"Internet Spy" Worm (Mail spam)?

Xitante
Xitante used Ask the Experts™
on
Hi there!

I'm having a huge problem on removing a worm called (I think) "Internet Spy". I already have the Worm Detector from KL Soft but this program only search for virus in the Outlook.

The particular thing about this virus (worm) is that it doesn't use the Outlook. It sends himself out of outlook and i know it because i'm having constant messages from Norton appearing everytime a mail is sent and everytime it is rejected by the the mail server.It also send mails to people that I don't have the mail address, it gets mail addresses from somewhere else...

Norton doesn't detect nothing and neither Worm Detector!

I need help on how to remove it please.

(It hasn't destroyed files, but it uses a lot of memory and internet bandwitch and creates a lot of spam)

My Info:
OS -> WinXP
Mail Program -> Outlook XP
Anti-Virus -> Norton 2003; Worm Detector

Thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
If you want firm removal and no forensic it is simple:

ReBuild the system from scratch. If one bug is eating it, maybe the bug did more to you and maybe other damage has happened. With all them doubts it is best to erase drive completely to restore your confidence. Nice side benefit is system is cleaner (temp files etc gone) and more compact (defragged).

However, you may not be in resolving of all problems if you not uncover what did it, if a problem at all. There is word of: "spoof" used many ways here. A message can come to you bearing content of other addresses, and/or your neighbor could have your name in their address book, and it is really your neighbor who is sending, using your name, probably not knowing. Then there is the relays and forwarders. In short, there might be another machine more in need of a diskwipe process than yours.
I would recommend that you do a ctrl+alt+delete and see what is actually running. Periodically it pays to kill off running processes to identify what they actually do. This will help identify the actual name of the program you're infected with and then allow you to isolate it on your disk and in your registry. Be careful to look when it is sending as this will help identify the rogue program.

Note this takes more time than just reinstalling from clean backups.

Nicholas Nanos
Chief Security Analyst Networth
nnanos@securethinking.net
SecureThinking
www.securethinking.net

"Where Information Security Evolves"

Commented:
Xitante,
Any progress to date?

> It hasn't destroyed files, but it uses a lot of memory and internet bandwitch and creates a lot of spam)

Where you have concern for outgoing bandwidth, do note that some personal firewall software can and will filter outgoing packets. Take ZoneAlarm, for example, which also has a free downloadable (not shareware) to advertise you purchase their other wares. While not great forensically, it can log some information that may help identify that which is trying to send IP from your machine.

Commented:
for spam, ensure you have not configured self to be a relay or forwarder, for that can be cause for ISP disconnect.
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts split between Nick_Nanos and SunBow.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial