My daughter's computer went crazy again today . Her computer began rapidly sending out emails. This was the second time in a month that this had happened - the first time I located and removed an application in the C:\WINDOWS\system32 directory (one that was reported as the sender by Norton).

She told me this started soon after she clicked a link from a friends MSN account message.

This time I was going to be more thorough....

Helpfully Norton gave me a clue to the name of the application that was doing the spamming.  It was called C:\WINDOWS\system32\syhoudood.exe and it it was 136 kb big.

In the same directory was another application called gasupu.exe - it was the same size and was installed on the same day at the same time!

I decided to check the registry - I found that gasupu.exe was installed as a service and the service had been named Blue Coat K9 Web Protection. I suspected this was not correct - K9 is a legitimate program name but I never installed it.

I then compared several random locations in both files and found the bytes to be identical.

So now I have the mechanism of the spambot - gasupu is run as a service and periodically it copies itself to a new program name and it is this new program that runs the spamming.

I have deleted both the spammer and the service and I stopped the service from running - hopefully all is now quiet. Now I just have to stop my daughter clicking stuff she does not know!

Note: Blue Coat K9 Web Protection  http://www1.k9webprotection.com/ is a legitimate service - there is no suggestion that the real K9 from Blue Coat is a spam bot generator.