cancel
Showing results forΒ 
Search instead forΒ 
Did you mean:Β 

Email worm removal

Hi,

I've tried searching for this on AV websites and in your forums but can't seem to find anything. I have an email worm which keeps sending emails to everyone in my address book in my yahoo account from my email address. An example is the following:

Subject:
good afternoon. How are you doing?

Email:
Hi. VIP surprises)) [removed - unsafe link]

If anyone could help that would be great! πŸ™‚

Thanks,
Sarah
Labels (1)
Tags (3)
10 Replies
secured2k
Level 11
Report Inappropriate Content
Message 2 of 11

RE: Email worm removal

I found that your link has been reported by the Microsoft Screen filter to be a bad download site. It appears to try to download surprise.exe which is detected as TrojanDownloader:Win32/FakeRean or a possible variant. I will test this and see what more I can find.
secured2k
Level 11
Report Inappropriate Content
Message 3 of 11

RE: Email worm removal

The original link may or may not have anything to do with the worm that is emailing. This post is just for information about the surprise.exe file downloaded from the previous site mentioned (and removed).


It loads an iframe to a URL [trucoXXXXX01.com/ZZZZ/ZZZ/] which does not appear to have anything at this time. This could change based on the server status or exploit in a specific browser.

The download file [surpriXXXXXyou.com/Surprise.exe] attempted to install a new version of WinPC Defender [FakeAlert Scam Trojan] as well as a browser helper object (plugin). It does this by using the Microsoft BITS service to download additional malware.

It also disables The Windows Security Center alerts and hides their presence in the control panel.

The program will then try to show a video of some adult entertainment via flash player in your browser.

Another trojan download is attempted to run (McAfee/5301/5610: Generic Dropper.ew) possibly from the Win32/Meredrop family. This could installs other malware (Opachki) that starts with your computer and attempts to inject it's code into processes to protect itself and perform other questionable actions (I did not test further).
secured2k
Level 11
Report Inappropriate Content
Message 4 of 11

RE: Email worm removal

To help find out what is starting up with your computer, please download and run the following tool.
AutoRuns 9.5

When it loads, Press ESC to cancel the initial scan. Then go to the OPTIONS menu and select "Verify Code Signatures" AND "Hide Microsoft and Windows Entries".

Choose the FILE menu - > Refresh.

This will scan your computer's startup locations and list them. It is done when the lower left status bar says "Ready."

In the FILE menu, choose Export. Save the autoruns.txt file. Open this file and post the contents here. You might need to break the results file into pieces if the post is too long.

RE: Email worm removal

Many thanks for the prompt reply! Here goes - split them up as requested. Only got the laptop a week ago so not sure how this got on here 😞

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 9.0\reader\reader_sl.exe
+ Google Desktop Search Google Desktop (Verified) Google Inc c:\program files\google\google desktop search\googledesktop.exe
+ ISBMgr.exe (Verified) Sony Corporation c:\program files\sony\isb utility\isbmgr.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\program files\itunes\ituneshelper.exe
+ MarketingTools Marketing Tools (Not verified) Sony Corporation c:\program files\sony\marketing tools\marketingtools.exe
+ mcagent_exe McAfee Integrated Security Platform (Verified) McAfee, Inc. c:\program files\mcafee.com\agent\mcagent.exe
+ McENUI EasyNetwork User Interface (Verified) McAfee, Inc. c:\program files\mcafee\mhn\mcenui.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ Me&My VAIO Me&My VAIO (Not verified) Sony Corporation c:\program files\sony\me&my vaio\mamv.exe
+ NSUFloatingUI VAIO Smart Network (Not verified) Sony Corporation c:\program files\sony\network utility\lanutil.exe
+ Skype Skype (Verified) Skype Technologies SA c:\program files\skype\phone\skype.exe
+ swg GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ x-sdch Fast Search (Verified) Google Inc c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ sacore SiteAdvisor (Verified) McAfee, Inc. c:\program files\mcafee\siteadvisor\mcieplg.dll
+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\program files\common files\skype\skype4com.dll
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ McCtxMenu McAfee VirusScan - Context Menu (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcctxmnu.dll
+ RXDCExtSvr Roxio Creator Shell Extension (Verified) Sonic Solutions c:\program files\roxio\virtual drive 10\dc_shellext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ McCtxMenu McAfee VirusScan - Context Menu (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcctxmnu.dll
+ RXDCExtSvr Roxio Creator Shell Extension (Verified) Sonic Solutions c:\program files\roxio\virtual drive 10\dc_shellext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\program files\itunes\itunesminiplayer.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

