Windows Server - PC out of control, please help.

Asked By Sirius

12-Jul-07 08:16 PM

My friends PC keeps sending spam emails. We removed viruses, adware and
spyware with Norton, Spybot search and destroy, Xsoftspy. Firewall is on,
all up- to date. The spam does not goes out because Norton stops them, but
it just keeps trying to send them and the PC slows down to a halt. How do we
gain control back over it?

Thank you.

12-Jul-07 08:46 PM

You haven't removed all the pests on the computer.  Use the Task Manager
or go to Microsoft.com and download Process Explorer and see if you can
identify the running processes that might be responsible.

John

12-Jul-07 09:17 PM

I use Task Manager, but I do not know which process is the bad one.... How
can you tell.

12-Jul-07 09:45 PM

You have to research the process names on the internet.  Autoruns, which
can also be downloaded on the Microsoft site is another good utility
to help root out unwanted pests that are started when Windows is booted.
You may have to broaden your asrsenal of tools to find all the pests.
There is a resident virus/malware expert who regularly reads and posts
here, he should be by shortly to offer further help or advice.  Try his
page and see if you can get a bit further along with your efforts:
http://www.claymania.com/removal-trojan-adware.html  Also, these pests
are generally easier or may be easier to get rid of if you boot to
Safe-Mode.

John

15-Jul-07 12:40 PM

Sirius aka anyone@some.net on 7/12/2007 at 8:16:22 PM in
microsoft.public.win2000.general<qvzli.18125$qu5.893@trndny02> after
much thought,came up with this jewel:


go through removal instructions below

max
--
Virus Removal http://www.freespaces.com/maxwachtel/removal.html
Keep Clean http://www.freespaces.com/maxwachtel/keepingclean.html
Tools http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply by e-mail.

12-Jul-07 10:53 PM

Are you saying Norton is not very good? For the price they charger for
it....shame on them.

15-Jul-07 12:40 PM

Sirius on 7/12/2007 at 10:53:22 PM in
microsoft.public.win2000.general<COBli.10316$lY4.3304@trndny07> after
much thought,came up with this jewel:


No,what I am saying is not all AVs find everything,sooooo,
go through removal instructions below
post back with results.
max
--
Virus Removal http://www.freespaces.com/maxwachtel/removal.html
Keep Clean http://www.freespaces.com/maxwachtel/keepingclean.html
Tools http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply by e-mail.

13-Jul-07 12:36 PM

If all else fails, it may be time to reformat.  A real PITA but I've seen
some insidious malware be really good at cloaking itself and, what's more,
being buried in the registry so that it recreates itself upon startup even
if you do the service/executable.

13-Jul-07 11:11 PM

I was thinking about it....

13-Jul-07 11:13 PM

Thank you, much better.... However some corrupted files
happened I am not sure what to do about. If I do "repair installation", I
will lose the updates.

15-Jul-07 12:40 PM

Sirius aka anyone@some.net on 7/13/2007 at 11:13:07 PM in
microsoft.public.win2000.general<7bXli.1163$fP4.318@trndny07> after
much thought,came up with this jewel:


What files are corrupted now?
What is the exact error message?
What problem are you experiencing now?



--
Virus Removal http://www.freespaces.com/maxwachtel/removal.html
Keep Clean http://www.freespaces.com/maxwachtel/keepingclean.html
Tools http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply by e-mail.

14-Jul-07 10:55 AM

Problems with win update. .net framework update will either hang or say
"install failed" I assume windows update must be corrupted.....

15-Jul-07 12:40 PM

Sirius aka anyone@some.net on 7/14/2007 at 10:55:53 AM in
microsoft.public.win2000.general<Zt5mi.2547$yx4.2476@trndny08> after
much thought,came up with this jewel:


What was the exact error message? What is the MSKB number of the update?

--
Virus Removal http://www.freespaces.com/maxwachtel/removal.html
Keep Clean http://www.freespaces.com/maxwachtel/keepingclean.html
Tools http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply by e-mail.

14-Jul-07 11:55 PM

Kb886903. In installation history a red X.

15-Jul-07 12:40 PM

Sirius on 7/14/2007 at 11:55:05 PM in
microsoft.public.win2000.general<tUgmi.2665$Wh4.2564@trndny06> after
much thought,came up with this jewel:


Try downloading the update from Microsoft Download Center instead of
using Windows Update.


--
Virus Removal http://www.freespaces.com/maxwachtel/removal.html
Keep Clean http://www.freespaces.com/maxwachtel/keepingclean.html
Tools http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply by e-mail.

13-Sep-07 02:54 PM

This is a new one for me and may not address your issue but, being a "Newbie"
of sorts, I just received an error message while reading your post and its
driving me crazy because I've been getting spam, unwanted emails, and
everyday when I wake up to get on my system "Windows Vista Premimum ed." I
find my Firewall has been disabled. I'm not totaly ignorant regarding
computers but when I spoke to my ISP Tech the response regarding my firewall
was "I don't know why your firewall is turning itself off" I believe I'm
being "hacked"; Also, my ISP decided set up a pop 3 account" so my email
could be forwarded to that account. Only when I threatend to close my
account, was I abel to get through a technician. Previously no one ever got
back to me to let me know if my issues had been resolved so this a.m. I took
it upon myself to try and change the temp. password and user name for my
email account and was on the phone for abut an hour trying to get a new
password and user name and give the ISP back the temp passcode given the day
before. Needless to say I'm still having problems and am going banannas
trying to protect my system.

I apologize for this imposition in the middle of your problem but, I'm
desperate.
JR

13-Sep-07 10:11 PM

So what anti virus are you using?
Have you run Adaware, SpyBot and Windows Defender - all of these?

Your ISP is not someone who would usually give advice on a windows problem,
or PC infection, though the more helpfull ones would usually have
information on their web sites about 'internet security'
Lastly you have posted to a win2k group, but you are using Vista?