Hi Guys,
I’m hoping that you can help me with a problem I have with my PC.
It’s a Dell Dimension 8400 3.0 Gb machine with 500mb RAM running Windows XP home edition with service pack 2, Norton/Symantec anti virus security package, and Sbybot Search and destroy. The machine was shipped with software preloaded – I do not have system disks.
The 90 day free trial of Norton/Symantec was loaded on the expiry of a previous trial of Mcafee AV software.
A short while (maybe two to three weeks) after moving to Norton, I started getting lots (probably hundreds – I couldn’t close them down as fast as they were opening up)of pop-up messages showing email scanning messages and error messages purportedly returned via Symantec Email Proxy showing reasons for non-delivery of emails to numerous apparently random email accounts. These were certainly not addresses from my own email address books. Some of the email error messages showed Spamlike email message titles like *censored*, others appeared to be randomly generated characters.
I switched off the machine, updated the AV software, and ran a full scan with Norton and Spybot. Neither found any problems. I switched the machine back on, immediately Norton flagged up that Windows Automatic Updates and Auto Protect had been turned off. The pop-ups started again almost immediately. I reset the Windows Auto Updates and Auto Protect features back to on. The messages continued. Checking the windows Task manager revealed high CPU usage running at between 90 – 100%. Eventually I found that by ending the Symantec Proxy Email jobs running in the task manager stopped the pop-ups and brought the CPU usage down to a normal 10 – 15% figure.
Can anyone confirm that the lower CPU usage figure means that the spam emails have now been stopped from being sent out, or does this merely mean that because Symantec is no longer using any CPU resource now to check the outgoing messages and returning the error messages for the ones that are not deliverable the spam could still be going out.
I have rerun full scans on Norton and Spybot S+D and downloaded the active X Symantec Virus scans from their website. These have all revealed nothing. I reset all security features such as windows firewall and windows updates back to on and Norton’s email message checking and auto-protect and found that if I didn’t switch off the machine they stayed on with normal CPU usage. Switching the machine off and then back on seemed to disable the windows update and auto protect features.
I had reached the conclusion that if I kept the machine switched on and running with the features set the computer could not be used as a Zombie to send spam. Tonight though with all the security features still switched on the pop-ups started again and CPU usage went through the roof so obviously I was incorrect about this.
Am I right to conclude that some of my computer files have been changed by a virus, Trojan etc, or are these spam emails being initiated from a source outside my machine’s environment, being switched on by an external message. If my machine has a virus why does the AV s/w not reveal it. And most importantly what should I now be doing to correct the situation.
I have little technical knowledge about computers and feel very much out of my depth here. Any advice and guidance from you technical people on how best to overcome this would be gratefully received. Incidentally, I did try to use the Windows restore feature (thinking this would get me back to a pre problem position) but it could not restore despite trying several different dates.
Thanks in advance for your help.
