I’ve been having a million problems with my computer these past few days. Problems connecting, and staying connected, to the internet. A strange inability to properly shut down or restart the computer (forcing me to physically turn it off). I’ve done a million virus and spyware scans, but to no avail.
Today, a new problem cropped up. Avast started going berserk, alerting me to the fact that something is trying to send out a bunch of email. Clearly a virus or attack of some sort. I should mention that this was preceded by an Avast warning about a half hour earlier saying it had blocked a DCOM exploit attempt.
At any rate, I’ve done more virus and spyware scans, and still supposedly come up clean. I’ve tried doing using Trend Micro’s online scan, in the event that a virus is manipulating my AV software, but my connection problems aren’t cooperating.
Other information that might be helpful: two odd processes have started appearing within the last few days: 72exmodul32fi.exe and 26exinjs.t.exe. As I commonly do when seeing processes I don’t recognize, I did a search on the net to see if I could identify them and determine whether they’re signs of a virus, but come up empty handed. Of course, the first process mentioned definitely changes its name - varying the two-digit number in the beginning. I believe the other one does the same as well.
The subject line of the email is apparently “Cigna New”. Earlier, it was “Oversid New”. I thought those bits of information would help me in my quest, but also turn up nothing.
So, if meticulous scanning doesn’t identify my problem, is there any solution other than reformatting?
The first thing you need to do is tell use your OS and software for mail. Go to Zone Labs and get the free Zone Alarm software. Install it and set ot to notify you when any connection to the internet is requested and don’t check off the box that allways allows this program to access the internet. Only allow connections by the programs you know are to access the internet. Write down the file names that have been stopped by Zone Alarm. Make sure your anti virus is running and not being shutdown at some point by a malicious program. Set the anti-virus to scan all files and on read and write and set the software to run 50 or so layers into archived files. Do this for immediate scan and for the always active guardian scanner. Run with rights to access all files also not with a limited accounts where some files are hidden from you because they’re not for your user account. This high of a setting will bog down the computer and cause slow responses, but you fighting an infection and you can’t allow any files to be run without supervision at this point. I bet Zone Alarm will help you greatly. A company bought the original developer out a few years ago, but the developer was an expert and key to stopping stuff like wide spread denial of serve attacks and other stuff.
Sorry about that - I’m running XP Pro, with Outlook as my client. However, the mail doesn’t seem to be going through Outlook - the alerts come from the Internet Mail scanner as opposed to the Outlook/Exchange one.
… (Avast goes nuts)
It just updated my defs (for the second time today) and it looks like I have the Horst Trojan.
At least that answers that. Getting Zone Alarm now, though, thanks for the tip.
In my experience Avast is a bit jumpy with ‘potential virus detected’ It seems like it triggers anytime you get a email with some coding that has been known to be exploited in the past. It does not mean that a actual virus was detected.
In other words, if Active X in the past has been used to transmit a virus, then any email that has active x will be flagged as ‘potential virus detected’.
Again this is my experience with it, and it is overly simplified. As for Avast blocking attacks, it just shows that you need a firewall, your AV program is just stepping up to the plate for you, but it’s not it’s strong suit.
IMHO, an infected computer successfully scanning and cleaning itself of viruses has never worked. The best way I’ve found to make sure your hard drive is clean of viruses is to physically remove it and scan it on a known clean PC. That way no processes can be run from it that can potentially bypass the scans your own infected computer is trying to do.
Just use an antivirus boot disk or cd to start the system. It’s clean and you don’t need to remove the drive, and risk infection of a new computer.
I’m glad to hear it helped. Zone Alarm is a great firewall, especialy if you purchase the full version. It will let you know every program ever wanting access on your network or the internet.
Have you tried using System Restore? Start - Programs -Accessories - System Tools - System Restore. Usually works quite well for me (because I have a lot of restore points).
Also, if you can find those EXEs that are running that might help. The last time I had an infection that created randomly-named files, I found the directory they were in and ordered the directory by file date (pretty sure it was Windows\System32). I was able to tell right away which files were related to the offending EXEs by the creation date.
Most files in the Windows directory you can find by searching google. If you have doubts about what files you want to delete, look up the names. If you’re really scared about deleting files you can always back them up/rename them elsewhere.