A short time ago I received an email in my Hotmail junk email box that contained the message: ‘Antigen for Exchange found message.scr infected with VIRUS= W32/Netsky-P (Sophos,CA(InoculateIT)) worm. The message is currently Purged. The message, “Mail Delivery ()”, was sent from and was discovered’¦’. I frequently received junk emails like this message, usually referring to the Netsky worm or another virus, which I apparently sent to an address I have never heard of! Is this a strange sort of spam, or is something actually wrong? A second problem is my computer seems to be riddled with spyware and adware which I just can’t delete. Spybot and Ad-Aware are installed, up-to-date, and run frequently, None of them stop my homepage being hijacked and set to searchweb2.com, with an address with a lot of random letters before this loads. I have recently downloaded ZoneAlarm in the hope that it will stop the problem getting worse, and I have a pop-up blocker but my history is filled with sites I’ve never visited. The computer is running Windows XP Home.

The Netsky-P worm is a mass-mailing worm, which spreads through sending infected emails. Assuming you have an up-to-date virus scanner installed, we can assume your computer is not infected with the virus. If you are not running a virus scanner, then I strongly suggest you buy an antivirus package (I quite like Norton Antivirus) and do a full system scan with the latest virus definitions. The Netsky-P worm harvests email addresses from an infected computer, by searching the hard drive for specific file types and then looking within these files for email addresses. These email addresses are used, firstly, to spread the virus by sending infected emails and secondly, to spoof the ‘From’ field in the email. So, since you have never heard of the email addresses from which you are getting the bounce-back messages, what is likely to have happened is your email address was on a computer which has been infected with the virus and has spoofed your email address in the ‘From’ field of the infected emails. When the mail server at the recipients end scanned the email for viruses and found the Netsky-P worm, it rejected the email and sends a reply to the sender of the email. Of course, because your email address was spoofed in the ‘From’ field, the server thought you were the sender and therefore you received the rejection message. Unfortunately, there is pretty much nothing you can do about this problem, as it’s essentially out of your control. At least Hotmail is filing these emails in the junk mail folder for you!

Regarding your problem of being infected with spyware and adware, the searchweb2.com issue is related to Lop.com which can be installed with Messenger Plus, a third-party (i.e. not written by Microsoft) add-on for Windows Messenger. If you have Messenger Plus installed, go to the ‘Add/Remove Programs’ control panel and uninstall this program. If this doesn’t help fix your problem, as a temporary solution you could download StartPage Guard (from www.pjwalczak.com/spguard/index.php) which is a free utility to prevent the Internet Explorer homepage from being hijacked. However, I am unsure if StartPage Guard will remove the hijacker, or just stop its effects. So, please contact me again if you are in this situation and I will try to give a more permanent solution to the problem. ZoneAlarm should prevent spyware and other nasties from installing themselves on your computer without knowledge. Many spyware programs exploit vulnerabilities in Windows and Internet Explorer and will covertly install themselves. This is especially true if you don’t keep your computer up-to-date with the latest security patches. I strongly recommend installing a firewall.