Mail programs hi-jacked

[Robin]

I'm using XP Home and I am in the UK. (This may be relevant to the
"at" / "hash" confusion below.)


I've been hit by what I presume is a trojan. I've run Panda Titanium
and will run Avast and AVG as well. Here are the symptoms still there:

My mail clients (Eudora and OE), both set up with multiple accounts,
have had
- all POPand SMTP servers replaced with 127.0.0.1
- @ in usernames containing a domain replaced with # ("at" replaced
with "hash")
- usernames with no domain have "hash" added where it should be "at"
followed by the pop server address

In the hosts file 127.0.0.1directs to "localhost"

It may or may not be relevant that my hard disk is churning when I am
not aware of any activity.

Can anyone help on this please?

TIA

Robin

 

[Geese_Hunter]

I'm using XP Home and I am in the UK. (This may be relevant to the
"at" / "hash" confusion below.)


I've been hit by what I presume is a trojan. I've run Panda Titanium
and will run Avast and AVG as well. Here are the symptoms still there:

My mail clients (Eudora and OE), both set up with multiple accounts,
have had
- all POPand SMTP servers replaced with 127.0.0.1
- @ in usernames containing a domain replaced with # ("at" replaced
with "hash")
- usernames with no domain have "hash" added where it should be "at"
followed by the pop server address

In the hosts file 127.0.0.1directs to "localhost"

It may or may not be relevant that my hard disk is churning when I am
not aware of any activity.

Can anyone help on this please?

TIA

Robin

Get the following programs & install, read the info about them, update & run
regularly

Spybot search & destroy
http://www.safer-networking.org/index.php?page=download
Ad-award http://www.lavasoftusa.com/software/adaware/

If you were only going to get & run 1, I'd get Spybot & run the immunize,
but Ad-aware will find traces that spybot doesn't

Hijack this - to remove hijacking http://mjc1.com/mirror/hjt/
Good Hijack tutorial http://hjt.wizardsofwebsites.com/

Easy Cleaner - helps clean your registry
http://www.sharewarejunkies.com/00zwd10/easycleaner.htm

But before you zap anything read & understand that you can cripple your
system if you aren't careful. If you don't do anything though your system
may become crippled.

Then look at a firewall program, to prevent that from happening.

 

[frans]

I'm using XP Home and I am in the UK. (This may be relevant to the
"at" / "hash" confusion below.)


I've been hit by what I presume is a trojan. I've run Panda Titanium
and will run Avast and AVG as well. Here are the symptoms still there:

My mail clients (Eudora and OE), both set up with multiple accounts,
have had
- all POPand SMTP servers replaced with 127.0.0.1
- @ in usernames containing a domain replaced with # ("at" replaced
with "hash")
- usernames with no domain have "hash" added where it should be "at"
followed by the pop server address

Looks typical for local POP / SMTP proxies as some av products (have)
use(d). If you are not aware of installing any av or antispam product,
someone may have done this for you.

Try the usual anti-spyware tools, as proposed. If that fails, start with
tcpview from sysinternals and to find out what process is listening on
tcp ports 110 en 25

In the hosts file 127.0.0.1directs to "localhost"

This is a normal value, don't know if it has to be there though.

It may or may not be relevant that my hard disk is churning when I am
not aware of any activity.

Maybe, maybe not. NT is always churning a little on it's ntfs disks it
seems. You can use the taskmanager or procexplorer from sysinternals to
see what processes are active, and what dll's and files they have open.

 

[Jari Lehtonen]

I've been hit by what I presume is a trojan. I've run Panda Titanium
and will run Avast and AVG as well. Here are the symptoms still there:

I bet it was some of those which marked your accounts like that. Older
versions of Norton did it too. Which av are you using now? And your
email works OK with those addresses? But try a anti-spyware program
too.

jari