unknown email outgoing

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
i notice that my anti-virus program came up and tells me that a e-mail
message is to be sent out. (firewall is set to only send when i allow it
to.)

the address to were the e-mail is to go is flosmanta.bellcom.cz

going to the site by ie. it tells me that i need a password to access.

is this another spyware program that i have on my system.



Re: unknown email outgoing


| i notice that my anti-virus program came up and tells me that a e-mail
| message is to be sent out. (firewall is set to only send when i allow it
| to.)
|
| the address to were the e-mail is to go is flosmanta.bellcom.cz
|
| going to the site by ie. it tells me that i need a password to access.
|
| is this another spyware program that i have on my system.
|


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: unknown email outgoing

what av are you using?


Re: unknown email outgoing

what anti-virus are you using?


Re: unknown email outgoing

i have avg free and avast free running on the system.
i also have outpost pro (firewall) that has anti-spyware included.

i had run scan with all three and found nothing.
then this morning, avg tells me that the file MswService.exe backup copy is
infected with the virus
Trojan hourse Dropper Generic FKM
stored in program files/common files/microsoft shared/temp/

auto quarantined the file.


Quoted text here. Click to load it



Re: unknown email outgoing


| i have avg free and avast free running on the system.
| i also have outpost pro (firewall) that has anti-spyware included.
|
| i had run scan with all three and found nothing.
| then this morning, avg tells me that the file MswService.exe backup copy is
| infected with the virus
| Trojan hourse Dropper Generic FKM
| stored in program files/common files/microsoft shared/temp/
|
| auto quarantined the file.
|



Please submit a sample of "MswService.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: unknown email outgoing


Quoted text here. Click to load it

i try to submit it by both methods (web and e-mail, web submition and
outlook express)
the files size comes up as zero. avg will not let me have access to it.


Quoted text here. Click to load it



Re: unknown email outgoing



|
| i try to submit it by both methods (web and e-mail, web submition and
| outlook express)
| the files size comes up as zero. avg will not let me have access to it.
|

The operating system has the file handle open and thus can't be scanned nor
deleted.

You can Kill the process by using software such as Process Explorer by
Sysinternals.
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Once the process is Killed you can then submit it for analysis.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: unknown email outgoing


Quoted text here. Click to load it

killed all anti-virus program. but the system would not allow access to the
file.
so, i boot the system in dos. copies the file on to floppy.
the system would not, still give me access to it.

waited for the program folding@home to finish.
wanted to try the new vista beta. so i wipe the hard drive and install
vista.

was able to submit it then.

results.
AntiVir             6.35.0.16        06.26.2006 TR/Drop.Microjoin.BR
Authentium          4.93.8           06.23.2006  no virus found
Avast               4.7.844.0        06.26.2006  no virus found
AVG                 386              06.26.2006 Dropper.Generic.FKM
BitDefender         7.2              06.26.2006 MemScan:Adware.WinAD.BV
CAT-QuickHeal       8.00             06.26.2006  no virus found
ClamAV              devel-20060426   06.26.2006  no virus found
DrWeb               4.33             06.26.2006 Adware.Winad.154
eTrust-InoculateIT  23.72.49         06.25.2006  no virus found
eTrust-Vet          12.6.2275        06.26.2006  no virus found
Ewido               3.5              06.26.2006 Dropper.Microjoin.br
Fortinet            2.77.0.0         06.26.2006 W32/Microjoin.BR!tr
F-Prot              3.16f            06.23.2006  no virus found
Ikarus              0.2.65.0         06.26.2006
Trojan-Dropper.Win32.Microjoin.br
Kaspersky           4.0.2.24         06.26.2006
Trojan-Dropper.Win32.Microjoin.br
McAfee              4793             06.26.2006  no virus found
Microsoft           1.1481           06.25.2006  no virus found
NOD32v2             1.1625           06.26.2006  no virus found
Norman              5.90.21          06.26.2006 W32/Microjoin.WV
Panda               9.0.0.4          06.26.2006  no virus found
Sophos              4.07.0           06.26.2006  no virus found
Symantec            8.0              06.26.2006  no virus found
TheHacker           5.9.8.165        06.26.2006 Trojan/Dropper.Microjoin.br
UNA                 1.83             06.26.2006
TrojanDropper.Win32.Microjoin
VBA32               3.11.0           06.26.2006
Trojan-Dropper.Win32.Microjoin.br
VirusBuster         4.3.7:9          06.25.2006 no virus found


Re: unknown email outgoing



| killed all anti-virus program. but the system would not allow access to the
| file.
| so, i boot the system in dos. copies the file on to floppy.
| the system would not, still give me access to it.
|
| waited for the program folding@home to finish.
| wanted to try the new vista beta. so i wipe the hard drive and install
| vista.
|
| was able to submit it then.
|
| results.
| AntiVir             6.35.0.16        06.26.2006 TR/Drop.Microjoin.BR
| Authentium          4.93.8           06.23.2006  no virus found
| Avast               4.7.844.0        06.26.2006  no virus found
| AVG                 386              06.26.2006 Dropper.Generic.FKM
| BitDefender         7.2              06.26.2006 MemScan:Adware.WinAD.BV
| CAT-QuickHeal       8.00             06.26.2006  no virus found
| ClamAV              devel-20060426   06.26.2006  no virus found
| DrWeb               4.33             06.26.2006 Adware.Winad.154
| eTrust-InoculateIT  23.72.49         06.25.2006  no virus found
| eTrust-Vet          12.6.2275        06.26.2006  no virus found
| Ewido               3.5              06.26.2006 Dropper.Microjoin.br
| Fortinet            2.77.0.0         06.26.2006 W32/Microjoin.BR!tr
| F-Prot              3.16f            06.23.2006  no virus found
| Ikarus              0.2.65.0         06.26.2006
| Trojan-Dropper.Win32.Microjoin.br
| Kaspersky           4.0.2.24         06.26.2006
| Trojan-Dropper.Win32.Microjoin.br
| McAfee              4793             06.26.2006  no virus found
| Microsoft           1.1481           06.25.2006  no virus found
| NOD32v2             1.1625           06.26.2006  no virus found
| Norman              5.90.21          06.26.2006 W32/Microjoin.WV
| Panda               9.0.0.4          06.26.2006  no virus found
| Sophos              4.07.0           06.26.2006  no virus found
| Symantec            8.0              06.26.2006  no virus found
| TheHacker           5.9.8.165        06.26.2006 Trojan/Dropper.Microjoin.br
| UNA                 1.83             06.26.2006
| TrojanDropper.Win32.Microjoin
| VBA32               3.11.0           06.26.2006
| Trojan-Dropper.Win32.Microjoin.br
| VirusBuster         4.3.7:9          06.25.2006 no virus found


Well if you drive is wiped then that's that !

However, I suggest submitting this infector in a password protected ZIP file
with the
password being;  infected  { password = infected } to the AV companies that did
NOT
recognize this infector.

The following web pages has numerous Anti Malware vendor submission addresses..
http://www.ik-cs.com/suspicious-files.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline