Hi everybody,
I have often a message like that :
“421 concurrent connections limit in avast…”.
How can we increase this number of connections ?
Thank you for your reply
Can you post the full text content of the message as it usually details what is using the connections ?
The concurrent connections limit is I think 20 by default so if it is 421 someone has already increased it previously. It can be increased by editing the avast4.ini file [MailScanner] section, add the line MaxConnections=nn (where nn is the numeric value) or edit the existing value. Personally I believe you should look at what is generating these connections rather than simply increasing the value.
[MailScanner]
MaxConnections=20
Are you using a news reader or searcher like NewsLeacher ?
Hi DavidR,
I think 421 is an error code and not a number of connections. The max connection allowed is 20.
Her was nothing like “MaxConnection” in the avast4.ini then i have now write a new line with MaxConnections=40.
I think i must reboot computer for new configuration then i hope tomorow it’s ok…
Thanks
Before you make any changes it is essential to find out why the maxconnections limit is reached, 20 should be more than enough for normal use. That is why I asked for the full text content of the message, which won’t be available if you correct the ‘symptom’ rather than find the disease.
Hi,
In attachments :
av02.jpg → full text content message
av01.jpg → print screen of process explorer, where i dont see 40 services…
MaxConnections is already to 40, without reboot.
Thank
can you post here rather a screenshot taken from tcpview?
Depending on which application is doing that, you can edit avast4.ini, find the section [MailScanner], add (or edit) the line IgnoreProcess.
[MailScanner]
IgnoreProcess=mybad.app,ccPxySvc.exe
This is a typical situation where the ignored process option is really useful.
I think now you can see why we want to find out what is responsible for the connections. It is unusual I would say for services.exe to connect The TCPview suggested by Maxx should be better.
The possibility is that something is using services.exe rather than it being the guilty party, is there anything in the firewall(?) logs as there would be a parent controlling the child (services.exe) and that would usually require permission.
I suggest that you
@ Tech, I wouldn’t suggest exclusion of services.exe (or any other application) until we confirm exactly what it is. The last thing we want is to exclude something which could be malicious.
The first word in my answer…
Depending…
Hi,
Here is à “print screen” from TCPVIEW:
[System Process]:0 TCP chaintech:12025 localhost:2630 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2527 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2525 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2626 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2526 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2628 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2534 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2542 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2634 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2638 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2522 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2532 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2524 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2546 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2633 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2528 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2629 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2637 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2625 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2545 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2521 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2520 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2544 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2636 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2632 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2640 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2624 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2639 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2627 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2519 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2547 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2635 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2631 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2523 TIME_WAIT
[System Process]:0 TCP chaintech:12025 localhost:2543 TIME_WAIT
alg.exe:2448 TCP chaintech:1032 chaintech:0 LISTENING
ashMaiSv.exe:1724 TCP chaintech:12025 chaintech:0 LISTENING
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2607 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2623 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2598 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2602 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2601 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2596 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2622 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2610 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2594 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2517 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2518 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2515 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2516 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2512 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2600 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2615 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2603 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2529 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2591 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2511 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2599 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2606 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2609 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2597 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2604 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2614 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2593 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2592 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2621 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2619 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2617 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2616 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2618 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2611 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2595 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2612 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2620 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2608 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2613 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12025 localhost:2605 CLOSE_WAIT
ashMaiSv.exe:1724 TCP chaintech:12110 chaintech:0 LISTENING
ashMaiSv.exe:1724 TCP chaintech:12119 chaintech:0 LISTENING
ashMaiSv.exe:1724 TCP chaintech:12143 chaintech:0 LISTENING
ashMaiSv.exe:1724 TCP chaintech:2584 imedg1.ichotelsgroup.com:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2585 0.mx.dhha.org:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2586 localhost:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2587 ph07.webhosthk.com:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2588 mx100.012.net.il:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2589 202-177-24-226.kdd.net.hk:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2590 *.s6a1.psmtp.com:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2652 213.168.74.65.static.heraklesdata.net:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2653 server113.appriver.com:smtp SYN_SENT
ashMaiSv.exe:1724 TCP chaintech:2654 smtp.zzr.com:smtp SYN_SENT
ashWebSv.exe:1660 TCP chaintech:12080 chaintech:0 LISTENING
iexplore.exe:15276 UDP chaintech:4162 :
lsass.exe:712 UDP chaintech:4500 :
lsass.exe:712 UDP chaintech:isakmp :
services.exe:700 TCP chaintech:2511 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2512 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2515 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2516 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2517 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2518 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2529 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2591 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2592 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2593 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2594 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2595 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2596 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2597 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2598 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2599 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2600 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2601 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2602 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2603 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2604 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2605 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2606 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2607 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2608 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2609 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2610 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2611 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2612 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2613 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2614 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2615 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2616 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2617 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2618 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2619 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2620 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2621 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2622 localhost:12025 FIN_WAIT2
services.exe:700 TCP chaintech:2623 localhost:12025 FIN_WAIT2
svchost.exe:1008 UDP chaintech:netbios-dgm :
svchost.exe:1008 UDP chaintech:netbios-ns :
svchost.exe:1008 TCP chaintech:netbios-ssn chaintech:0 LISTENING
svchost.exe:1008 UDP chaintech:ntp :
svchost.exe:1008 UDP chaintech:ntp :
svchost.exe:1008 UDP chaintech:ntp :
svchost.exe:1076 UDP chaintech:1049 :
svchost.exe:1076 UDP chaintech:1075 :
svchost.exe:1076 UDP chaintech:1076 :
svchost.exe:1076 UDP chaintech:1077 :
svchost.exe:1076 UDP chaintech:1078 :
svchost.exe:1076 UDP chaintech:1079 :
svchost.exe:1076 UDP chaintech:1080 :
svchost.exe:1076 UDP chaintech:1082 :
svchost.exe:1076 UDP chaintech:1083 :
svchost.exe:1076 UDP chaintech:1084 :
svchost.exe:1140 UDP chaintech:1900 :
svchost.exe:1140 UDP chaintech:1900 :
svchost.exe:1140 UDP chaintech:1900 :
svchost.exe:932 TCP chaintech:epmap chaintech:0 LISTENING
System:4 TCP chaintech:microsoft-ds chaintech:0 LISTENING
System:4 UDP chaintech:microsoft-ds :
System:4 UDP chaintech:netbios-dgm :
System:4 UDP chaintech:netbios-ns :
System:4 TCP chaintech:netbios-ssn chaintech:0 LISTENING
We can see the application that is causing the maxconnection issue, services.exe and that is not something I would expect to connect.
