Ack! Too many e-mails?!

Hey, I’ve been using Avast for awhile and this is the first time that I’ve ever recieved this message:

There are too many identical e-mails in appointed time

Sender:
Recipient:
Subject: There are too many identical e-mails in appointed time

Sender:
Recipient:
Subject:

I get dozens of these pop-ups from the scanner and even these:

There are too many identical e-mails in appointed time

Sender: “Violeta Castañeda” Salvador@gmail.com
Recipient: clargen@yahoo.com
Subject: Millones de Personas en Mexico Veran su PublicidadThere are too many identical e-mails in appointed time

Sender: “David Aguilera” Mora@gmail.com
Recipient: clargen@yahoo.com; “Cincotam” cincotam@yahoo.com
Subject: Unicas Actualizadas al 1ero de Junio de 2005There are too many identical e-mails in appointed time

Sender: “David Aguilera” Mora@gmail.com
Recipient: clargen@yahoo.com; “Cincotam” cincotam@yahoo.com
Subject: Unicas Actualizadas al 1ero de Junio de 2005

I don’t know any of these people and I don’t speak spanish, so I can only assume this is due to a malicious virus that is on the computer - I scanned and found a trojan and deleted it, but continued to get this message?

Any suggestions?

I can be reached through this post and through my e-mail address: james.plett at gmail dot com

Thanks!
James

You may have a worm trying to send out spam emails.

Please ensure you have the latest definitions and then schedule a boot time scan.

Right click on the avast! icon, select Start avast! anti-virus. If avast! detects a worm in memory, it will ask you if you want to schedule a boot time scan: accept. If avast! doesn’t detect anything in memory, click the drop down menu (top left) and schedule a boot time scan from there.

Will do.

I am also recieving warnings from avast! telling me internet connection time outs and such, the source of the problem seeming to be fnhbh.exe.

Any ideas?

Random filenames are usually malware. Nothing comes up on Google about his file. It is almost certainly a malware process.

If avast! doesn’t remove it during a boot time scan, you could submit the file to Jotti’s scanner, to see what a variety of anti-virus scanners say about it:

http://virusscan.jotti.org/

Ok, I ran it, and deleted all viruses. Before that I also ran Microsoft Anti-Spyware and that took out a bunch of stuff, but upon boot up avast detected installer.exe as adware, I removed that but the problem see be as bad as ever.

I’ll try that scanner you suggested, but I really have no idea what to do after that.

James

Hi James,

Ewido anti-trojan scanner is also worth a try.

http://www.ewido.net/en/

The new Microsoft Malicious Software Removal Tool will remove some rootkits and many worms. Download it here:

http://www.microsoft.com/security/malwareremove/default.mspx

If these fail you could do a HijackThis scan and post the log file:

Instructions here:

http://www.bleepingcomputer.com/forums/tutorial42.html

Thanks alot, that seemed to have solve the problem.

I’m going to download the Software Removal Tool to take out the fnhbh.exe file - I also found another one that one fo the scanners found as a worm, so that ought to finish the spyware problem on this computer.

Thanks again! You’ve been a great help.

I get the same “There are too many identical e-mails in appointed time” error when I am sending, but I know it’s the amount of emails I am sending. I need to notify a number of club members at the same time, is there anyway to turn off this warning if it’s from a known email account i.e. my own.

I think not… you may disable all avast! scanning, you may disable the scanning for just one email account, but you can’t use an exception list for the Heuristic Mail settings. Maybe you can just increase the value or, even, disable this specific option of the Heuristics.

You can if you change the sensitivity of the Internet Mail provider Heuristics to Custom and Then click the Heuristics Advanced Tab, there you can set the figure higher.

However, that will be used for everything not just sending email to club members. So if you got infected with a new virus or spamming trojan, etc. there would be no stopping multiple emails being sent out that are either spam or virus, etc. Possibly a better option id to temporarily disable outbound email checks, send your email to the club members and enable it again.

Hi,

I am new in this forum but not with Avast (almost installed @ home for 1 year now :slight_smile: ) and I have installed it in the whole family network and friends …

Well, I have this kind of message really often.
Strangely, nothing in the system looks like sending mail : eudora is shutdown, outlook is not running.
Oh, also, the from is always changing. It’s not like a zombi which is sending mails (I had this also :frowning: )
Since it’s not a brut sender, sometime, nothing, sometime, many…

I have clean the system with a full scan and also with Spybot & adaware.
Nothing found, nothing suspicious.
It’s only annoying :frowning:
Only, no routeur to block the internet and only Windows XP friewall.
:stuck_out_tongue:
??? what can it be?

