Thanks for the tip, Nick. I left my computer off last night and sure enough when I turned it on, the emails were sent.
I ran Combofix and it found a couple possible items that it deleted. It also deleted my known copy of blat.exe. The emails are still sending from the original harvest and not from my current email address book, so I'm guessing that the password change stopped that. Time will tell tomorrow if any more go out. I have port 25 blocked on my router now, does anyone else know what other ports spam bots are sending out of? Zonealarm isn't picking up any activity going out, so the whole thing is really strange. --- On Fri, 1/8/10, Nicholas Geti <[email protected]> wrote: > From: Nicholas Geti <[email protected]> > Subject: Re: [NF] An email was sent using my yahoo address book, but no virus > found. > To: "ProFox Email List" <[email protected]> > Date: Friday, January 8, 2010, 10:12 PM > So does combofix but it gets all of > them. I have 400 to 500 clients that > have come in for computer repairs. In the past three years > only two came in > and had Kasparky installed. They were infected. Combofix > found the rootkits > and restored the PCs. I don't recall the specific rootkit > names; they change > names every day anyway so it doesn't matter. > > I think they started as rogue programs which are not > blocked by any > antivirus. > > ----- Original Message ----- > From: "Stephen Russell" <[email protected]> > To: "ProFox Email List" <[email protected]> > Sent: Friday, January 08, 2010 1:23 PM > Subject: Re: [NF] An email was sent using my yahoo address > book, but no > virus found. > > > > On Fri, Jan 8, 2010 at 12:02 PM, Nicholas Geti <[email protected]> > > wrote: > >> Too bad Kaspersky doesn't brag about the viruses > it misses. > > --------------------------------------- > > > > OK, what virus intrusions are you talking about? > > > > It finds rootkits, it finds keyloggers, it finds crud > in html in > > inbound email, as well as crud in attachments. > > > > > > > > -- > > Stephen Russell > > Sr. Production Systems Programmer > > SQL Server DBA > > Web and Winform Development > > Independent Contractor > > Memphis TN > > > > 901.246-0159 > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
