Have no idea where to put this: Probe OF Avast Program

[6/5/2010 9:54:29 PM]

Direction: incoming
Local Point: ..., port 3246
Adapter: WAN (PPP/SLIP) Interface
Remote Point: 222.45.112.59 [222.45.112.59], port 12200
Protocol: [6] TCP

Application path: c:\Program Files\Alwil Software\Avast5\AvastUI.exe
Description: avast! Antivirus
File version: 5, 0, 545, 0
Created: 2010/5/9, 00:38:51
Modified: 2010/5/6, 20:59:42
Accessed: 2010/5/31, 14:09:58

RuleId = 872415541

avastUI.exe does connect the Internet to update live contents of the GUI.
What exactly do you want to know or change?

222.45.112.59

Is not in the trusted network list on my firewall.

This was not Avast attempting to connect to the internet, this was someone attempting to connect to Avast from the outside.

Sorry. Missed that.

Using server whois.apnic.net.
Query string: “-V Md4.7 222.45.112.59”

% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 222.32.0.0 - 222.63.255.255
netname: CRTC
descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER
descr: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China
country: CN
admin-c: LQ112-AP
tech-c: LM273-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-lower: MAINT-CN-CRTC
changed: hm-changed@apnic.net 20030902
source: APNIC

route: 222.32.0.0/11
descr: CHINA RAILWAY TELECOMMUNICATIONS
country: CN
origin: AS9394
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.cn 20100528
source: APNIC

person: LV QIANG
nic-hdl: LQ112-AP
e-mail: crnet_mgr@chinatietong.com
address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China
phone: +86-10-51892111
fax-no: +86-10-51847845
country: CN
changed: ipas@cnnic.net.cn 20060911
mnt-by: MAINT-CNNIC-AP
source: APNIC

person: liu min
nic-hdl: LM273-AP
e-mail: abuse@chinatietong.com
address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China
phone: +86-10-51848796
fax-no: +86-10-51842426
country: CN
changed: ipas@cnnic.net.cn 20041208
mnt-by: MAINT-CNNIC-AP
source: APNIC

That’s not the correct routing entry:

Reports routes for 222.45.112.59:
routeid:54505719 222.45.0.0 - 222.45.255.255 to:putian_tech@163.com
Administrator found from whois records

As returned by Spamcop, if you use any of the chinatietong.com email address’s they bounce.

[1/18/2011 7:52:38 PM]

Direction: incoming
Local Point: 12.73.58.36, port 1080
Adapter: WAN (PPP/SLIP) Interface
Remote Point: 221.1.220.185 [221.1.220.185], port 12200
Protocol: [6] TCP

Application path: c:\Program Files\Alwil Software\Avast5\AvastSvc.exe
Description: avast! Service
File version: 5, 1, 889, 0
Created: 2011/1/18, 02:04:10
Modified: 2011/1/13, 08:47:33
Accessed: 2011/1/19, 01:40:13

RuleId = 134218593