Got some sort of 'Spam Spreading Virus', how to remove it?!

[Sephalo]

Hey there.

Since I don't know anyone that knows as much of computers as me (and I know shit about computers) I'm asking this to thw community. Hopefully there's someone that knows how to solve this.

Lately I've been getting e-mails from [email protected] (the 'mailer' that sends you an e-mail when an e-mail you tried to send couldn't find it's receipant) that the e-mails I tried to send couldn't find the receivers. Those e-mails I 'appeared to send' where with WoW contained information like 'click here for instant beta acces' or 'login here for free mounts' etc.
You may understand that I never sent such e-mails around so here's my problem.

I believe I got some sort of a virus on my computer or mail adres (if that's possible) that sends spam mails to random people. Now if there's anyone that knows a littlebit of these kind of virusses, could you please tell me something about it then. I really don't have a clue how to solve this.

Oh and the amount of e-mails I get from this [email protected] has been increased from 3 a day to 100 a day in 1 week. It's making me nuts.

Teuncreemers

 

[Ironside]

These are called Worms, these days commonly used is O. Blackout

These are usually included witha RAT or Keylogger, meaning this is your least problem.

But since you asked for the Worm, it spreads itself to all sorts of stuff (mails, MSN, LAN, ...), if people download the files, it's again the Worm binded with RAT / Keylogger.

Hope you understand this, I wrote in a hurry.

Also the fact that you get more mails now, means some of the victims downloaded the file

 

[Sephalo]

These are called Worms, these days commonly used is O. Blackout

These are usually included witha RAT or Keylogger, meaning this is your least problem.

But since you asked for the Worm, it spreads itself to all sorts of stuff (mails, MSN, LAN, ...), if people download the files, it's again the Worm binded with RAT / Keylogger.

Hope you understand this, I wrote in a hurry.

Ah oke thanks alot. Now I know what it is. Hmm..
Do you have any idea to get rid of it?

 

[Ironside]

I'm a hacker, off course I know how to get rid of such applications...

 

[DarkAngelAzazel]

No I don't think it's a worm.
First of all everyone could send emails and make it look like you sent them because the mailer is just a simple text line somewhere in the email.
If you have a mail server you can easily send an email and then change the name and email of the one who send it.

But I suggest scannign your computer with:

1. Spyware Search and Destroy. (freeware)
2. Kaspersky (trial version) (its just my favorite antivirus and i trust it)

if there is a worm you should be able to remove it like thi.s

 

[Sephalo]

No I don't think it's a worm.
First of all everyone could send emails and make it look like you sent them because the mailer is just a simple text line somewhere in the email.
If you have a mail server you can easily send an email and then change the name and email of the one who send it.

But I suggest scannign your computer with:

1. Spyware Search and Destroy. (freeware)
2. Kaspersky (trial version) (its just my favorite antivirus and i trust it)

if there is a worm you should be able to remove it like thi.s

Ah thanks alot.
You sure Spyware Search and Destroy is safe? I used it for a while, then I heard someone saying that it sends you virusses once in a while to let you buy virus scanners or something.

 

[PROXY]

Buy Kaspersky. It costs, but it's worth it. It's IMO the only antivirus you can trust. And it removes EVERY virus on your pc.

 

[Ironside]

No, It is a worm for sure, as it's a common mark that you start getting more mails with time..

Also scanning your PC has absolutly no effect, as there are programs called Crypters which will make it undetected...

 

[Sephalo]

No, It is a worm for sure, as it's a common mark that you start getting more mails with time..

Also scanning your PC has absolutly no effect, as there are programs called Crypters which will make it undetected...

So how would you remove it then?

 

[Ironside]

1st of all you need to know some stuff:

1. Any kind of Worm/RAT/Keylogger that is worth something, roots itself into a directory, by default it's

%systemdrive%\...\Install\Svchost.exe

1a. The path is fully customizable by the client owner.

2. It uses a proccess which it's Username is Local Service

2a. The name of the proccess is also fully editable, default Svchost.exe

3. You'll find it in Start > Run > msconfig > Startup

You must find something that you didn't install and uncheck it.


With knowing these 3 things, I'm sure you know what to do...

