User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Email spamming virus Page [1]  
bgmims
All American
5895 Posts
user info
edit post

My gf has a email virus that keeps trying to send emails constantly. She can't figure out what virus it is though. How can she tell. I'm running through all the system processes right now to see if anything unusual shows up.

Any ideas?

10/3/2006 9:18:56 PM
brianj320
All American
9166 Posts
user info
edit post

run antivirus maybe?

10/3/2006 9:23:07 PM
plusdelta
All American
1034 Posts
user info
edit post

I'd suggest a thorough anti-virus scan in safe mode. That probably won't catch it, so you should also do an anti-spyware scan in safe mode as well.

If you're comfortable with checking over Windows processes, you may also want to see what things are automatically set to run upon startup/login. Use a tool like Autoruns to see what's set to launch automatically:
http://www.sysinternals.com/Utilities/Autoruns.html

If you can't find it easily with those tools, you're going to have to dig deep to find it. The amount of time necessary to do that may not outweigh a reformat in the end, so I'd start with the automated scanning stuff first.

10/3/2006 9:29:29 PM
kinetix
All American
3122 Posts
user info
edit post

google: combofix, aimfix, vundofix

if she lives on campus 515-help

10/3/2006 9:35:20 PM
bgmims
All American
5895 Posts
user info
edit post

thanks guys. I think I tracked it down. its the lsass.exe process that looks like its part of the sasser virus. I'm sending her to the removal tool, and I hope that works. It wouldn't let her delete it directly, even in safemode.

10/3/2006 9:42:13 PM
kinetix
All American
3122 Posts
user info
edit post

Quote :
"It wouldn't let her delete it directly, even in safemode."


probably because the original lsass.exe is...

Quote :
"a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated."


don't delete the one in system32

[Edited on October 3, 2006 at 9:58 PM. Reason : ]

10/3/2006 9:57:19 PM
nuitari
All American
709 Posts
user info
edit post

be careful deleating things like that, I suggest backing up the really important stuff on your comp so that you can reformat if you fuck up.

10/3/2006 11:58:29 PM
Perlith
All American
7620 Posts
user info
edit post

1) Run Antivirus
2) Run Windows Updates
3) Run Anti-Spyware

Usually allowing 1+2 to happen automatically helps prevent the need for #3. I'd recommend calling the helpdesk ... this will take awhile to clean out.

10/4/2006 7:24:33 AM
 Message Boards » Tech Talk » Email spamming virus Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.