Thread: Can't send emails from ONE of the computers on the network(it's not a firewall issue)
View Single Post
Old 10-10-2009, 22:22   #13
webcrawler2050
Inactive
 
Join Date: Feb 2008
Location: Swindon
Services: TiVo 110MB BB Phone Line
Posts: 3,087
webcrawler2050 has reached the bronze age
webcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze agewebcrawler2050 has reached the bronze age
Send a message via MSN to webcrawler2050
Re: Can't send emails from ONE of the computers on the network(it's not a firewall is
Quote:
Originally Posted by Jawor View Post
Hello everyone,

Thanks again for helpful responses ! I managed to solve the problem, and it was more trivial than I thought.

First I tried telnet smtp connection, and it worked, so I knew it's not even connectivity issue(!).

220 mbhost.pl ESMTP Exim 4.69 Sat, 10 Oct 2009 22:37:28 +0200
helo mbhost.pl
250 mbhost.pl Hello Mod Edit [xx.xxx.xx.x]
mail from:jawor@xxxxxx.xxx
250 OK
rcpt to:xxx@gmail.com
250 Accepted
data
354 Enter message, ending with "." on a line by itself
this is a test email
.
250 OK id=1Mwii0-00069Z-Do

Email was delivered, so there was no problem with the connection!

Then I rescanned the laptop with Malwarebytes Anti-Malware, and removed all hidden spyware and malware. I don't know why my current antivirus program (ESET Smart Security) didn't find them out, but that's a different story.

I attach the log below, it found 9 files and few other traces of spyware, trojan horses etc. I just wonder which one of them was blocking my Outlook's and Thunderbird's SMTP connections.. damn. It was that simple!

Thanks a lot for help!

----------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2938
Windows 5.1.2600 Service Pack 3

10/10/2009 21:09:28
mbam-log-2009-10-10 (21-09-28).txt

Scan type: Quick Scan
Objects scanned: 107008
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\12365154 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\1ca87dfc.sys (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\temp\wpv261252249250.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\JaworJawor\Local Settings\temp\TMP8292.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12365154\12365154 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\12365154\pc12365154ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\JaworJawor\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv431250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv521251225613.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wpv751251946612.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Glad it's sorted!
webcrawler2050 is offline   Reply With Quote