?
Solved

Outlook Express Identity Login screen pops up

Posted on 2006-05-13
10
Medium Priority
?
734 Views
Last Modified: 2008-02-01
I have an XP Home system and I use Outlook Express 6 and I have 2 identities setup.  The problem is I'll be in a game or in Word and without requesting it, Outlook Express is starting up and the identity login screen pops up.  This can be very annoying, especially in the middle of a game and it dumps the game to switch to OE.  This is happening on a brand new load of XP Home.  Could it be tied to MS Messenger?

Thanks,
Mike
0
Comment
Question by:mtk4590
  • 5
  • 4
10 Comments
 
LVL 97

Assisted Solution

by:war1
war1 earned 2000 total points
ID: 16674484
Greetings, mtk4590 !

Something is trying to send mail.  Check for virus and mailware

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner

Spy Sweeper
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.


Best wishes!
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 16674633
Make sure Outlook Express is closed completely before gaming.  If you leave it running in the background it will check for new mail at regular intervals and once if it finds some you'll get this dialogue poping up infront of your game window.

war1 is right though if OE is closed there's probably something malicious trying to send unauthorised mail.
If nothing can be found using the tools suggested you could check what is trying to get out via your firewall settings

If you don't already have a third party firewall try ZoneAlarm (free version)
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload2.jsp
ZoneLabs are offering a free online scan on this page which you may find useful.

ZoneAlarm can be configured not to let anything out from your computer without checking with you first, it then learns what you want to allow and what to stop.  ZoneAlarm will tell you if a program tries to send email or if another program on your computer is trying to launch Outlook Express without your permission.
0
 

Author Comment

by:mtk4590
ID: 16694066
Thanks for the suggestions.  I ran Spy Sweeper, Ad-Aware, Spybot and hijack this and came up with zero spyware items.  Also ran Norton antivirus and that also came up with zero.  Could it have anything to do with the fact that I use a password protected identity?  I also have a client with the same setup and he also gets these random pop ups of outlook express and he has also checked for spyware.  Any other thoughts?
Thanks.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 97

Accepted Solution

by:
war1 earned 2000 total points
ID: 16694239
mtk4590,

You may have a rootkit.  Use Rootkit Revealer to find it
http://www.sysinternals.com/Utilities/RootkitRevealer.html
0
 

Author Comment

by:mtk4590
ID: 16705459
I ran rootkitreavealer and it found a pile of Temp internet files and a couple of Windows media files that were open when I ran the revealer.  I have deleted the temp files.
0
 
LVL 97

Expert Comment

by:war1
ID: 16705643
Can I look at the Rootkit Revealer log file?
0
 

Author Comment

by:mtk4590
ID: 16714140
Here is a copy of what root reveal found, this is the second time I ran it and I had removed the temp files and this is the result.  I also have to admit it hasn't happened in a couple of days and seems to be random.

C:\$AttrDef      5/12/2006 9:00 AM      2.50 KB      Hidden from Windows API.
C:\$BadClus      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$BadClus:$Bad      5/12/2006 9:00 AM      467.51 GB      Hidden from Windows API.
C:\$Bitmap      5/12/2006 9:00 AM      14.61 MB      Hidden from Windows API.
C:\$Boot      5/12/2006 9:00 AM      8.00 KB      Hidden from Windows API.
C:\$Extend      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$Extend\$ObjId      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$Extend\$Quota      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$Extend\$Reparse      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$LogFile      5/12/2006 9:00 AM      64.00 MB      Hidden from Windows API.
C:\$MFT      5/12/2006 9:00 AM      69.88 MB      Hidden from Windows API.
C:\$MFTMirr      5/12/2006 9:00 AM      4.00 KB      Hidden from Windows API.
C:\$Secure      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\$UpCase      5/12/2006 9:00 AM      128.00 KB      Hidden from Windows API.
C:\$Volume      5/12/2006 9:00 AM      0 bytes      Hidden from Windows API.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060518.017\vscanmsx.dat      5/18/2006 7:24 PM      2.02 KB      Hidden from Windows API.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0998NAV~.TMP      5/18/2006 7:26 PM      0 bytes      Hidden from Windows API.
0
 
LVL 97

Expert Comment

by:war1
ID: 16714842
The log looks OK.  Not sure why you have $ sign inside most of the directory item.  Maybe removing those Temp files have gotten rid of the rootkit.
0
 

Author Comment

by:mtk4590
ID: 16717712
It must have been a hidden piece of spyware, problem has not returned since cleaning up with Antispyware products and running the rootkit reveal program.  Thanks for sticking with me.
Mike
0
 
LVL 97

Expert Comment

by:war1
ID: 16719077
You are welcome, Mike!
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Tech giants such as Amazon and Google have sold Alexa and Echo to such an extent that they have become household names. And soon they are expected to be used by commoners in their homes, ordering takeout, picking out a song, answering trivia questio…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question