500+ emails from Yahoo groups today

Hi all, I have a post on this in the Outlook Express forum, one of the responders suggested I run HijackThis and post it here with a description of what's happened up to date.

Last night, or early this morning I started receiving bundles and bundles of email from individual senders who apparently members of some Yahoo Group
with a subject line of "[techtv] and requests to be either added to or removed from the group. A copy of one of those emails is posted by me in the Outlook Express forum.

These people are complaining that they are receiving hundreds of emails and want to be deleted from the list. Some of them are pretty angry. Some server at Yahoo Groups been compromised??? Somebody got TechTV's subcription list???

My ISP basicially says tough, change email address or live with it.

As suggested in the other forum I created a message rule that deletes any email with [techtv] in the subject line. I just checked my emal and downloaded 34 messages, Outlook express message rule deleted 29 of them as they came in, so they are still coming.

I sent a feedback email to Yahoo on their groups site, I suspect they might read it in a couple of weeks and maybe do something but I doubt it.

To date I have run Norton AV, Spybot, Pest Patrol, Adaware, they come up empty.

Anyhow, as was suggested, here is the Hijackthis log:


Logfile of HijackThis v1.97.7
Scan saved at 3:23:48 PM, on 5/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\imapi.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Belkin Bulldog\upsd.exe
D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Martin\Desktop\Icons\Utilities\Security-Spyware Scans\HijackThis.exe

So, if anybody else knows anything about this problem or can help out in any way, please do. This is a big waste of resources for all in volved, plus all the bandwidth that must be being burned.

Martin

 

Hi Martin!

I saw the other post too. Thinking your address was spoofed (used as a senders address) for a bunch of spam. Not uncommon. Usually it's emails coming in as undeliverable, as if it was sent by you to a bad address. You may be the first victim I know of to be getting them this way. There may be something else going on though, so I'll be more than happy to check a HJT log, but the whole bottom half of the log is missing. You'll need to post it again.

 

Hi Dave: Good to hear from you. Copied and pasted HJT log, don't know what happened, here it is again, copied and pasted:

Logfile of HijackThis v1.97.7
Scan saved at 7:44:23 PM, on 5/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Say the Time\SayTime.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Say the Time\SayTime.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\imapi.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Belkin Bulldog\upsd.exe
D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob Martin\Desktop\Icons\Utilities\Security-Spyware Scans\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Researcher (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...ewer/index.php?display_img=athens_preolympics
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

Hope it is right this time.

Martin

 

Log looks great Martin. I usually fix these

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

and this one isn't necessary, but optional.

O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

It automatically checks for updates to the program. But I believe you can just open the program, click the ? at the top right to manually check for them and if none available, it will shut that down until you use the program again. If you fix the entry you'll never have to worry about it.

Nothing in the log to suggest problems.

 

Hey Dave, glad there is nothing in there to contribute to the email problem. Those browser helpers take me to a stock quote page, I know about them, I put them on machine,

**** puzzeling this email thing, if anything develops, I'll post.

Thanks for checking HJT log.

Martin

Off topic: how are the diapers going?

 

Browser helpers? Don't see any. They would be 02 BHO entries. Did you do some excludes on a scan before? I can't remember. Open HJT and click config>ignorelist. Did you click edit>select all then copy the saved scan, and then paste here?


Diapers at a standstill.

 

Martin, Just wait it out, Yahoo will make it stop, eventually. Your email addy just happened to be the one on top, so to speak. Who knows? Maybe all those other people are having this happen to them, too? Your log looks good, but you do have some unnecessary running processes, probably coming on at boot by default. You could tweak to make a lot of that come on when you're ready for it, but you know that.

Dave, What do you mean, "diapers at a standstill "? That never happened to me! What did I do wrong? As soon as I used a fresh one, the same person, or someone else, soiled one. Sometimes they'd wait to REALLY soil one after a fresh change. Life was a revolving circle of dirty diapers. Did you teach them to use a litterbox? Inquiring minds want to know! (When I get to be a grandma -20 years from now, I hope- I am not changing anyone. I am handing the offending child over to a parent. My diaper days are DUN!)

Johanna

 

LOL!! My wife started making all-in-one cloth diapers to sell, and since the arrival of the babies, there just isn't time or energy to pursue it right now. Too busy changing them to make any.

 

Hey Dave: Guess I don't know the diff between BHO and Home Page settings!

Yeah, the couple I opened and read were complaining of getting 500 or more emails. I think they have stopped though, Check again tomorrow, will post.


Babies? You got twins? Trips? More?

Martin

 

Johanna, I use "Start up Cop" from PC Mag utilities. Lets you choose what starts on next boot. I have several shortcuts created through that program for different start up configs. One for defrag and installs where nothing loads, one for browsing where mostly security loads and one for "everything ". One click restarts with preferred programs for intended use loading. I use the everything restart to run HJT and other security type scans.

I really like that utility. Beats the heck out of msconfig. They also have Start up Cop Pro, it will stop those programs that keep resetting themselves to start on boot.

They do not have any programs that change diapers.

 

As I remember it, Dave has a baseball team with a couple or three left over for subs or coaches or whatevere. They just need a few more years.

I really don't understand folks that have that many kids either. I stopped at a very reasonable nine.

 

Well, Johanna was right again. The flood of emails has stopped, I can only hope it is permanent and whoever started that mess should find religion or get a life.

And, I thought my 6 was a lot. When I was in grammer school, one of my classmates was one of 14. Whew! That is really pushing it. Kids from 3rd grade through college. Some grades had 2 from that family and every grade through high school had at least one.

Martin

 

Glad it stopped.

I can remember the fun I had (well, not really fun) one year at the high school open house. You know the sort of thing where they do 15 minute class schedules and you are supposed to go to all your child's classes and at least let the teacher know you are a concerned, involved parent.

Wife was sick and we had 3 in the school at that time. I managed to make all three classes each session but I was ready to drop by the end of the evening.

They had students at each intersection and at intervals down the hallways and I would shout a request for directions to the next classroom while walking as fast as I could.

I am so very thankful that my youngest is 25.

 

Yeah, I know what you mean. Mine were all grown and gone, then I got remarried and had two more. Now have 6, youngest @ 10, oldest @49. Been parenting 2/3 of my life. 14 year old son has been going through puberty (1/2 boy, 1/2 man) while wife going through change. There are days when....................(can't be put into words)

Martin