[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Computer is trying to send out many many emails.  Norton System Works is providing a message:  "Your email message was unable to be sent because your mail server rejected the message"

Posted on 2006-07-19
8
Medium Priority
?
412 Views
Last Modified: 2013-12-04
I too am having an issue similar to the one posted on 7/13/06.  Symantec warning: "Your email message was unable to be sent because your mail server rejected the message".

There are a series of boxes which appear - each with a different number of out-going emails.  The other odd thing is that the internet is very active, and the network shows our computer is receiving information (we have no other updates or active downloads).

Some show 207, 1021, 68.  The numbers appear random.  These appear to beoutgoing emails to what seems random users are "trying to be sent out".  Many have a yahoo address.  Symantec appears to error-out with messages saying "Your email message was unable to be sent because your mail server rejected the message".

I am running Windows XP pro sp2 and my email client is MS Outlook Express.  I'm using 2006 Norton SystemWorks 2006 .  I am seeking a solution to find the cause of this bugger.

I've unstalled Norton System Works 2006 and reinstalled (thinking the NSW was compromised).  This did not resolve the issue.  

I've also loaded Microsoft's Defender (Beta 2) x86 and the Microsoft Windows Malicious Software Removal Tool (KB890830).  Both reported no errors of problems with our system.
0
Comment
Question by:jfolgert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 17142215
Please post the HJT log as follows:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

If you want to try something in addition, then get the free trial version of Ewido from http://www.ewido.net/ and scan your system (do the "Update" first to update the defs before scanning).
0
 

Author Comment

by:jfolgert
ID: 17142522
Thanks r-k

I spent the day researching options to get our system back to a stable state.  I could not find a great deal of explinations specific to the problem.

Thanks for your suggestions.

Through numerous tests, I found the problem to be the following:

PdPinch.b  trojan  (with 3 objects on the system), combined with the Avalon-Spammer trojan.

they have been removed and this appears to have solved the issue.  (4 hours strong, and still going).



Thank you

0
 
LVL 32

Expert Comment

by:r-k
ID: 17142541
That's great. You may want to run Ewido anyway, in case something got left behind.

Another good option at this point is to do an online scan at: http://safety.live.com/site/en-us/default.htm
It takes a while so do it when you have idle time for a couple of hours, but it's fairly complete.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 

Author Comment

by:jfolgert
ID: 17142862
Thanks for comments,

This was a frustrating issue.  I'll keep an eye on activity and report any issues if they arise again.   I tested a few trojan/virus seaching programs (did not try Ewido  yet (thanks  r-k !) nor the on-line link you provided - but hope to soon).  

The app. that found and apparently erraticated the issue was CounterSpy 1.5.  We'll see if the problem returns.  I'd like to find the source.  We exchange mapping / GIS data often. We also have Semantic / Norton System Works 2006 which did not find the issue.


Thank you

 

0
 
LVL 32

Expert Comment

by:r-k
ID: 17142897
"I'd like to find the source"

The most likely reason for such infections is one of the following:

(1) System not patched with latest Windows updates.
(2) Easy to hack passwords (avoid common names and dictionary words)
(3) Windows firewall not enabled
(4) Someone clicked on an email link or attachment
(5) Someone clicked on the wrong web pop-up.

I'm not too surprised Norton did not catch it, there are whole classes of malware it can't find. In addition to Norton, I would suggest installing Windows Defender on your XP workstations http://www.microsoft.com/athome/security/spyware/software/default.mspx It is free and quite effective against spyware/malware.
0
 

Expert Comment

by:mcdougp
ID: 17151110
My laptop had the exact virus.  The virus attaches itself to Norton's ccApp.exe rendering NAV useless (unless you turn off email scanning).  Uninstalling & re-installing NAV won't fix it and forget about Windows Defender as it won't detect it either.  The virus is actually classified as a Trojan (exact name I forgot) and was easily removed by downloading the 30 day trial of F-Secure http://www.f-secure.com/home_user/support_and_downloads/evaluations/

PS.  I became infected by executing a download from the P2P network (evil shit).  That's the risk you take ;^)

Hope I've been of some assistance...

Paul
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question