Re: Can't stop a Zombie EMailer
- From: "Paul Zak" <idontgotnone@xxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 16:23:00 -0400
What software was used? Have you tried Trojan Remover, Spybot, AVG &
AVG-AS, as well as AVG-RK? Also try superantispyware . . .
"JP" <JP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D01A399C-59E6-4B0E-B133-6072EA7A2082@xxxxxxxxxxxxxxxx
I am assuming I am on the right Group.the
I have discovered a Zombie Emailer running on XP Home.
It is sending enough email to bring down the LAN. Using CurrPorts
(cports.exe) I can watch it connect to an IP address on port 80 (probably
picking up the day's email) then connect to another IP Address (close to
first one) on Port 25.spewing
After a few seconds, all hell breaks loose, and the computer starts
email at a great rate...stopped by pulling the Network cable.
I have watched this, in CurrPorts, and in Process Explorer from
Sysinternals, and it appears to be running from Services.exe PID 688, but
from where after that is the real question.
I have used 3 different Virus Scanners, and 2 different Rootkit finders.
Nothing.
I further checked it with HiJackThis, and with Autoruns. Seems that it is
not something that normally shows up as an "evil doer". I am not sure if
they have hijacked a service, or just what.
Any suggestions.
.
- Prev by Date: Re: Need site for malware submissions
- Next by Date: Re: Can't stop a Zombie EMailer
- Previous by thread: OT: Sony making loopholes again !
- Next by thread: Re: Can't stop a Zombie EMailer
- Index(es):
Relevant Pages
|