RE: Email worm removal

+ Adobe PDF Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
+ Google Dictionary Compression sdch Fast Search (Verified) Google Inc c:\program files\google\google toolbar\component\fastsearch_a8904fb862bd9564.dll
+ Google Toolbar Helper Google Toolbar (Verified) Google Inc c:\program files\google\google toolbar\googletoolbar.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
+ Java(tm) Plug-In 2 SSV Helper Java(TM) Platform SE binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll
+ McAfee Phishing Filter (Verified) McAfee, Inc. c:\program files\mcafee\msk\mskapbho.dll
+ McAfee SiteAdvisor BHO SiteAdvisor (Verified) McAfee, Inc. c:\program files\mcafee\siteadvisor\mcieplg.dll
+ scriptproxy VSCore Script Scanner (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\scriptsn.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Google Toolbar Google Toolbar (Verified) Google Inc c:\program files\google\google toolbar\googletoolbar.dll
+ McAfee SiteAdvisor SiteAdvisor (Verified) McAfee, Inc. c:\program files\mcafee\siteadvisor\mcieplg.dll
Task Scheduler
+ \Apple\AppleSoftwareUpdate Apple Software Update (Verified) Apple Inc. c:\program files\apple software update\softwareupdate.exe
+ \SONY\Me&My VAIO\Me&My VAIO QLGuide (Not verified) Sony Corporation c:\program files\sony\me&my vaio\qlguide.exe
+ \SONY\VAIO Update\VAIO Update
+ \SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool VAIO Wallpaper Setting Tool (Verified) Sony Corporation c:\program files\sony\vaio wallpaper setting tool\vwset.exe
HKLM\System\CurrentControlSet\Services
+ 0111891241896039mcinstcleanup File not found: C:\Windows\TEMP\011189~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
+ ACDaemon ArcSoft Connect Service (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\connection service\bin\acservice.exe
+ Apple Mobile Device Provides the interface to Apple mobile devices. (Verified) Apple Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ Bonjour Service Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start. (Verified) Apple Inc. c:\program files\bonjour\mdnsresponder.exe
+ GoogleDesktopManager-092308-165331 Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly. (Verified) Google Inc c:\program files\google\google desktop search\googledesktop.exe
+ gusvc Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. (Verified) Google Inc c:\program files\google\common\google updater\googleupdaterservice.exe
+ iPod Service iPod hardware management services (Verified) Apple Inc. c:\program files\ipod\bin\ipodservice.exe
+ IviRegMgr InterVideo Register Manager (Verified) Intervideo, Inc. c:\program files\common files\intervideo\regmgr\iviregmgr.exe
+ McAfee SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor (Verified) McAfee, Inc. c:\program files\mcafee\siteadvisor\mcsacore.exe
+ mcmscsvc McAfee Services (Verified) McAfee, Inc. c:\program files\mcafee\msc\mcmscsvc.exe
Highlighted

