PDA

View Full Version : Outlook 2003



tjamie
2006-10-04, 10:03
Well here is a new twist, No one can find the issue

Recently my servers came under attack because I became a business threat to my competitors.

So with that I get over 300 to 400 hundred emails daily and have started banning emails

thats not the problem I cvan deal with jerks

I got some thing in an email I never open attachments and I still got hit.

When Outlook office 2003 get email now something is placing a locked copy in my root "sag.a sag.b sag.c sag.d sag.e sag.f sag.g sag.1 sag.2 sag.3 sag.4 sag.5 .............." and so on and so on to the tune of about 50 at a time

drag files to trash can empty trash access denied

restart I can empty the trash

this is what I have had to do to look in them

first reboot do not open outlook 2003 this will only lock them up

goto the root use not pad look in them

guess what they are copies of my emails

delete them

go back open out look again and it will happen again with new emails


Another one never detected by anyone was this one as well

I had an issue once before were a file injected an entry in my registry to do away with the password at logon

reg value change was autologon

since fixed this one

tashi
2006-10-04, 23:38
Hello.

Would you like someone to take a look at the System by providing a log?

If so let us know and instructions for posting will be provided.

Cheers.

tjamie
2006-10-05, 07:04
I have spent hours looking it, some one else might as well take a look at it.

I can normaly fix things with out any help at code level, this just has me pissed off now

tjamie
2006-10-05, 09:05
I have a HTL file with and without MSOLE running.

I still can not seem to see any thing wroung.

let me know were I can send these

any thing I did not identify I ran in the search engines and drew a blank

tashi
2006-10-05, 11:19
Hi

Please follow the instructions in this sticky topic to produce a HJT log:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the malware forum:
Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper take a look as soon as available.

Cheers.

tjamie
2006-10-07, 09:12
There is a slight problem I followed your direections, and have very little to send you.

Panda remote found nothing I have a screen shot. Super Green

NAV found nothing local or remote

Spybot found nothing, I already new this, MS PC Virus Support and MSO business Support had me run this before I came to this forum, found nothing then either.

Lavasoft found nothing other then historyand cookies I already new this

Pest Patrol found nothing other then cookies I already new this

Hijack this log ran <-- did not see any thing out of the ordenary, I do have the log for this.

Is there any thing I can run to get you more information to send you

all win upd installed

MSO Software Techs stumped on this one as well and waiting on a call from MSO R&D.

I believe this one is going to be a beast to find, I do not want to uninstall MSO, I want to find the cause and prevent it from happening again.

MSO thinks a Email came in with some code in the body and had some instructions, the MSO missed and this might be an expoit.

No atachements just some thing in the body MSO missed and passed to the registry file some how.

Are there any other thoughts I cold gather and send you, since there is so little information.

tashi
2006-10-07, 16:42
Unless you provide the HJT log (In the Malware Forum) for someone to take a look at the system, it would be all guesswork which I don't do. ;)

tashi
2006-10-08, 09:35
Topic is here:
http://forums.spybot.info/showthread.php?p=45608#post45608