I am running Internet Mail V 4.6-731. I also notice that is has scanned 482 emails in the last 32 minutes. I haven’t sent any emails, nor do I have any email software open right now.
As I look at it more, the connection timeout is just occuring because I think I have been hi-jacked. I am fairly sure of this because I cranked the Internet Mail up to high and asked it to display details.
It has now scanned 1000 emails in the last 1 hour 10 minutes. I am watching it scan emails to a slowly increasing alphabetical list of email addresses I have never heard of.
Unfortunately I don’t know to stop this from happening.
Why don’t you scan your system at boot time with avast?
Why don’t you install and run ewido, an antispyware and antitrojan (http://www.ewido.net/en/)?
Do you use a firewall? Which one?
You can configure the Heuristic tab of settings into Internet Mail provider and try to stop sending that emails…
The fact that it is trying to use the smtp port avast’s email scanner is intercepting it and it is likely that it isn’t using standard email protocols could cause this timeout as avast doesn’t recognise the protocol being used as an email protocol.
The other thing that confuses me if it is trying to send out mass emails why the Heuristic mass mailing check isn’t kicking in and raising a warning, well before the timeout warning, unless of course you have tweaked it or disabled this Heuristic checking as this is a default setting I think?
Avast, ewido and trojanhunter are not detecting anything, basically because it is winlogon.exe using port 25 (both seems to be normal for the antivirus/antitrojan).
Funny thing is, winlogon.exe seems not to be tampered with (timestamp and file size are as they should be).
I would encourage both of you ask for help on
the forum of your antiSPYWARE provider .
If you have Ad-Aware : www.landzdown.com
If you have Spybot : http://forums.spybot.info
Got the same problem, it is some malware… However when I kill a kernel32.dll thread (using sysinternals Process Explorer) (the one containing references to socket dlls) of winlogon.exe the problem stops.
Basicly the program connects to a server; active.emptyskull.net (64.71.177.36) retrieves:
list of mail-servers
list of firstnames
list of lastnames
list of domains
list of words
then it combines this into a mass mailing system, simply to try and determine whether a mail-address is valid on the specific server
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.