My comments were also for ermite67 as he was very quick off the mark to edit the maxconnection value, which could have stopped us from tracking the problem.
@ ermite67
What is chaintech ?
@DavidR,
chaintech is the name of my computer, and also the lan name.
ALSO, if you remember me, e-mail are continuing be send without my autorisation
( Forum title : Outpout mail scanning historic - link: http://forum.avast.com/index.php?topic=31537.0)
Help, i need somebody, help…
The emails being sent may well account for the additional connections breaking the limit.
Hopefully Maxx can pick up on the TCPview data.
A bit went missing from my last post so I will post it here:
I suggest that you search your system for services.exe and report the location of any that are found ?
Upload any that are found to VirusTotal - Multi engine on-line virus scanner and report the findings here.
In your other topic I asked if you had a firewall which effectively you didn’t, did you every get around to installing one and if so what ?
A firewall with outbound checking may stop these unauthorised outbound connections.
If you did get a firewall as I asked in the last post reply #7 is there anything in the logs, etc. Also check the application/program control and see if there is an entry for services.exe, if so block it.
If you are still getting the sending emails I would say get back into the previous topic and active it again. Try to follow the suggested steps you previously did, etc.
It won’t be bad it you test your computer with on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
AVGas (does not necessary if you have AVG antispyware installed)
F-Secure
BitDefender (free removal of the malware)
HitmanPro (multiply scanners)
If I can suggest, I bet on Kaspersky and BitDefender.
Hello DavidR , Tech,
Services.exe was found on :
c:\Windows\system32
c:\Windows\ServicePackFiles\i386
with same date/time/size (28/08/2004, 0:10, 106 Ko), and all is OK with virustotal.
My firewall is COMODO FIREWALL PRO, installed 2 week ago.
Application/program control : services.exe was full autorised. I have updated for comodo ask me before use of services.exe.
Now computer is already faster than yesterday :>) COOL
If it is services.exe, why Avast!, SuperAntispyware, Adaware SE and Spyboot found nothing ???
For the kaspersky online scanner, installation dont work… (see jpg attached).
THANKS FOR ALL
services.exe (and svchost.exe) are the generic service dispatchers… if there are so many open ports, you can expect some service to made this… you can download http://www.microsoft.com/downloads/details.aspx?FamilyID=C055060B-9553-4593-B937-C84881BCA6A5&displaylang=en and run it with the parameter -s to list all services related to services.exe…
Hi,
Tlist are C langage files (not exe file)
Kaspersky online scanner : I have uninstalled and reinstall ok. RESULT : nothing found (jpg attached).
Thanks
aah, sorry… i couldn’t find the binary :-.… now it’s tasklist.exe, you can find it in your win directory… so, run “tasklist /svc > tasks.txt” and put the content of tasks.txt here 
Hi Maxx_original,
Tasklist.exe : Here is no such program in Windows XP… but only in Windows XP PRO …
Here can it be downloaded : http://www.computerhope.com/download/winxp.htm
Here is then result of the command Tasklist /svc :
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 564 N/A
csrss.exe 636 N/A
winlogon.exe 660 N/A
services.exe 704 Eventlog, PlugPlay
lsass.exe 716 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 872 DcomLaunch, TermService
svchost.exe 920 RpcSs
svchost.exe 996 AudioSrv, Browser, CryptSvc, Dhcp, ERSvc,
EventSystem, FastUserSwitchingCompatibility,
helpsvc, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1068 Dnscache
svchost.exe 1164 LmHosts, SSDPSRV, upnphost, WebClient
aswUpdSv.exe 1292 aswUpdSv
ashServ.exe 1340 avast! Antivirus
spoolsv.exe 1544 Spooler
cmdagent.exe 1872 CmdAgent
svchost.exe 1972 stisvc
explorer.exe 232 N/A
ashDisp.exe 764 N/A
mixer.exe 720 N/A
cpf.exe 1044 N/A
ctfmon.exe 1064 N/A
msmsgs.exe 1092 N/A
SUPERAntiSpyware.exe 1120 N/A
wkcalrem.exe 1260 N/A
ScannerFinder.exe 1280 N/A
ashMaiSv.exe 760 avast! Mail Scanner
ashWebSv.exe 512 avast! Web Scanner
soffice.exe 1660 N/A
soffice.bin 1584 N/A
alg.exe 2328 ALG
IncMail.exe 3052 N/A
ImApp.exe 2908 N/A
iexplore.exe 2424 N/A
cmd.exe 2372 N/A
ntvdm.exe 3812 N/A
notepad.exe 5952 N/A
iexplore.exe 7212 N/A
tasklist.exe 1956 N/A
wmiprvse.exe 7520 N/A
i really don’t like your ERSvc http://www.liutilities.com/products/wintaskspro/processlibrary/ersvc/ it’s probably the reason of your troubles… can you locate the file ersvc.exe somewhere and send it to www.virustotal.com analysis?