Sober/Beagle infection and Outlook Spam problem

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am working on a friends laptop after reports of huge amounts of
incoming spam.  I have confirmed that this machine was infected with
the w32.Beagle.Cl@mm and W32.Sober.X@mm viruses.  They  have both been
cleaned with Norton AntiVirus and I have confirmed this by looking for
the registry keys these add and they are no longer there.  Here's where
my question comes in.  When I check this persons email with Outlook
2003 I get huge amounts of spam coming in to the inbox.  After it
downloads 200 or so messages with the bulk of them identical, I then do
another send/recieve and it starts to download 162 new junk messages
with just about all of them the same identical message.  I have
confirmed that this behaviour DOES NOT ocurr on another unifected
machine.  So it's not pulling these multiple identical junk messages
from their usual SMTP server.  It's as if it's coming from another mail
server that I can't identify.

Can anyone shed any light on what is going on here?
BTW, I've also run CA Pest Patrol and it cleaned up 50 or so spyware


Re: Sober/Beagle infection and Outlook Spam problem AKA Tom  Jubb on 1/26/2006 in
thought,came up with this jewel:

Quoted text here. Click to load it

Before going any further,you should make backups of any important files.
Next go through all instructions here to make sure the system is clean-
Virus Removal Instructions: /

Keeping Windows Clean:
Windows Help:
Specific Fixes:
Forums for HiJackThis Logs:
To reply by e-mail change to is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

Re: Sober/Beagle infection and Outlook Spam problem

On Jan 26, 2006, Tom  Jubb wrote:
Quoted text here. Click to load it

Is there a Web front-end to your friend's e-mail?  This would give you a more
direct look into what's really in the inbox.  If the inbox is only a few
messages ... well, how they [spammers] can pull this off, I don't know.

Site Timeline