RE: Email worm removal

+ McNASvc Allows McAfee applications to communicate securely on the local network. (Verified) McAfee, Inc. c:\program files\common files\mcafee\mna\mcnasvc.exe
+ McODS McAfee Scanner (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcods.exe
+ McProxy McAfee Proxy Service (Verified) McAfee, Inc. c:\program files\common files\mcafee\mcproxy\mcproxy.exe
+ McShield McAfee Real-time Scanner (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcshield.exe
+ McSysmon McAfee SystemGuards (Verified) McAfee, Inc. c:\program files\mcafee\virusscan\mcsysmon.exe
+ MpfService Helps protect your computer from intrusion and let's you manage your computer's trusted programs. (Verified) McAfee, Inc. c:\program files\mcafee\mpf\mpfsrv.exe
+ MSCSPTISRV MSCSPTISRV Module (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\mscsptisrv.exe
+ MSK80Service This service filters e-mail messages on your computer (Verified) McAfee, Inc. c:\program files\mcafee\msk\msksrver.exe
+ NSUService VAIO Smart Network (Not verified) Sony Corporation c:\program files\sony\network utility\nsuservice.exe
+ PACSPTISVR PACSPTISVR Module (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\pacsptisvr.exe
+ RtkAudioService To check external HDMI device availability, HDMI device audio capability and update HDMI device capability into audio control panel (Verified) Realtek Semiconductor Corp c:\windows\rtkaudioservice.exe
+ SOHCImp VAIO Media plus Content Importer (Verified) Sony Corporation c:\program files\sony\vaio media plus\sohcimp.exe
+ SOHDms VAIO Media plus Digital Media Server (Verified) Sony Corporation c:\program files\sony\vaio media plus\sohdms.exe
+ SOHDs VAIO Media plus Device Searcher (Verified) Sony Corporation c:\program files\sony\vaio media plus\sohds.exe
+ SPTISRV SPTISRV Module (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\sptisrv.exe
+ uCamMonitor Monitor the status of the webcam on PC startup. (Verified) ArcSoft, Inc. c:\program files\arcsoft\magic-i visual effects 2\ucammonitor.exe
+ VAIO Entertainment TV Device Arbitration Service Hardware Resource Manager (Not verified) Sony Corporation c:\program files\common files\sony shared\vaio entertainment platform\vzhardwareresourcemanager\vzhardwareresourcemanager\vzhardwareresourcemanager.exe
+ VAIO Event Service Provides the hardware event managing service for VAIO. During termination of this service, some fuctions such as Special button ,Hotkey ,and VAIO original powermanagement are limited. (Verified) Sony Corporation c:\program files\sony\vaio event service\vesmgr.exe
+ VAIO Power Management Provides power management service for VAIO. If this service is stopped or disabled, power management functions for VAIO will not be available. (Verified) Sony Corporation c:\program files\sony\vaio power management\spmservice.exe
+ VCFw VAIO Content Folder Watcher (Not verified) Sony Corporation c:\program files\common files\sony shared\vaio content folder watcher\vcfw.exe
+ VcmIAlzMgr VAIO Content Metadata Intelligent Analyzing Manager (Verified) Sony Corporation c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe
+ VcmXmlIfHelper VcmXml Helper Interface (Verified) Sony Corporation c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe
+ Vcsw VAIO Entertainment UPnP Client Adapter (Verified) Sony Corporation c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe
+ VzCdbSvc VAIO Entertainment Database Service (Not verified) Sony Corporation c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe
HKLM\System\CurrentControlSet\Services
+ DMICall Windows 2000 DMI Call Kernel Driver (Verified) Sony Corporation c:\windows\system32\drivers\dmicall.sys
+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys
+ mfeavfk Anti-Virus File System Filter Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfeavfk.sys
+ mfebopk Buffer Overflow Protection Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfebopk.sys
+ mfehidk Host Intrusion Detection Link Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfehidk.sys
+ mferkdk VSCore Code Analysis Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mferkdk.sys
+ mfesmfk System Monitor Filter Driver (Verified) McAfee, Inc. c:\windows\system32\drivers\mfesmfk.sys
+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys
+ regi regi driver (Verified) Intervideo, Inc. c:\windows\system32\drivers\regi.sys
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
+ VIDC.dvsd Video for Windows driver for DV (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\sonydv.dll
HKLM\Software\Classes\Filter
+ Sony MPEG2 TS Splitter Ex (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\tssplt_s.ax
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ ArcGetDataSample ArcGetDataSample (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcgetdatasample.ax
+ ArcPutDataSample ArcGetDataSample (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcputdatasample.ax
+ ArcSoft MPEG Audio Decoder ArcSoft Audio Decoder (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\mpgaudio.ax
+ ArcSoft Mpeg Encoder Filter (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcmpegcodec.ax
+ ArcSoft MPEG Splitter MPGSplitter Filter (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcspl.ax
+ ArcSoft MPEG Video Decoder ArcSoft Mpeg Video Decoder Filter (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\mpgvideo.ax
+ ArcSoft Null Render NULL Render (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcnullrender.ax
+ ArcSoft Realtime Capture Encoder Filter Arc Real time Capture Encoder Filter (Not verified) Arcsoft c:\program files\common files\arcsoft\mpeg engine\arccaptureencoder.ax
+ ArcSoft Time Stamp ArcSoft Time Stamp (Not verified) ArcSoft Inc. c:\program files\common files\arcsoft\mpeg engine\arctimestamp.ax
+ ArcSoft TimeShift2.0 Client Filter Timeshift2.0 Filter (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax
+ ArcSoft TimeShift2.0 Server Filter Timeshift2.0 Filter (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\timeshift2.ax
+ ArcSoft VideoEffect Arcsoft Video Effect Filter 1.0 (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcvideoeffect.ax
+ Arcsoft WMV/ASF Splitter ArcWmvSpl (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcwmvspl.ax
+ File Dump FileDump DLL (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\filedump.ax
+ InterVideo Audio Decoder IVIAUDIO LOGID.64662 (Verified) Intervideo, Inc. c:\program files\intervideo\common\bin\iviaudio.ax
+ InterVideo Video Decoder IVIVIDEO LOGID.64662 (Verified) Intervideo, Inc. c:\program files\intervideo\common\bin\ivivideo.ax
+ OMG TRANSFORM OmgTransform Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgtrans.ax
+ OmgDsee Filter c:\program files\common files\sony shared\openmg\omgdseefilter.ax

