We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Chinese Spam
penrhyn
Posts: 15,215 Forumite
in Techie Stuff
I'm getting loads of Chinese spam coming into my gmail account, anyone else noticed an increase in this lately.
PS I know its Chinese as the characters are like this:
金钱救星不想要更多发送同样的消息到多个新闻组 !
PS I know its Chinese as the characters are like this:
金钱救星不想要更多发送同样的消息到多个新闻组 !
That gum you like is coming back in style.
0
Comments
-
Chinese malware has been around since about September of last year. I don't know why it's appearing in your gmail like that but, to try and ensure your computer doesn't have any of this actually installed, try this ...
1. Download this Combofix from here ...
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double click on combofix.exe & follow the prompts.
3. When finished it will produce a log for you. Post that log in your next reply. We'll have a look at it.
Note >> Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Please also update us on how the computer is running now.
PCH0 -
PC is a bit slow to boot up otherwise its OK:
...anyway here is the combofix log
"Owner" - 07-03-28 15:01:12 Service Pack 2
ComboFix 07-03-27.4 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-28 ))))))))))))))))))))))))))))))))))
2007-03-22 14:43 <DIR> d
C:\Program Files\Office Backup
2007-03-22 14:43 <DIR> d
C:\DOCUME~1\Owner\Application Data\Novosoft
2007-03-19 13:28 <DIR> d
C:\DOCUME~1\Owner\Application Data\Locktime
2007-03-19 13:23 <DIR> d
C:\DOCUME~1\ALLUSE~1\Application Data\Locktime
2007-03-17 11:51 <DIR> d
C:\Program Files\iTunes
2007-03-17 11:51 <DIR> d
C:\Program Files\iPod
2007-03-17 11:49 <DIR> d
C:\Program Files\QuickTime
2007-03-17 11:48 <DIR> d
C:\Program Files\Apple Software Update
2007-03-08 12:32 <DIR> d
C:\DOCUME~1\Owner\Application Data\MyFamily.com
2007-03-08 12:31 <DIR> d
C:\Program Files\Family Tree Maker 2006
2007-03-06 18:02 149,248 --a
C:\WINDOWS\system32\RegCompact.dll
2007-03-06 18:02 <DIR> d
C:\Program Files\AMUST
2007-03-05 15:52 <DIR> d
C:\Program Files\Hijack This
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-28 09:44
d-a
C:\Program Files\Common Files\symantec shared
2007-03-22 14:43
d
C:\Documents and Settings\Owner\Application Data\novosoft
2007-03-19 13:28
d
C:\Documents and Settings\Owner\Application Data\locktime
2007-03-15 10:30
d
C:\Program Files\norton internet security
2007-03-08 12:32
d
C:\Documents and Settings\Owner\Application Data\myfamily.com
2007-03-08 12:31
d--h
C:\Program Files\installshield installation information
2007-03-05 14:09
d
C:\Program Files\norton systemworks
2007-03-04 10:39
d
C:\Program Files\routerstats
2007-02-27 09:22
d
C:\Program Files\java
2007-02-24 11:32
d
C:\Program Files\mossywell
2007-02-22 20:31
d
C:\Program Files\autoruns
2007-02-16 10:23 1435
C:\Documents and Settings\Owner\Application Data\hpcom_48bitscanupdate.log
2007-02-16 10:23
d
C:\Program Files\hp
2007-02-15 16:46 20458 --a
C:\WINDOWS\hpoins01.dat
2007-02-08 12:41 48776 --a
C:\WINDOWS\system32\s32evnt1.dll
2007-02-08 12:41 115000 --a
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-08 12:41
d-a
C:\Program Files\symantec
2007-02-06 18:20
d
C:\Program Files\netgear
2007-02-06 12:50 21035 --a
C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-03 16:03
d
C:\Program Files\picasa2
2007-02-02 12:19
d
C:\Program Files\udpixel
2007-02-02 01:48
d
C:\Program Files\google
2007-01-08 20:01 17408 --a
C:\WINDOWS\system32\corpol.dll
2007-01-06 22:40 6
C:\Documents and Settings\Owner\Application Data\dm.ini
2007-01-06 22:40 1933
C:\Documents and Settings\Owner\Application Data\adobedlm.log
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Office Backup 2.2"="C:\\Program Files\\Office Backup\\obagent.exe -logon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"ATIModeChange"="Ati2mdxx.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"MaxtorOneTouch"="C:\\PROGRA~1\\Maxtor\\OneTouch\\Utils\\OneTouch.exe"
"MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!!0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlcxMonitor"="ALCXMNTR.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"WCOLOREAL"="\"C:\\Program Files\\Coloreal\\coloreal.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"!!57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"!!091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1076706664.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1103125713.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1171554373.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F46C2155-EE81-4BB9-B84B-7445BDB1C63A}.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-03-28 15:04:02
and thanks in anticipation.That gum you like is coming back in style.0 -
I found this on another site that might be useful to get rid of spam in GMAIL
If you are fed up seeing the spam count (assuming you are getting any) and having to go in and delete them here is a little work round.
In gmail click on settings then filters then create a new filter. In the box that says 'has the words' type is:spam ,then click on next step. You will get an error message but ignore it and press OK. On the next page put a tick in 'Delete it' and a tick in Also apply filter to x conversations below (that will only show up if you have any spam in the folder). Then click on create filter. Job done, emails identified as spam will now automatically go into the trash folder and as that doesn't have a counter won't show up.
The above worked for me, now I don't have to delete messages in the spam folder. HTH. AlanEvery day when I wake up I thank the Lord I'm WELSH. .0 -
Morning penrhyn
Good advice there from Alan. I don't use gmail but, on checking with others, it seems Alan's advice may help you.
The Combofix log is clean of malware.
Your slowness may be due to a large number of applications & running processes. I see you appear to be using picture/imaging programs and similar. Those can be notorious for using RAM & resources in general. You could download Process Explorer (free) here ...
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx
Install it and play with it. The program is easy to use and gives you more information than Task Manager about what's running on your system.
There may be things running on your system that are unnescessary and which you could disable.You can use PE to suspend/disable/restart processes easily.
Of course this is only one thought. There may be other reasons why your system is slow. Perhaps a disk cleanup would help or running Ccleaner to remove temporary data.
Hope this helps but do say if you'd like more pointers.
PCH0 -
Thanks for the info, I use ccleaner regularly and have recently defragged the HDD.
I've created the gmail filter and it works a treat, thanks Alan, I'll have a go with the process explorer as you suggest.
Cheers.That gum you like is coming back in style.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.6K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards