Mail Bot
Hi all. I first noticed this when Bitdefender (Internet Security 2008) was notifying that it was scanning outgoing mail, many times in succession! I know my email client was not sending. When I go to settings, antivirus, more statistics, it indicates many scanned emails and in the "last scanned email" it shows there is obvious spam email activity from my computer. If I go to firewall, activity, and look under "svchost", and expand "connections", there are many open connections on port 25, which are continually updating. My PC is obviously being used as a bot to send spam. Bitdefender has picked up nothing unusual. I gave Spybot a go and it also picks up nothing threatening. Any ideas?
Cheers, Fester
Comments
-
Please post a HijackThis/Startuplist log and a GMER log.
0 -
I have managed to stop the activity.
Did a Kaspersky online scan and it detected:
Infected Object Name Virus Name Last Action
[1344] winlogon.exe => C:\WINDOWS\system32\deskperf32.dll Infected: Trojan.Win32.Agent.dwg
I then renamed the DLL and re-booted.
Problem gone!
This line from the GMER log.
---- Processes - GMER 1.0.14 ----
Library C:\WINDOWS\system32\deskperf32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1260] 0x100000000 -
I have now installed a clean deskperf32.dll from a backup and have no issues now. BD cannot be picking up on that particular trojan??
0 -
Hello sir,
please attach the infected file in a password protected archive.
Thanks!0 -
Hello sir,
please attach the infected file in a password protected archive.
Thanks!
File attached. I added a Bak extension initially to prevent it loading to see if that was the problem, and it stopped the spam email activity. When I removed the Bak extension just to prove that was the cause the deskperf32.dll file disappeared on re-boot and a file called deskperf32.dll.bdren was generated and the activity started again! By adding a Bak extension to that file and re-booting the activity stopped again.0