1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help, some kind of virus/trojan/spyware that I can't shake

Discussion in 'Virus & Other Malware Removal' started by dahlemulti, Apr 27, 2004.

Thread Status:
Not open for further replies.
  1. dahlemulti

    dahlemulti Thread Starter

    Joined:
    Feb 4, 2004
    Messages:
    3
    My XP system was hijacked by freednsinfo, but I got rid of that using Hijackthis. I've gone through the system several times with Hijackthis, Spybot, Ad-aware and CWSshredder, as well as several online virus scans and my local AV client Norton AV. None of these can find anything, but I've got a really annoying problem nonetheless:

    Every 90 seconds or so, someone (could be someone sneaking through a backdoor or an automated process running on my PC) sends a large number of emails (virus, spam?) directly through my Norton AV email virus check. I get a large number of those small Norton windows popping up, telling me that Norton is sweeping the email for viruses, and sometimes I get a window saying that the message is rejected by the mail server.

    When I try to do the obvious and block all traffic using Norton Internet Security, or just yank the network cable from my wireless router, I get a message saying that the system will restart in 60 secs, and it promptly does. It seems that the program does anything to stay alive and stay online.

    I've tried monitoring my network traffic with DU Meter, and there is (of course) a sharp increase in outgoing traffic whenever these mass mailings occur. In my search to find the process causing it all, I have tried shutting down several processes, and the one I've had the most luck with so far is called "ccApp.exe". Whenever I shut down this process, DU Meter stops showing these peaks in outgoing traffic.

    ccApp.exe appears to be an integral part of Nortons AV suite, and I suspect that the virus is using the Norton email engine as an SMTP server (is that possible?). There appears to be no increase in mail activity on my regular email server, anyway.

    Do you have any idea what this is and how I could possibly get rid of it?
     
  2. dahlemulti

    dahlemulti Thread Starter

    Joined:
    Feb 4, 2004
    Messages:
    3
    Update:

    I uninstalled Norton Internet Security altogether, and DU Meter still showed the unwanted outgoing activity.

    I did a new scan with TrendMicro's online scanner, which told me that I had the Secupd worm. I proceeded to remove all of the infected files in safe mode, and so far the problem seems to be gone.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224235

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice