Error accessing Yahoo webmail, Messenger and others webmails

Hey,

I´ve installed Avast antivirus two or three days ago…and my computer got very slow, So I decided to unistall Avast to see what was going on… after uninstall, I couldn´t access any webmail like yahoo and my messenger doesn´t conect too… :frowning:

I already remove the entry key from regedit but the problem it still happening…

Does anybody knows what shoud I do to fix this situation?

Thanks in advance…

Gustavo

First, I suggest you use an antivirus. avast is good and won’t slow your system that much if you set the Standard Shield settings to Normal level (not High).
To fully uninstall avast (AFTER using Control Panel > Add/Remove programs) you can run: Avast Uninstall.

avast should be blocking any connection as it is an antivirus not a firewall…
Which OS are you using? Is it up to date?
Do you use a firewall? Which one?
Do you have any other antivirus installed in your system?
Any other security programs that could interfere?

Hello Tech

I´m saying that because before install avast my box including webmails were working fine…

I´m using Windows XP Prof and I don´t have SP installed and I don´t have any firewall set either…

And… I desinstalled the Avast… but it still causing problems…

My plans is install the avast after fixed all this troubles… by untill there I need my MSN and Yahoo mail working…

Can you help me to fix that ?

Thank you

Maybe…
Can you post a screenshot of your email settings? Which program are you using to get and send mails?
Did you use Control Panel to uninstall avast? Did you try the uninstall tool I’ve posted before?

I´m not using local mailing, just webmail like Yahoo or Terra, So I don´t have any kind of email settings…

More than that, I removed the avast from Control Panel but it seens that avast keep some port or connection bloquead even after it has been desinstalled… Is that possible?

By the way, reading some posts in this forum I realized that it could be some avast settings, but, I don´t have any avast4.ini in my box anymore…!!!

Any idea?

Thanks

No. Avast is an antivirus and does not block anything, less when it is not even installed… ::slight_smile:
Try ashClear.exe (http://www.avast.com/eng/avast-uninstall-utility.html) to clean anything left behind by avast.

avast4.ini file is only ‘active’ when avast is installed… so, right now, avast settings have nothing to do with this as you’ve uninstalled avast.

Your connection problem could be due to browser or firewall settings, a bad network configuration, who knows…

Tech

I´ll try to use this ashClear.exe… maybe it can help…

Thanks

Tech

I get the utility tool you sent the link and ran it… This aswclear removed some protection from avast remaining…

And I thought it would resolve the problem, but I restart my box and It keep the same problem…

I´m posting hijack log here, maybe it can help in some way…

Logfile of HijackThis v1.98.2
Scan saved at 19:37:24, on 11/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\ARQUIV~1\MSNMES~1\msgrapp.dll” (file missing)

Any ideas ?

Gustavo

The hijackthis log doesn’t seem complete, if it is then it’s the smallest I’ve seen.

The other point is your OS is way out of date, this leaves you vulnerable as many vulnerabilities that have been exploited have been patched. So you should urgently update your OS to SP2 plus latest updates after SP2.

For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2

Other than your OS being out of date, no software firewall or anti-virus detected, there doesn’t seem to be much in your log.

I found that I have the port 1025 blackjack!!! :frowning: It seems to be the responsible for all this troubles… It make sense? if does, how can I remove this blackjack?

Thanks

:slight_smile: Hi :

  Your Operating System is NOT "way-out-of-date"; it is
  the same one I have . Definitely should NOT "upgrade"
  to SP2 UNLESS you know you are malware-free, which
  is unknown at this time.
  You are using an "old"version of Hijackthis; should
  uninstall it, then get the latest version at :
   www.thespykiller.co.uk/files/HJTsetup.exe  .
  And a "short" log of HijackThis implies it is AFTER
  using "SAFE MODE"; for posting HijackThis log, ALWAYS
  run in "Normal" Mode if at all possible.
 How do you know you have "port 1025 blackjack" ?
 AND for the SECOND TIME, what antiSPYWARE or
 antiTROJAN program(s) do you have on your computer ?

Hi Spiritsongs

You are right, my hijack is quite old… I´m installing the new one you sent the link…

Unfortunatelly I didn´t have any antivirus or antispyware until I got this problem…, So now I have installed AVG antivirus here to help me on this …

I notice that my 1025 port was blackjack using a port scan utility… and in the same time I thought the process svchost.exe was struggling my computer… in another utility I discover that this process got the port 1025…

Thanks for you help…

New Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 09:25:30, on 12/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\cmd.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Arquivos de programas\Grisoft\AVG Free\avgwb.dat
C:\Arquivos de programas\Grisoft\AVG Free\avgcc.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .pdf: C:\Arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\ARQUIV~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing)

Simple fact, a true statement with SP2 being the current service pack and many other security updates since SP2 (effectively a collation towards SP3) Your OS and gmachado’s is ‘way out of date,’ fact.

As I said “this leaves you vulnerable as many vulnerabilities that have been exploited have been patched. So you should urgently update your OS to SP2 plus latest updates after SP2.” Urgently being the operative word, not right now, when your up to your a** in alligators the last thing on your mind is draining the swamp.

Not only the fact that with SP1 you can’t get the latest current version of IE 6 SP2 (which has many security updates), nor will you be able to get IE 7 or many other security updates that require you have SP2 installed, a statement of fact, your OS is out of date, your choice what to do about it.

DavidR

I really understand that my OS is vulnerable… and I´ll update this as soon as I got it working fine again… I´m looking in the web how to release my port blackjacked, but I can´t find…

Do you have any tips to do that?

Thanks in advance…

Can you explain me what is blackjacked? (I just know hijacked…
TCPview from www.sysinternals.com is a good application to discover which is connecting to what (port) in your computer.

I mean, using ScanPort I found this suspect line:

Port 1025 - blackjack;network blackjack

I think that is why I can´t connect in any webmail or messenger.

See if this will help you find what is holding open the port:
http://reviews.cnet.com/5208-6122-0.html;jsessionid=abc9qX2x2KpF_4VfKY84q?forumID=44&threadID=211702&messageID=2261080

Blackjack seems to be a cassino card game…

Info about the 1025 port: http://www.linklogger.com/TCP1025.htm
Info about closing 1025 port: http://www.wilderssecurity.com/showthread.php?t=11994

As Spiritsongs said (How do you know you have “port 1025 blackjack” ?) you didn’t answer and I haven’t heard of this port ‘hijack’ rather than ‘blackjack’ ?

You still don’t appear to have a firewall and when you are suggesting you have some port hijacking an active firewall that can provide protection against unauthorised outbound internet connections is almost a must. Not only that if you are fighting any form of malware that connects to the internet as fast as you deal with something another could be taking its place.

You could also visit sysinternals.com and get TCPview which shows TCP connections, the process initiating it and also lists the ports they use. If the tool doesn’t give this information then I suggest you try it. The service svchost.exe is commonly used by many programs/processes, it is s service host, but importantly you need to ensure that it is the correct svchost.exe.