help something is sending emails

dibbers

dibbers

Premium Member
Premium Member
Joined
May 18, 2005
Messages
11,797
Reaction score
1,387
Location
Ipswhich
ok guys,

Listen...this has freaked me out....lol

I have just re-installed zonealarm, i know i know, but i like it.

And...i just reset norton anti virus.....


help im sending loads of shit to people, this is no good as i have a vpn connection to work...


now i have just set up wingate and that and have 2 x cable modems running.

but dam look at these screen shots.....

i've noticed today that i have a constant light on you know the local connection light that you can have

listen, ran virus checkers and ran spy ware...


so what is casuing this ? is wingate virused to fook


wowpi6.jpg


wow2hq0.jpg


wow3ob3.jpg
 
Last edited:
Sort by date Sort by votes
hi all, thanks for the input.

So this is what i've done so far.

i have un-installed norton.

installed nod32, this has picked up NO viruses.

Ran cw shredder - nothing

ran house call, it found 2 or 3 and deleted them.

now when i deleted norton it also told me that it was going to delete the files that it had in quarintine, which it's done. maybe this is where the little bugger was hiding.


Witchy mate - yeah intsalled wingate from here.

I just have a question for that guy that posted that " it's just a simple setting" and he ain't posted any thing back.

Thing is if people like witchy is using it i'm sure he would know, reading on the net and that a few things about wingate poeple say that there are spammers out there that can use this to send mass spam out.

It also touches on proxies,
which you'll want to read up on if you don't know about them already. The
most commonly seen proxy is WinGate, which had a gaping security hole set
as the default. http://wingate.deerfield.com/support/ has a nice
searchable database about WinGate. WinGate 2.? was defaulted to accept and
process all incoming connection requests. There was a simple setting
change that kept people from being able to use you as an anonymous proxy.
Click to expand...


What you guys think? maybe a hijack this post?

cheers to all involved.......
 
Upvote 0 Downvote
when i have this disabled in wingate

socks.jpg


then i don't get any network activity going on.

socks1.jpg


How ever when i have these seletced

socks2.jpg


then i get activity all the time.

socks3.jpg
 
Upvote 0 Downvote
sounds to me that it is something which has hijacked Wingate rather than it being the other way round (if you know what i mean.) Obviously a loop hole which they have exploited.
Definite trojan of some sort.
 
Last edited:
Upvote 0 Downvote
i'm going to close all open ports that i have open in network connections and see if thats where the little blighters are getting in and using me as a proxy spammer.
 
Upvote 0 Downvote
oooooooooo thats like giving me a £10000 and then calling me up in a week and telling me that you gave it to the wrong person and you want £2000 back...lolol

Bloody heck that is clean.

I mean, there's nothing in there.

EDIT : Done still bloody loads

Do you think i should delete all the services that are running down the side of mine...

proxzz0.jpg
 
Last edited:
Upvote 0 Downvote
What exactly do you have on your network mate?

As you can see from my screenshot, the problem is not Wingate (atleast it's not the copy of wingate thats available on this site), did you perhaps use a crack from another site?
 
Upvote 0 Downvote
Gotta be virus or malware infection.

Same thing happened to me a load of years back with the lovebug virus, when my wee sister shut down my AV by mistake. Wasn't good as it started sending "I love you" messages to my best mates girlfriend who he just broke up with the week before.

Took some explaining!!
 
Upvote 0 Downvote
hahahaha that is one crazy email program!!!

run msconfig to see if you can see anything unusual. Unlplug your pc from the network, re-install anti-virus. If you have another pc with a updated antivirus program scan your hard drive on that because if you have a virus the chances are it will be stopping antvirus programs from seeing it.


Infact try safe mode and see if it still happens. If it doesnt then try scanning then =D
 
Upvote 0 Downvote
Hows it going.
Ok my advice..

go to http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx
and get process explorer. It will help you see what programs are running on your machine and what their CPU utlisation is.

When this emailer is running it will be utilising CPU and memory. If you can take a screenshot of the process explorer page and post it here I might be able to help a litlle.

Also nasties like this need to have some load point on the computer . Load points can include a registry run key or similar pointing to an exe.

Not to flame but Norton is actually pretty good program. I jsut wish it was less of a systme resource hog.
 
Upvote 0 Downvote
Ah I forgot.
Go to here
http://www.gmer.net/ and get gmer.zip and run it.

This program is a rootkit detector program. There is a rootkit tab but usually as soon as you run it, it will say whether a rootkit is installed on your computer.

I say this because some threats like Trojan.Peacomm. See link http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99

are spam mailing programs and run as rootkits. This is particularly nasty threat but it can be removed.
As you can probably gahter from my posts (or maybe not) I work in an Antivirus company and so have the pleasures of dealing with these every single day.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

roachieuk
Tech News Facebook Crosses The Line With New Facebook Messenger App
Replies
13
Views
3K
wiz569
wiz569
roachieuk
The Gentleperson’s Guide To Forum Spies
Replies
4
Views
1K
roachieuk
roachieuk
Exos
Talk Talk
Replies
14
Views
2K
elmoemo
E
Him Her
    • Like
  • Sticky
Guides and Info Getting Started with Networking
Replies
11
Views
12K
wenglishboy
wenglishboy
Fyobl
Guide to Operating Systems, Windows, Mac, Linux
Replies
0
Views
700
Fyobl
Fyobl
Back
Top