Question on virus

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

1st how do you know it's trying to send 100's of emails... just trying to verify that that is the problem you are having....

 

2nd the next think that i would do myself is to open task manager (shift-ctrl-esc) and switch to the Processes tab. then sort the list by CPU percentage by clicking the CPU column heading, might have to click it twice I can't remeber which it goes to first ascending to decending or decending to ascending.... at any rate you want the numbers decending, so the big numbers are at the top of the list...  now switch on the network and watch the process list.  get the name of the process the sucks up the CPU time.

 

next do that exact same thing over again, but with the memory column sorted with the high numbers on top....

 

once you get one or more suspect process names come back here and tell us what they are.......

thanks for the reply.

 

First, how I knew 100's of e-mails were being sent.

Norton was blocking them from being sent so it was showing each out-going e-mail scan as a failure along with the subject line or it could have been the body of the e-mail.  The subject/body of the e-mail basically said along with a different to address "great deal on Viagra pills" . This is abit funny(just a bit), even though i dropped the f bomb a couple of times. 

 

In the last few hours, both Norton and webroot recognized what it was. Hacktool - in WINNT\System32\cbOCR.DLL.

Right after both webroot and Norton both said to reboot to delete the file properly i checked the WINNT directory and it was not there.

However it seemed to want to start sending e-mails again but it stopped after the first attempt to send an outgoing e-mail this time.

So.....

 

After researching a bit I am now running a full system scan in safe mode to verify it is not there or it can be deleted finally.

Not sure if this nasty thing attempts to "rebuild" itself or webroot and/or Nortonis atleast able to some what block it.

 

I'm not sure what will come of this, the safe mode scan is running now.

Do you have any idea how long  cbOCR.DLL has been present? The company name responsible is TODO. If this is a recent occurance, you might simply try "system restore" and go back a couple dates that won't effect the rest of your data, etc.

You can then update your defs and run a full scan to be sure.  Good luck..