MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 10-20-05, 20:17
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default AVG scanning outgoing mail - Not sending any?

Hello guys, just have a little problem and I was hoping you could give me some advice.

Just FYI I have followed your basic tutorial on Spyware fixes and found nothing.
My PC has been running with the following for about 2 months (updated programs every few days) -

Windows Xp with Service Pack 2
Mozilla Firefox Browser (With noscript extension)
AVG Antivirus
Adware SE Personal with VX2 Plugin
Spybot S&D
Microsoft Antispyware
Spyware Guard
Spyware Blaster
a-squared program

Now in the last week or so AVG pop-ups have been coming up stating that it is scanning outgoing e-mail, I'm sending nothing so I'm assuming I have some sort of nasty, I'm especially worried that it is a keylogger or something or that nature.
I was unaware of the frequency of these contacts till I turned on the logging feature of AVG last night, checking the log this morning shows that this crap is attempting to connect around every 30 mins or so.

Running all of my antivirus and antispyware programs listed above find nothing, additionally I have run a couple of online scans including Pandascan and they have found nothing. Also I have run Hijack this and run the log through the online analysis and nothing looks suspicious.

Currently I'm at work and so I cannot post a log of what is being sent but I found a person who had a similar problem and here is their AVG log -

5.3.2005 15:44:27 [12c] AutoPOP3(10110): Connection from 127.0.0.1:2737
5.3.2005 15:44:27 [c58] AutoPOP3(10110): Client connected
5.3.2005 15:45:09 [c58] AutoPOP3(10110): Cannot connect to OL130-184.fibertel.com.ar:10111
5.3.2005 15:45:09 [c58] AutoPOP3(10110): Connect: The operation completed successfully. (0)
5.3.2005 15:45:09 [c58] AutoPOP3(10110): Client disconnected


Its not exactly the same as mine but the company name FIBERTEL is exactly what my log says as well, but the ip is different.

If you guys could possibly post some suggestions as to scanning options or any other solutions then I can try them out when I get home.
I'll post my AVG log when I get home and attach a copy of my Hijack this log.

Thanks in advance.
Reply With Quote
Sponsored links
  #2  
Old 10-20-05, 23:37
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

BUMP

(sorry if bumping isn't condoned, just didn't want my post to die )
Reply With Quote
  #3  
Old 10-21-05, 05:17
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

Has anybody got any suggestions for me?

I have checked all my programs updates updates and re-run all my spyware programs in normal and safe mode including -
MS Antispyware
Adaware SE
Spybot S&D
a-squared
AVG antivirus

and they have all come back clean as a whistle.

I have attached my HJT log, it looks clean though.

Any suggestions would be much appreciated.
Attached Files
File Type: log hijackthis.log (4.4 KB, 2 views)
Reply With Quote
  #4  
Old 10-21-05, 05:27
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

BTW here is a quick snippet of my AVG email scanning log from today -

21.10.2005 17:26:43.132 [e44] AutoPOP3(10110): Connection from process 3424
21.10.2005 17:26:43.132 [e44] AutoPOP3(10110): Connection from 127.0.0.1:1291
21.10.2005 17:26:43.132 [e44] AutoPOP3(10110): Will connect to 201.235.46.5:110
21.10.2005 17:26:43.148 [b2c] AutoPOP3(10110): Client connected
21.10.2005 17:26:43.148 OpenInternet = 0
21.10.2005 17:26:43.148 AddTrayIcon()
21.10.2005 17:27:30.648 CloseInternet = 1
21.10.2005 17:27:30.648 RemoveTrayIcon()
21.10.2005 17:27:30.648 [b2c] AutoPOP3(10110): Cannot connect to 5-46-235-201.fibertel.com.ar:110
21.10.2005 17:27:30.648 [b2c] AutoPOP3(10110): Connect: The operation completed successfully. (0)
21.10.2005 17:27:30.648 [b2c] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
21.10.2005 17:27:30.851 [b2c] AutoPOP3(10110): Client disconnected
21.10.2005 17:46:03.820 [e44] AutoPOP3(10110): Connection from process 3424
21.10.2005 17:46:03.820 [e44] AutoPOP3(10110): Connection from 127.0.0.1:3560
21.10.2005 17:46:03.820 [e44] AutoPOP3(10110): Will connect to 201.235.46.5:110
21.10.2005 17:46:03.835 [ec8] AutoPOP3(10110): Client connected
21.10.2005 17:46:03.835 OpenInternet = 0
21.10.2005 17:46:03.835 AddTrayIcon()
21.10.2005 17:46:48.679 [ec8] AutoPOP3(10110): Cannot connect to 5-46-235-201.fibertel.com.ar:110
21.10.2005 17:46:48.679 [ec8] AutoPOP3(10110): Connect: The operation completed successfully. (0)
21.10.2005 17:46:48.679 [ec8] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
21.10.2005 17:46:48.679 CloseInternet = 1
21.10.2005 17:46:48.679 RemoveTrayIcon()
21.10.2005 17:46:48.882 [ec8] AutoPOP3(10110): Client disconnected
Reply With Quote
  #5  
Old 10-21-05, 07:59
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

Sorry for the quadrouple posting guys but I'm getting desperate, this thing is popping up ever more frequently and with me using my Netbanking yesterday and today I'm worried this may be some keylogging sh!te that could really funk me over.

BTW if somebody could tell me how to edit my previous posts I'll stop the double, triple, & quadrouple posting, cause damned if I can see where I can edit!

Thanks in advance!
Reply With Quote
Sponsored links
  #6  
Old 10-22-05, 00:05
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

There is no visible malware in you HJT log.

Is the below IP address your ISP:
Code:
210.15.254.240 = [ dns1.netspace.net.au ] 
 
  inetnum:	  210.15.224.0 - 210.15.255.255 
  netname:	   NETSPACE1-AP 
  descr:		NetSpace 
  descr:		level 1 
  descr:		683 Burke Road 
  descr:		Camberwell 
  descr:		VIC 3124 
  country:	  AU
FiberTel may be some kind of emailing agent. See the below! Does anything look familiar:
http://www.senderbase.org/search?pag...earchBy=domain
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 10-22-05, 00:36
MC DUI MC DUI is offline
Private E-2
 
Join Date: Jun 2005
Location: Newcastle, NSW, Australia
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

Yeah Netspace is my ISP, thats fine.

Don't know anything about that fibertel stuff though, never heard of it.

Its only been happenning for around a month, and I'm not sending any e-mails so why would it be trying to make contact if it was my mailing agent?

I've attached a picture of my outlook account details, don't know if that helps?
Attached Images
File Type: jpg Email Account.JPG (38.9 KB, 4 views)
Reply With Quote
  #8  
Old 10-22-05, 11:21
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,381
Thanks: 62
Thanked 7,659 Times in 4,129 Posts
Default Re: AVG scanning outgoing mail - Not sending any?

Maybe you should check with your ISP to see if they have anything to do with using FiberTel. It seems to be a company in Argentina that is used for sending email. I'm not sure why you would be seeing messages from AVG about it if you are not using email.

I would suggest that you install a true bi-directional firewall to properly protect you. You are currently relying on only WinXP SP2 and its firewall is not adequate. See this: How to Protect yourself from malware!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:16.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger