There's no such thing as a stupid question, but they're the easiest to answer.


Search Search
Search for:
Tech Support Guy > > >

Services.exe is sending spam emails - Malware, Trojan, Zombie


CADTopel's Avatar
CADTopel CADTopel is offline
Computer Specs
Junior Member with 1 posts.
Join Date: Nov 2008
Experience: Advanced
03-Nov-2008, 02:56 PM #1
Services.exe is sending spam emails - Malware, Trojan, Zombie
I have discovered that the services.exe process is sending email out to many addresses on an intermittent basis. My ISP (Time Warner) has shut down my modem 3 times already due to complaints that my IP was sending spam. After I got them to re-open my connection, The problem then comes up again in another 30 days. So it would seem to be intermittent, but what I found out today is that the trojan isn't active all the time. It will quiet for awhile, but every 10-15 minutes, it starts a lot of internet activity.

Tracking down the process involved using netstat -ano which shows all the network activity and the process involved. What I found was that normally there were only 2-3 Established connections, but when the virus went active that there were many many established connections. When I ran netstat w/o arguments so it would look up to whom the computer was connected, I noticed that all of the connections were to SMTP ports on a myriad of services (I'm attaching that file showing a quiescent period followed by all the connections). I'm also attaching a picture of the task manager showing that the problem process ID, 608, is services.exe

I used runscanner to determine if the files that were present were signed correctly, but it didn't notice anything about services.exe. i.e. it gave no report whether the hash on the file was good or not (Does anyone know what the SHA1 should be?)

All of the connections are from the services.exe process. The file itself is located in the right directory (i.e. windows\system32) but it must be infected. How can I get rid of this once and for all?

Thanks for any Help!

PS: Computer is running XP Home with all updated patches (but not fully patched before the virus was installed probably)
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

hjt, malware, services.exe, trojan

Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

You Are Using: Server ID
Trusted Website Back to the Top ↑