Hijack suggested to post here

Hi Judy

I do believe you should, run ATF Cleaner and then Kaspersky on-line scan and post the log.

Is this from your ISP, or did you install postini filter?
The good thing is that it is working, stopping the spam from getting to your inbox that is what it is supposed to do
You could up the detection...
http://www.hostmysite.com/support/postini/adjustfilters/

The problem with spam is it's very hard to stop, that is what your filter is for...and it's working.

Never Ever reply to them.
See this...
http://www.cdt.org/speech/spam/030319spamreport.shtml

Do you ever get emails and there are like 20 emails listed at the top from people you don't even know?
That's one way spammers get email addresses.

When I forward a email, I delete all email addresses from the email I'm sending and I always use BCC to send the email to my contacts.

I also use more then 1 email address, one I use for friends and family only, the other when I register at web sites, if I start getting spammed bad, I open another email address with a different name....like Jjjre at windows.com I would change to
kcwx at windows.com

Geri

 

Reply to Geri

The Postini filter is provided to me by an ISP that I use for web pages and has my primary e-mail address.

I also have an sbcglobal.net address that is connected to the first address.

I do have the settings for Postini on the highest level.

I never reply to spam, and I never give out my email except when purchasing on a web site like Amazon or on my financial pages. I don't put my email on any public page.

I don't think I have seen addresses listed that I do not know - will keep my eyes open for that, and I try to always use bcc when I send out to more that one person --

I do have a "junk email address" but have not used lately- never had any messages from it.

Yesterday when I booted up for starting my work day, 2 viruses were found by Zone Alarm.
kazaalitegoop28 and
p2p-worm.win32.logpole.c

I did immediatley delete them, but was surprised that these were not found by my Kaspersky anti-virus.

======================

Webscanner log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 28, 2008 8:58:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/02/2008
Kaspersky Anti-Virus database records: 585791
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 81429
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:15:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\Judy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\History\History.IE5\MSHist012008022820080229\index.dat Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\Temp\~DF35C8.tmp Object is locked skipped
C:\Documents and Settings\Judy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Judy\ntuser.dat Object is locked skipped
C:\Documents and Settings\Judy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{12A9D9D3-E266-4903-BF15-FD5AA2E9FB3A}\RP368\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\TOSHIBA-USER5.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_120.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT014ba.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT014be.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
==============================
I notice some objects locked -- how did I do that and how to unlock ?

Thanks so much, Judy

 

Hi Judy
Your system is showing clean.
Scan Statistics:
Total number of scanned objects: 81429
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0

Have you ever had Kazaa installed on your computer? ever??

When ZoneAlaram caught this, did it say if it was incoming or outgoing?

I would suggest getting a hold of your ISP and seeing if they can do something about stopping the spam.

I would also suggest that you change you email address, I know this can be a pain, but somewhere along the line your email address has been targeted.

When I did a Google search for this...
kazaalitegoop28
I got one hit from one web site... (Do not go there)
helloballs.com/moneymanager
It is a "Exel Table of keywords for search"

It then redirected me to a site to sign up to win a free Toshiba lap top. very bad thing to do.

This is all spamming methods.
If your ISP can't put a stop to it, then I would change my email address.

As far as your system goes, it is free from infections.

That's about as far as I can take it, I wish I had better things to tell you but your email address has been picked up and there is no way for me to stop it.
So now it's up to your ISP or you.

Geri

 

Hi Geri,

I am sorry to be so long in answering, time flies !

Re: the Kazaa - I will find out the incoming/outgoing via ZoneAlarm.

Also, you said my system was clean,

it didn't matter if the webscanner was locked on so many files?

Have started to use SpamBayes program to filter spam. I think it is totally so excellent. Have you tried it ?

Will be a while when I can get back again, thanks for your replies and I thank you for your help.

Judy

 

Hi Judy

That's quite alright.

No that is common, they would have shown infected even though they show locked.

No, but from what I seen (Googled) it seems to have good reviews.

You're welcome, glad to have helped out.

Surf Safely.
Geri

 

Hi Geri,

In re-reading the thread of your excellent help, I realized that I did not answer your question re: Kazaa. It had to be incoming since I did not install the program.

Also, the excellent clean up programs you had me download --- I should run those frequently ??

Thanks again, Judy

 

Hi Judy

If you get the Kazaa warning again, because you did not install it make sure you have ZoneAlarm block it.
I also don't see Kazaa in your logs.

No, They should be deleted, combofix and all the other tools I asked you to download,
They are updated almost daily and old versions will do you no good and they can do harm to your system if ran without proper instructions.

So lets make clean up easy, please do this.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Click on the CleanUp Button.

Check to make sure ComboFix.exe and dss.exe are no longer on your desktop.
If they are delete them.

ATF Cleaner and HostsXPert you can keep.

How are things running?

Geri

 

I had just cleaned up my desktop and my inbox before I last replied to you. I had saved the clean-up programs you asked me to download during your investigation.

Thank heavens I did reply to you after so long so you could tell me to get rid of them.

Now they are deleted. -- combofix and dss.exe I deleted. Did not know about Deckard.

Only wonder if I should remove the Kaspersky on line scanner.

I saw the Deckard reference to be deleted in the list on OTMoveit2.

I don't think Jotti was ever on my desk top -- I think it was all done from her/his web page.

What else have I forgotten?

My system is running well and I am "training" Spam-Bayes. It is an excellent program. Now my time in having to look at all my emails to "find" the good among the bad has been cut down considerably since the Spam Bayes system works so well.

Do you ever review programs? You might like it for yourself.

Thanks again for all your help.

Do let me know if I forgot anything.

 

Hi Judy

You can if you want to.

Deckards should have been cleaned up by OTMoveIt2.

Sometimes, I'll keep it in mind if I ever need it. Thanks

Surf Safely.
Geri

 

Thanks, Geri, I should be OK now after all your excellent help.

 

Hi Judy
Glad to help out.

Surf Safely
Geri