC tech hates phone calls. My Dad in law sent me to school for this stuff. I wish I could be there to fix this.
Back up the documents you want to keep..............and wipe the hard disk and reinstall. It's you safest bet
Yall ever hear of hellzlittlespy? KNow where it comes from??
????????????????
WeatherBound, buddy, did you go to the HJT forum I linked you up with? if you did, your problem[s] would most likely be gone.
Yes.. they do get you to install some crazy stuff that may make no sense, but it works, you just do what they say.. do all of the 'safe' reboots they ask you to, post your logs.. hop on one leg, whilst touching your nose if they tell you to , and eventually, they can give you the all-clear when they see your system is clean.. sorry if you've already done this, I just noticed how long this thread has gotten, and have seen the word 'format' too many times.. you don't need to take such drastic measures.. I hope
I just got done getting rid of some type of virus today; Ad aware & Nortons saw nothing; Malwarbyt found 13 trojons ; Still could not open C or D drive, so I got a program called Combofix, and it fixed it up good as new. Thanks goodness for that program!
Yeah, the thing is, there's a low level virus called 'resycled boot.com', I actually have it, and Malwarebytes got rid of it, then I could only access C, through Explorer, so I just keep restoring the virus hehe.. oh man..
I know.. I should go take my own advice and visit HJT, just could not be bothered right now
Grab a Linux Live distro on another computer, write it to a CD-R, put the CD into your own computer, format the drives (repartition first if you know how), reinstall Windows.
That is the only way to know for sure.
Worm Infects 9 Million Computers
I often find myself saying, "Please keep your computer up to date!" Well, today is another one of those days, but it may be too late for some of you.
As you may or may not recall, back in October 2008, Microsoft released an emergency security patch to protect computers from a worm that could exploit the Windows Server service. That service, while it sounds like it would only be on servers, actually runs on every computer that has Windows 2000, XP, Vista, 2003 Server and 2008 Server.
At the time, many newspapers made a big deal out of the patch, because it was released at a time when Microsoft doesn't usually release patches. Those "out of cycle" updates are generally more important, because Microsoft feels the need to release them immediately, instead of at the beginning of the month.
Well, even though the patch was released to fix a major issue with Windows, many people did not install it. Now, the worm, called "Downadup," has infected over 9 million computers worldwide. The worm works by infecting Web sites, making them hosts for the virus. After a Web site is infected, the site can give the worm to any computer that visits.
At this time, the worm continues to spread like wildfire, so please, please, please update your computer! There are several ways to make sure your computer is up to date. The best way is to open Internet Explorer (not Firefox) and go to http://windowsupdate.microsoft.com. That Web site will scan your system and tell you which updates you need. You should install all of the critical updates.
After you've done your updates, you should also download the Malicious Software Removal Tool. That's a quick tool Microsoft releases monthly to remove known viruses, worms and spyware from Windows computers. To get this month's version of the Malicious Software Removal Tool, go here. Until next time, stay safe out there, my friends!
Waiting here...lol.
I will send it to you.
Jrag has told me to do this Malicious Software Removal Tool when i first posted this.
As i said in a email i shut down the remote access.
reason being. When i click on disk cleaner. it asked for which user do you want to clean. Me going ???????? what the heck
I am the only user and that puzzled me. Under user account it only shows me as a user and guest user is turned off.
when i open task manager it list my processes and i can click to see what other processes is using. again ????????/
The task manager always has had a checkbox for "show processes from all users." This is normal.
"When i click on disk cleaner. it asked for which user do you want to clean." Now, this is odd.
Don, send me a copy of one of the emails. Are they sent from your address? Check your email program and see if there are any new accts. ....worth a look. If it is your isp, and not your PC, you could try this, just a shot in the dark. Change your email address. New account altogether. Like, do away with the current account in your email prog. and create a new account under a different name. Example: I could drop PuterDudeJim@aol.com and create a new one called ChubbyHusband@aol.com....this may stop the emails, worth a try.
Tell me this, is your machine real slow, is it acting funny in any way, other than the returned emails? Try my suggestion and see what happens, what have you got to lose?
This is my main email. i would hate to have to change everything like WC and some of my game accounts and all.
I will do if all else fails. I am doing some things Yrag has ask me to do. if all fails and i am almost done trying to fix this. I will just start from scratch. after Crash and still get emails than i know its comming not from my computer.
I got to tell you that if i just would have crashed it at the beginning i would have a brand new computer by now. Lol
Try reading this, Don.
http://www.techsupportforum.com/networking-forum/security-firewalls/240806-solved-email-hacked-strange-mailer-daemon-messages.html
Don, light at the end of the tunnel. I have sent you an email with a program in it that specializes in your current problem. At least according to McAfee. It is called Stinger. Check your email.
There are many great features available to you once you register, including:
Sign in or Create Account
