1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worm.SomeFool.P

Discussion in 'Virus & Other Malware Removal' started by Jarkeld_ia, Apr 28, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Jarkeld_ia

    Jarkeld_ia Thread Starter

    Joined:
    Nov 28, 2003
    Messages:
    91
    Hi,
    Got this email from someone saying I'm sending out viruses. I ran Inoculate IT Virus Scan and found nothing. Ran Adware, H/T, and Spybot search. All turned up nothing.

    I use yahoo mail. Is it possible for a virus on my machine to reach into yahoo servers and send out random emails to people without leaving a copy of the message in my "sent" folder?

    Thanks in advance,
    Jarkeld

    Email is below


    VIRUS ALERT

    Our content checker found
    virus: Worm.SomeFool.P
    in email presumably from you (<[email protected]>), to the
    following recipient:
    -> [email protected]

    Please check your system for viruses,
    or ask your system administrator to do so.

    Delivery of the email was stopped!


    For your reference, here are headers from your email:
    ------------------------- BEGIN HEADERS -----------------------------
    Return-Path: <[email protected]>
    Received: from 1800gotjunk.com (modemcable013.19-131-66.mc.videotron.ca
    [66.131.19.13])
    by pop.1800gotjunk.com (Postfix) with SMTP id AF3E1FEAF
    for <[email protected]>; Wed, 28 Apr 2004 11:38:49 -0700
    (PDT)
    From: [email protected]
    To: [email protected]
    Subject: Re: improved
    Date: Wed, 28 Apr 2004 14:28:17 -0400
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
    X-Priority: 3
    X-MSMail-Priority: Normal
    Message-Id: <[email protected]>
     
  2. gurutech

    gurutech

    Joined:
    Apr 23, 2004
    Messages:
    2,960
    Sounds like someone sent the virus to a known "bad" e-mail address, but used your e-mail address as the return address, so when the mail server bounces the message, it goes to you, not to the real sender.
     
  3. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi,

    could you post a hijack this log for us and we'll take a look for you. It's unlikely, unless you have been hijacked yourself?

    hijack this can be got here.

    http://www.majorgeeks.com/downloads31.html

    other tools to consider for prevention and cleaning are:

    . cwshredder
    . SpyBot
    . AdAware


    http://www.majorgeeks.com/downloads31.html

    cwshredder can be got here

    http://www.merijn.org/downloads.html

    khaz

    to stop reinfection get these two tools, spywareguard and spywareblaster from

    www.javacoolsoftware.com
     
  4. Jarkeld_ia

    Jarkeld_ia Thread Starter

    Joined:
    Nov 28, 2003
    Messages:
    91
    Hey guys,
    Thanks for looking at this. Below is my H/T log. I have run adaware, H/T, CWShredder, and Spybot Search. (I run them all before I post here). I also ran Inoculate IT and something called ClnPinfi.com as well. I used that a few months ago to find the same sort of virus. When I ran it then it found problems in all of my *.exe files. I don't know what it did or found but the problem went away.

    H/T Log
    Logfile of HijackThis v1.97.7
    Scan saved at 18:00:17 PM, on 4/28/2004
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\System32\ZipToA.exe
    C:\WINNT\explorer.exe
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\PopUp Killer\PopUpKiller.EXE
    C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
    C:\Program Files\Lavasoft\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
    O4 - HKLM\..\Run: [Decal] D:\Asheron's Call\Utils\Decal\Decal\DenAgent.exe
    O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    I couldn't find anything. I think someone is ****ing with me.

    Jarkeld
     
  5. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi,

    go to start/run/ type in the box msconfig/ startup items/ check all the boxes so that we can see what processes and programmes you have running.

    khaz
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    post another hijack this log
     
  7. Jarkeld_ia

    Jarkeld_ia Thread Starter

    Joined:
    Nov 28, 2003
    Messages:
    91
    I did what you said but it didn't work. I don't think I typed the command correct. I got the command window open and typed msconfig and got an error message. Should that have worked?

    Jarkeld
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224675

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice