overdunn
asked on
resume.zip mass email
My client opened a file that was emailed from craigslist that was named resume.zip. Now it is attempting to send many many emails and my Symantec corporate av is stopping them from being sent but I cant stop or find the process that is running it. Went to the symantec site and found little help. Did a scan in safe mode and nothing found nor can I find the registry entries they say should be removed. Windows Xp pro machine and only web based email client. Any Ideas?
I would try running a different virus scanner or perhaps a spyware scanner on the machine too.
No anti-virus is 100% efficient.
Additionally I would look into implementing a strong spam filter if you dont have one already.
We use Surfcontrol which is frequently updated to catch anything suspicious.
No anti-virus is 100% efficient.
Additionally I would look into implementing a strong spam filter if you dont have one already.
We use Surfcontrol which is frequently updated to catch anything suspicious.
Possible causes:
http://www.sophos.com/virusinfo/analyses/w32wurmarkj.html
http://www.avira.com/en/threats/section/fulldetails/id_vir/1230/worm_eyeveg.k.html
http://www.f-secure.com/v-descs/eyeveg-f.shtml
Hope you find this helpful!
Cheers
http://www.sophos.com/virusinfo/analyses/w32wurmarkj.html
http://www.avira.com/en/threats/section/fulldetails/id_vir/1230/worm_eyeveg.k.html
http://www.f-secure.com/v-descs/eyeveg-f.shtml
Hope you find this helpful!
Cheers
ASKER
Ran Trend Micro scans and nothing was found. Ran msconfig and disabled some startup items. wmupdate.exe seemed to be the process that was causing the issue. Thanks
Windows media player update normally uses that file but again it could be a anything disguising itself as the windows media player update.
I hope that everything is sorted now.
FB
I hope that everything is sorted now.
FB
ASKER
It is all good now. Thanks for the help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can get it here: http://www.trendmicro.com/ftp/products/tsc/cpr/sysclean.com (save this to a folder on their C: drive)
Make sure you download the latest test/beta release and the latest test/beta release of the their signature file (http://www.trendmicro.com/ftp/products/pattern/cpr/lpt742.zip)
Put them in the same directory and then run the SysClean.com file. Make sure you select the option to REMOVE things it finds otherwise it's only read-only.
Best of luck!