1

Hi all… Please help!!! ??? ??? ???

My Avast on-access protection is always swithed on. I noticed today that the little ‘a’ icon is spinning more than usual. I stopped what I was doing, and before long, the ‘a’ icon began to spin again.

I pinpointed it down to the internet mail scanning…

It is scanning all sorts of junk that has nothing to do with me??? I dont understand where the processes are coming from…

Here are a couple of examples that I have seen being checked by the Internet Mail part of the on-access:

-Outgoing email ‘tiekrabf’ From: “Branko Guzzetti”
-Outgoing email ‘tietosig’ From: “inga Kenny”
-Outgoing email ‘{tiemhi’ From: “kwang Friedrich”

I cant see what comes after each one of the above because I cant make the window wider.

Also, when I hover over the avast icon, it states '8 providers total, 7 running. What does this mean??? ::slight_smile: ::slight_smile:

Any help would be greatly appreciated guys…

Thanks in advance.

2

Anyone…?? :‘( :’(

3

If you yourself aren’t sending email then it is likely that you have a hidden or undetected spambot trojan on your system.

What is your firewall?
This should be able to detect unauthorised outbound connections.

Set the Internet Mail provider sensitivity to High, this should identify multiple identical emails in a short time, hopefully stopping them being sent (if your firewall isn’t capable of this).

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. SUPERantispyware On-Demand only in free version. Or AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or Spyware Terminator Resident scanner.

If you have avast Pro there are 8 providers, but only 7 are running, that is normal if you aren’t using MS Outlook (not express). What is your email program ?

4

Besides David suggestions, why don’t you:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.

But, specially:
5. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.

5

Ok fellahs… I updated my firewall, and pinned it down to ‘services.exe’ in c:\windows\system32.

Ive just blocked it for now with my firewall, and will restore a Symantic Ghost Image of my clean system later.

Thanks for the help and info guys!!!

6

Well services.exe is a legit file name though no guarantee it isn’t infected or being used by another piece of malware.

Before you take any further corrective action.
Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner and report the findings here in the topic.

If it is detected by multiple scanners then send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.