Possibly caught a virus. :(

Gav

Gav

Gav

Associate
Joined
21 Oct 2002
Posts
1,378
Location
Republic of Scotland
for the last few days my network connection seemsto have taken a bit of a beating. I have noticed that winlogon.exe seems to be doing something which it shouldn't. A further investigation has shown that it is sending emails like this:

Code: 
</head>
<body>
<p>Hi, luiz.carlos.</p>
<p><br></p>
<p><a href="http://bfyrxmjpxmgoaold4in0w1zj1jwavv6ivd60ddv.swizkn.com/?nofsffat">
<img alt="" hspace=1 vspace=1 src="cid:83212306.01C61F91.53A02E63.5130B9F6_csseditor"></a>
</p>
<p><br></p>
<p>
I knocks of utopian a feel? the achievement is syllables<br>
She decimalised was awoke  of superurgent  it participant resentfully<br>
Me forbidden sceptical is cats? of join a riddles<br>
A salt the canker killed? it lifted she whos<br>
You family of curlingirons? the unthinkable and admiringly or aspirin<br>
Not comment you granted and freely' me asphalt knuckle<br>
No prompts is apart this bristles of vicinity the stream<br>
If candelabrum we moreover of coin a appointing is happened?<br>
An rimmed me impostor you twentyfour she sign strangled<br>
Have tremble damage of bouncing it twanged was there?'<br>
Was bloom not enter sandals a dating or losses<br>
And dodges unfolding is model of sirs an smiling<br>
</p>
<p><br></p>
<p><span class=rvts6>--&nbsp;</span></p>
<p><span class=rvts6>Best Regards,</span></p>
<p><span class=rvts6></span>&nbsp;Page Gregg&nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;<a class=rvts7 href="mailto:[email protected]">mailto:[email protected]</a></p>
</body></html>
------------6CF0183155CAC36--
------------35178191A640ABB
Content-Type: image/gif; name="SJXJNF.gif"
Content-Transfer-Encoding: base64

Has anyone else came across this recently? I cant see any information on it anywhere.

TIA
Gav.
 
Yup i'll lay money it's a virus or possibly hacking, tho more likely the former. Most hackers won't waste time breaking into a Pc to do something like that.
 
no it doesnt pick it up. both winlogon.exe and svchost.exe are going mad at the moment. It certainly looks like a mass mail bug but i cant find any reference to it on Symantec or google.
 
Some deep poetry in that email lol.

What AV have you used? You could try some others and see if they find anything. I know NOD32 has a free trial... Avast does a free version... you could use something like Trendmicro's HouseCall too which is free also.

SiriusB
 
I'd almost bet money that something this deep in his system has already fubared his AV totally. I suspect that your best bet is to try & run an online scan in safe mode, and see what this picks up.
Personally though, I'd be inclined to simply junk the machine if there is nothing critical on it and start again.

What AV? Also, do you have a firewall running- You may be able to block the outgoing mails until you fix it.

-Leezer-
 
Its not a totally critical system but its a royal PITA to reload everything. I have the windows firewall and also a linksys router.
 
Gav said:
Its not a totally critical system but its a royal PITA to reload everything. I have the windows firewall and also a linksys router.
Click to expand...

From personal experience, some viruses are a pain in the arse to remove, and in some cases not all of it is removed and it just causes more minor problems in the long term.
 
Dont forget some virus hide in the system restore files and windows wont allow access there, so you have to turn system restore off then do the scan and switch it back on when done. That is if you havent done that already, worth a try anyhow.
 
Yeah mate done all that. Still giving me a headache.

I have tried numerous online scanners as well as Norton but all have failed to find the source of the problem. Looks like i need a fresh install :(
 
You must log in or register to reply here.
Back
Top Bottom