1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

What kind of Virus/trojan is this ??

Discussion in 'Security and Privacy' started by 24jedi, 2004/06/17.

Thread Status:
Not open for further replies.
  1. 2004/06/17
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    Something has gotten into my system and tried to hijack my address book.
    The following is a short list of failed email attempts.
    I am receiving multiple "postmaster" and or mail delivery messages, saying this list of emails failed.
    The account names are accurate, but the domain name has been changed by whatever program is running.
    The OS is Win2k2
    Mail clinet is Outlook
    AV is NAV Corp 8.02
    I just need a direction to look for a solution.

    This is an automatically generated Delivery Status Notification.

    Delivery to the following recipients failed.

    support@dred.state.nh.us
    techdocs@dred.state.nh.us
    custserv@dred.state.nh.us
    Tec1@dred.state.nh.us
    nmtssupport@dred.state.nh.us
    ort@dred.state.nh.us
    ReMailer@dred.state.nh.us
    dragon@dred.state.nh.us
    BCC-Checked@dred.state.nh.us
    dmunyak@dred.state.nh.us
    bigyak@dred.state.nh.us
    daburke@dred.state.nh.us
     
    24jedi,
    #1
  2. 2004/06/17
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    Daizy,
    #2


  3. to hide this advert.

  4. 2004/06/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Possibly your address is being spoofed and you aren't infected at all. Maybe someone that has your address is infected. Scan with RAV and Housecall to make sure.

    Sorry Daizy, didn't see ya. :rolleyes:
     
    noahdfear,
    #3
  5. 2004/06/17
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    We've got to stop meeting like this! :D :p
     
    Daizy,
    #4
  6. 2004/06/18
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    Virus scanning...Running Norton AV with Latest Def's. Also went to Housecall, no viruses reported.

    Trojan's...installed and manually updated TrojanHunter. Ran this with no reports of trojans.

    While I did not run last night, I do have Lavasoft's Ad-Adware, which I do regularly run.

    Up until last night, I had two out of three covered PLUS I run a Cisco PIX-501 for my Router/Firewall.

    I am at a loss and need some direction :confused:
     
    24jedi,
    #5
  7. 2004/06/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    noahdfear,
    #6
  8. 2004/06/18
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    Looking back at this I may have confused you or been confused. I am at work now, so please bare with me (and my memory). I don't think I am dealing with a spoofed email. I think some worm or trojan has hijacked my email address book. Here's the timeline:

    I received an email form the postmaster @ dred.state.nh.us
    The email stated the following email attempts failed, listing the following accounts I supposedly emailed. The bold accounts I know are in my Outlook address book.

    support@dred.state.nh.us
    techdocs@dred.state.nh.us
    custserv@dred.state.nh.us
    Tec1@dred.state.nh.us
    nmtssupport@dred.state.nh.us
    ort@dred.state.nh.us
    ReMailer@dred.state.nh.us
    dragon@dred.state.nh.us
    BCC-Checked@dred.state.nh.us
    dmunyak@dred.state.nh.us
    bigyak@dred.state.nh.us
    daburke@dred.state.nh.us

    It appears that what ever got ahold of my email book, took the valid email account names from my address book and appended it to @dred.state.nh.us domain. If this were just one email notice, I would not have had issue with it, but received four other similiar postmaster notices.

    Also, I do not bulk email anyone.
    Have I made my question more clear or am I still confused ?
     
    24jedi,
    #7
  9. 2004/06/18
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    OK, lets have a look at things then. Download HijackThis from the CWShredder link in my signature. Place it in a permanent folder(I create a new folder in C:\ named HJT). Open and hit scan, then save log. Once it is saved it will open in notepad. Select all from the edit button, copy and paste the results here. Don't fix anything with it yet!

    In addition, Download this zip.

    http://tools.zerosrealm.com/pv.zip

    Please unzip it to the desktop. It will not work if you run it from inside the zip. After unzipping open the pv folder. Double click on the runme.bat. A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter. Notepad will open with a log in it. Please copy and paste the log into this post.

    Did you scan with RAV?
     
    noahdfear,
    #8
  10. 2004/06/24
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    Any updates 24jedi ?
     
    Daizy,
    #9
  11. 2004/06/26
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    I removed the test. see my last post
     
    Last edited: 2004/06/26
    24jedi,
    #10
  12. 2004/06/26
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    I removed this post. see my last post
     
    Last edited: 2004/06/26
    24jedi,
    #11
  13. 2004/06/26
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    I removed this text. See the last post
     
    Last edited: 2004/06/26
    24jedi,
    #12
  14. 2004/06/26
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    Sorry for the long post.

    Here is the complete status file I have posted at my website. Trying to post it here became a hassle due to it's length. Again I apologize.

    http://www.munyak.com/downloads/status.txt

    And thanks again for the help
     
    24jedi,
    #13
  15. 2004/06/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks like spoofing to me. Someone with your address is infected.
    No they couldn't. They are not legitimate addresses, which is why they were returned 'undeliverable'. Unfortunately, because whatever infected machine is generating the emails, they have your address as the sender (spoofed) and they get sent back to you.
     
    noahdfear,
    #14
  16. 2004/06/28
    24jedi Lifetime Subscription

    24jedi Well-Known Member Thread Starter

    Joined:
    2002/06/19
    Messages:
    186
    Likes Received:
    0
    noahdfear...Thanks
     
    24jedi,
    #15
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...