 

[Dr Super Good]

I take it you are sending emails directly from your computer via a client like outlook express. If not then change your password for the email account from a safe system because some hacker probably has their dirty hands on it.

I also advise changing almost all passwords that you use regually or that share the same pass because you have little idea truely how long this thing has had you infected (some have wake up timers to prevent immediate detection). As such a hacker might know everything from your game account passwords (very dangerous in RPGs like Diablo II or WoW which hackers can convert your hard work into cash), social network passwords (could try to steal your ID) or even credit card details (also very dangerous information for them to have). Any file with passwords could also have been stolen in the meantime. It is better to be safe than sorry and change such passwords before the hacker starts to use them.

Removing them is usually not as simple as Barathrum has made out. Yes some of the simple ones will be that easy to fix but there can be a lot worse ones. For example it might have backups imbeded into other program files or that might only be part of what you actually are infected with (the trojen that got you might have been carrying more).

The ultimate garunteed (as far as logic goes unless it somehow infaltrates the BIOS) cure all fix for any malicious software is to reinstall your OS. Logically this is a prety drastic thing to do but it will completly destroy viruses. If you plan to subscribe to some comercial security software then this might be a good thing to do before hand to garuntee the system it gets installed on is clean from the start and the security software will hopefully stop it getting infected again. Installing security software does remove a lot of mallicious software but it can only remove what it is programmed to so it is possible for some very advanced ones to even survive under the presence of such software.

Its sad to see such computer tallent wasted by such ******** people scamming others from their hard earned cash. I seriously hope those people get whats comming to them.

As a final tip, do not run files from friends you are not expecting (chances are they were infected by a worn with trojen infiltration and it is trying to infect you). Also do not run files from unusual sources, incluuding forign domains (.ru as an example), software at the bounds of legality (if its free and easilly available chances are it wil leat your computer's soul) and do not always trust 100% positive reviews on a file being safe (a lot of hackers post up a variety of messages to fool one into thinking something is safe when it is no).

 

[Sephalo]

I take it you are sending emails directly from your computer via a client like outlook express. If not then change your password for the email account from a safe system because some hacker probably has their dirty hands on it.

I also advise changing almost all passwords that you use regually or that share the same pass because you have little idea truely how long this thing has had you infected (some have wake up timers to prevent immediate detection). As such a hacker might know everything from your game account passwords (very dangerous in RPGs like Diablo II or WoW which hackers can convert your hard work into cash), social network passwords (could try to steal your ID) or even credit card details (also very dangerous information for them to have). Any file with passwords could also have been stolen in the meantime. It is better to be safe than sorry and change such passwords before the hacker starts to use them.

Removing them is usually not as simple as Barathrum has made out. Yes some of the simple ones will be that easy to fix but there can be a lot worse ones. For example it might have backups imbeded into other program files or that might only be part of what you actually are infected with (the trojen that got you might have been carrying more).

The ultimate garunteed (as far as logic goes unless it somehow infaltrates the BIOS) cure all fix for any malicious software is to reinstall your OS. Logically this is a prety drastic thing to do but it will completly destroy viruses. If you plan to subscribe to some comercial security software then this might be a good thing to do before hand to garuntee the system it gets installed on is clean from the start and the security software will hopefully stop it getting infected again. Installing security software does remove a lot of mallicious software but it can only remove what it is programmed to so it is possible for some very advanced ones to even survive under the presence of such software.

Its sad to see such computer tallent wasted by such ******** people scamming others from their hard earned cash. I seriously hope those people get whats comming to them.

As a final tip, do not run files from friends you are not expecting (chances are they were infected by a worn with trojen infiltration and it is trying to infect you). Also do not run files from unusual sources, incluuding forign domains (.ru as an example), software at the bounds of legality (if its free and easilly available chances are it wil leat your computer's soul) and do not always trust 100% positive reviews on a file being safe (a lot of hackers post up a variety of messages to fool one into thinking something is safe when it is no).

Yeah I guess reinstalling vista would be the best option. And I think I got the 'worm' from Wowmatrix. A program that downloads wow addons for you. It;s been said that you cannot trust it. Too bad I only found that out yesterday.
Thanks for all the help guys.

 

[Ironside]

I'm pretty sure it's that thing, since you'll format now I guess, this thread is solved, right?