I'm trying to get rid of a virus for a friend. They had no virus software and were connected to the net using ADSL. Recently they received notice from there provider that their account was sending out mass amounts of spam. I installed Nortons and nothing was detected. Trend Housecall and Mcafee also didn't detect anything (I tried it in safemode as well). But, now that Norton's is installed, everytime they have a connection to the net, Norton's detects a new outgoing mail messages containing porn messages and links. It seems to be working off a list of e-mail addresses starting from a-z, none of which are in the address book. Norton's doesn't recognize this as a virus, just as an outgoing e-mail to be scanned, and this thing is sending these e-mails faster than I can count. As soon as I unplug it from the wall it stops. There is never any record of these emails in my sent or delete box. Any advice would be appreciated.

What firewall did you install for them? Being on ADSL makes using either a hardware or software firewall esential. If they had a small business, both would offer the best security. Install any of the following free firewalls Sygate, Kerio, Zone Alarm or Outpost, then closely monitor the outgong program traffic requests, and deny access to any that you do not use.

Ok. Two options. If you want to solve this and forget about it follow answer 1. If you want to get to the bottom of this, read answer 2. ANSWER 1: reinstall windows with a complete disk format. Then, before you get on the Internet, enable the windows firewall (Start|Control Panel|Network...|Network Connections|Advanced|(check box)Enable...). You can install a different firewall if you want (kerio, zonealarm, etc). Get reliable virus scanning on the computer and disable Outlook express as default email client(uninstalling it in Control Panel Add/Remove Win Components). If you want, take it out of the registry. Also get Spybot Search and Destroy (http://security.kolla.de). Instruct your friend's to run virus and S+D once a month (update regularly - virus all the time). Have the firewall log running (see above, under settings), and watch for persistant connection requests (ICMP traffic from the same IP address). Configure the firewall to not answer the most common. For more security, call the ISP and ask for a new static IP (or convince the owners they do not need a static ip and have it dropped). ANSWER 2: If you are curious (since this is illegal spamming), set up a firewall and have it prompt you for any incoming/outgoing data. See what application is sending what to where. Now record that. Get off the internet and start phase two. Get a network sniffer and document all network traffic(www.webattack.com has some). Look at the IP addresses and record them (this is usually done automatically). Now, intercept some of the packets until you have what looks like a few emails. Send this information, with an explanation of what you have done, to your ISP. The ISP should be responsive and run with the information. Also, instruct your friends to never install software via Internet Explorer unless it is from a very reputable source (Microsoft, Apple, etc.).