Hi guys, hope somebody here can help me (please... pretty please...)

Short story is this:
Had a friend's computer that got infected with Navipromo Rootkit, went
to CastleCops and downloaded Navilog1 removal tool.
Removed the Rootkit and re-scanned to make sure it was gone. Also
scanned using f-secure's stand-alone Blacklight Rootkit Revealer.
According to the results all traces of the Navipromo Rootkit are now
gone. Windows Defender has reported no other adware or spyware and a
scan using Adaware 2007 has so far turned up nothing.

However... before this infection Outlook Express launched in around 6
to 10 seconds, even with a reasonably populated inbox. Following the
removal of the rootkit, when I went to fetch some mail several hours
later, Outlook Express very suddenly took around 30 to 40 seconds to
launch. Very sudden slow-down, not gradual over time.

I performed a few of the usual things, deleted the entire inbox, sent
items and deleted items folder, compacted the store folder, deleted
any headers etc... still no change.

I then created a new identity and completely removed the old one
complete with message folders (I purposely did notimiport the old
inbox, just left it as a clean new identity just in case)... no
change.

I downloaded and re-installed the IE7/OE6 package directly from
Microsoft, hoping that this would repair any damaged files/dlls etc...
no change.

My concern here is that the rootkit has caused some mischief or damage
to Outlook Express, or that something is interfering or monitoring
Outlook Express and that the emails are no longer secure. My friend
now wants me to restore his entire machine if this is the case.

If anybody could clarify this sudden delay when launching, whether you
think it is down to the rootkit or just plain and simply a corrupted
file or registry entry somewhere, I would be extremely grateful.

tia
Regards
J

I suspect you have much more to do. Run a /thorough/ check for hijackware,
including posting your hijackthis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org


J Manderley wrote:
Hi guys, hope somebody here can help me (please... pretty please...)

Short story is this:
Had a friend's computer that got infected with Navipromo Rootkit, went
to CastleCops and downloaded Navilog1 removal tool.
Removed the Rootkit and re-scanned to make sure it was gone. Also
scanned using f-secure's stand-alone Blacklight Rootkit Revealer.
According to the results all traces of the Navipromo Rootkit are now
gone. Windows Defender has reported no other adware or spyware and a
scan using Adaware 2007 has so far turned up nothing.

However... before this infection Outlook Express launched in around 6
to 10 seconds, even with a reasonably populated inbox. Following the
removal of the rootkit, when I went to fetch some mail several hours
later, Outlook Express very suddenly took around 30 to 40 seconds to
launch. Very sudden slow-down, not gradual over time.

I performed a few of the usual things, deleted the entire inbox, sent
items and deleted items folder, compacted the store folder, deleted
any headers etc... still no change.

I then created a new identity and completely removed the old one
complete with message folders (I purposely did notimiport the old
inbox, just left it as a clean new identity just in case)... no
change.

I downloaded and re-installed the IE7/OE6 package directly from
Microsoft, hoping that this would repair any damaged files/dlls etc...
no change.

My concern here is that the rootkit has caused some mischief or damage
to Outlook Express, or that something is interfering or monitoring
Outlook Express and that the emails are no longer secure. My friend
now wants me to restore his entire machine if this is the case.

If anybody could clarify this sudden delay when launching, whether you
think it is down to the rootkit or just plain and simply a corrupted
file or registry entry somewhere, I would be extremely grateful.

tia
Regards
J

"J Manderley" wrote in message
...
Hi guys, hope somebody here can help me (please... pretty please...)

SNIP

However... before this infection Outlook Express launched in around 6
to 10 seconds, even with a reasonably populated inbox. Following the
removal of the rootkit, when I went to fetch some mail several hours
later, Outlook Express very suddenly took around 30 to 40 seconds to
launch. Very sudden slow-down, not gradual over time.

Snip

I downloaded and re-installed the IE7/OE6 package directly from
Microsoft, hoping that this would repair any damaged files/dlls etc...
no change.

Installing IE7 does not reinstall OE6.

Email scanning should be turned off in any anti-virus. Also exclude EML
files from the scan. It provides no
protection not provided by the regular resident protection.
Beside that, McAfee and Norton are not compatible with OE and should be
uninstalled.

--
Frank Saunders, MS-MVP OE/WM
Do not send mail.

On Thu, 5 Jul 2007 18:25:56 -0400, "PA Bear"
wrote:

snip
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

Thanks for this, I don't think this will be too complex, I should be
able to handle this as I am reasonably competent with stuff like this.

Cheers
J

On Thu, 5 Jul 2007 19:19:56 -0500, "Frank Saunders, MS-MVP OE/WM"
wrote:

"J Manderley" wrote in message
.. .
Hi guys, hope somebody here can help me (please... pretty please...)

SNIP

However... before this infection Outlook Express launched in around 6
to 10 seconds, even with a reasonably populated inbox. Following the
removal of the rootkit, when I went to fetch some mail several hours
later, Outlook Express very suddenly took around 30 to 40 seconds to
launch. Very sudden slow-down, not gradual over time.

Snip

I downloaded and re-installed the IE7/OE6 package directly from
Microsoft, hoping that this would repair any damaged files/dlls etc...
no change.

Installing IE7 does not reinstall OE6.

Email scanning should be turned off in any anti-virus. Also exclude EML
files from the scan. It provides no
protection not provided by the regular resident protection.
Beside that, McAfee and Norton are not compatible with OE and should be
uninstalled.

Thanks for this info, much appreciated. The pc in question is in fact
running AVG Antivirus 7.5, and things were okay with email scanning
enabled before the rootkit hit. However I will follow your suggestion
and disable the .eml extension scanning to see if it makes a major
difference.

Thanks also for the info about IE7, I was under the impression that it
also installed OE6 as part of the package, I stand corrected on this.
Does IE6 installer include OE6 as part of the package? Could I remove
IE7 and go through the motions of re-installing IE6 at all?

Regards
J

"J Manderley" wrote in message
...

Thanks for this info, much appreciated. The pc in question is in fact
running AVG Antivirus 7.5, and things were okay with email scanning
enabled before the rootkit hit. However I will follow your suggestion
and disable the .eml extension scanning to see if it makes a major
difference.

Thanks also for the info about IE7, I was under the impression that it
also installed OE6 as part of the package, I stand corrected on this.
Does IE6 installer include OE6 as part of the package? Could I remove
IE7 and go through the motions of re-installing IE6 at all?

Regards
J

Yes, OE6 is part of the IE6 install package.
Yes, if you uninstall Windows Internet Explorer 7 you could reinstall
IE/OE6, but it's not likely to change anything.
How to Reinstall or Repair Internet Explorer and Outlook Express in Windows
XP
http://support.microsoft.com/kb/318378

--
Frank Saunders, MS-MVP OE/WM
Do not send mail.