It might prove useful to create (for a while) a more detailed avast! log of your mail connections.

You can get the mailscanner to log your connections by editing the avast4.ini file (in Program Files\Alwil Software\Avast4\DATA folder).

In the section headed:

[MailScanner]

add the line:

Log=20

and save the updated file.

The log will be in Program Files\Alwil Software\Avast4\DATA\log\ashmaisv.log

When you get the message the log will show you what process was connecting to which IP address. That should help give you a clue as to the cause.

extract:

12/12/05 23:19:33 00000CE4: ->SMTP DATA
12/12/05 23:19:33 00000CE4: sent 50(0x00000032)
12/12/05 23:19:33 00000CE4: received 4983(0x00001377)
12/12/05 23:19:33 00000CE4: ProcessFile entrance E:\TEMP_avast4_\unp49660997
12/12/05 23:19:33 00000CE4: ProcessFile 2 E-mail ‘joeenova’ De : “Oralie” Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile scan before E-mail ‘joeenova’ De : “Oralie” Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile scan after E-mail ‘joeenova’ De : “Oralie” Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile exit 1(0x00000001)
12/12/05 23:19:33 00000CE4: --SMTP Mail is clean
12/12/05 23:19:33 00000CE4: sent 6(0x00000006)
12/12/05 23:19:33 00000CE4: received 14(0x0000000E)
12/12/05 23:19:33 00000CE4: <-SMTP 354 go ahead
12/12/05 23:19:33 00000CE4: --SMTP Modified message to send: E:\TEMP_avast4_\unp49660997
12/12/05 23:19:33 00000CE4: sent 4983(0x00001377)
12/12/05 23:19:33 00000E14: received 100(0x00000064)
12/12/05 23:19:33 00000E14: <-SMTP 451 mta217.mail.mud.yahoo.com Resources temporarily unavailable. Please try again later [#4.16.5].
12/12/05 23:19:33 00000E14: sent 100(0x00000064)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: ->SMTP QUIT
12/12/05 23:19:34 00000E14: sent 6(0x00000006)
12/12/05 23:19:34 00000E14: received 31(0x0000001F)
12/12/05 23:19:34 00000E14: <-SMTP 221 mta217.mail.mud.yahoo.com
12/12/05 23:19:34 00000E14: sent 31(0x0000001F)
12/12/05 23:19:34 00000E14: connection closed 0(0x00000000)
12/12/05 23:19:34 00000E14: --SMTP Finishing connection handler
12/12/05 23:19:34 000066E8: SMTP accept connection from: 127.0.0.1
12/12/05 23:19:34 000066E8: Connection handler: 0x00006574
12/12/05 23:19:34 00006574: Ignored PIDs: 26244 13640 3120
12/12/05 23:19:34 00006574: Ignored Addresses: mine:119 127.0.0.1:119 mine:143 127.0.0.1:143 mine:25 127.0.0.1:25 mine:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
12/12/05 23:19:34 00006574: Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
12/12/05 23:19:34 00006574: --SMTP command REDIRECT 4.79.181.13:25 1392
12/12/05 23:19:34 00006574: PATH: \Device\HarddiskVolume1\WINDOWS\explorer.exe

Some external address are not mine …

Rom

You might get infected by some kind of malware that turn your pc into botnet (zombie).

http://www.wilderssecurity.com/showthread.php?t=110550

Yes, that’s what I am thiking.
Strangely, it’s not occuring after having killed explorer.exe and restart one :slight_smile:

I’ll see with AVG, then (it’s in the other topic)
Do you need the files for avast?

sndmix.dll → infected by Downloader.Agent.AVZ …
not found with Avast :o

Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

Sure, will do :slight_smile:

Damn, unable to zip it, copy it or do whatever I want.
There is a lock from winlogon.

So, I cannot send it to you or let me know how to do it :slight_smile:

Rom

Can you add it to the User Files section of the avast chest (File, Add and navigate to the file) you can sedn it to avast from there.

This assumes you can unlock it, there are a number of programs that can do this ‘WhoLockMe’ is just one - http://www.pcworld.com/downloads/file_description/0,fid,25368,00.asp