RE: Email worm removal

+ OmgGenericSrcFilter OmgGenericSrcFilter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omggenericsrcfilter.ax
+ OmgMP4Decoder2 OmgMP4Decoder2 (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgmp4decoder2.ax
+ OmgPushSrc OmgPushSrc (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgpushsrc.ax
+ OpenMG Async. File Source OpenMG Async. File Source (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\omgafs.ax
+ OpenMG Audio Decrypt OpenMG Decrypt Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgdec.ax
+ OpenMG OmgSource Filter OpenMG OmgSource Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgsrc.ax
+ Roxio Audio Source Filter Roxio Audio Source Filter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiosource.ax
+ Roxio Audio Stream Reader Filter Roxio Audio Stream Reader Filter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamreader.ax
+ Roxio Audio Stream Writer Filter Roxio Audio Stream Writer Filter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\sharedcom\rxdsaudiostreamwriter.ax
+ ROXIO LPCMSyncFilter LPCMSync Filter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\lpcmsyncfilter.dll
+ Roxio MPEG Analyzer Filter MPEG File Analyzer Dynamic Link Library (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\roxiompegprop.dll
+ Roxio MPEG Stream Analyzer Roxio MPEG Stream Splitter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\mpegstreamanalyzer.dll
+ Roxio MPEG1 Audio Encoder ROXIO MPEG Audio Encoder (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\roxioaudioenc.dll
+ Roxio MPEG1 Encoder ROXIO MPEG1 Codec (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\mpeg1vidcodec.dll
+ Roxio MPEG1 Muxer ROXIO MPEG MUXER (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\mpeg1muxer.dll
+ Roxio MPEG2 Demuxer ROXIO MPEG Demuxer (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\roxiompegdemuxer.dll
+ ROXIO Raw Writer ROXIO Raw Writer (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\mgirawwriter.dll
+ Roxio Repack Filter Repack Filter (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\repackfilter.dll
+ Roxio Transport Stream Source ListFrameSource (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\tsmpegsource.dll
+ SaEnvelope Sony Sa Envelope Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\omgsaenvelope.ax
+ SAL Input Converter SAL Input Converter Source Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\saliconv.ax
+ SAL Output Converter SAL Output Converter RendererFilter (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\saloconv.ax
+ Seamless Play Seamless-Play Filter (Sample) (Not verified) Sony Corporation c:\program files\common files\sony shared\openmg\seamlessfilter.ax
+ Snapshot Arcsoft Snapshot Filter 1.0 (Verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax
+ Sony Audio CD Source Filter OpenMG CdSource Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\cdsrc.ax
+ Sony AVC Decoder Sony AVC Decoder Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\sjvtdl.ax
+ SONY DV Video Decoder Sony DV Video Decoder (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\sdvvd.ax
+ Sony LPCM Decoder Sony LPCM Decode Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\slpcmd.ax
+ Sony MP4 File Source Sony MP4 File Source Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\mp4filesource.ax
+ Sony MPEG Audio Decoder Sony MPEG Audio Decoder (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\smad.ax
+ SONY MPEG Video Decoder Sony MPEG4 Video Decoder (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\sm4spvd.ax
+ SONY MPEG Video Decoder Sony MPEG Video Decoder (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\smvd.ax
+ Sony MPEG-TS Parser Sony MPEG Parser Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\smparse.ax
+ SonyMSAConv OpenMG Converter Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\sonycdsrcwriter.ax
+ SonyMSAConv OpenMG Converter Filter (Not verified) Sony Corporation c:\program files\common files\sony shared\avlib\sonymsaconverter3.ax
+ SubPicture Encoder ROXIO SubPicture Encoder (Verified) Sonic Solutions c:\program files\common files\roxio shared\10.0\mpeg\subpictenc.dll
+ VAIO Content Metadata Univ Filter DirectShow Filter for VCM Intelligent Analyzing Manager (Not verified) Sony Corporation c:\program files\sony\vcm intelligent analyzing manager\vcmsmplcapflt.ax
+ VaioAacDecFilter Sony MPEG4 AAC Decoder (Not verified) Sony Corporation c:\program files\common files\sony shared\videolib\saaclcd.ax
+ VcmIAlzGPDFilter VCM Intelligent Analyzing Manager GPD Library (Not verified) Sony Corporation c:\program files\sony\vcm intelligent analyzing manager\vcmialzgpdfilter.ax
+ Video MotionDetect Video motiondetect Filter (Sample) (Not verified) ArcSoft, Inc. c:\program files\common files\arcsoft\mpeg engine\motiondetect.ax
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Google Desktop (Not verified) Google c:\program files\google\google desktop search\googledesktopnetwork3.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ VESWinlogon VAIO Event Service (Winlogon Notification Module) (Not verified) Sony Corporation c:\windows\system32\veswinlogon.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider (Not verified) Apple Inc. c:\program files\bonjour\mdnsnsp.dll
secured2k
Level 11
Report Inappropriate Content
Message 9 of 11

RE: Email worm removal

I do not see any signs of a virus or worm starting up with your computer. Do you still have the problem? Keep in mind that any information in email including the source can be forged.

RE: Email worm removal

Thats good news then - i've tried changing my password to my email account so hopefully that'll stop the spamming. Sorry - should have probably tried that first.

Thanks for the help!

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community