After opening email from I thought trustworthy company and person, I get in Windows:
MESSAGE BOX:
RED (!) No Internet Connection
BLACK > Show details & options
BLUE Button with WHITE Resolve
Can there be a virus or hidden HTML script in the email?
In my 20 years as ICT Professional and Web Developer I have never seen this.
I gladly provide the suspected emails because it was send in duplo
Post a screenshot of the warning.
Is this an Avast message.......avast messages should containe name and logo .....
http://members.tele2.nl/galien8/Images/ERROR_INTERNET.jpg
I have indeed no internet, cannot browse with Google Chrome and cannot FTP
Not from Avast but also not something I would click on.
Follow the instructions outlined at:
https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs.
I got two .eml email saved as file from Windows Live mail Windows 7, the email I clicked, opened and received the “No Internet Connection” warning with as in posted screenshot earlier, was send in duplo.
Can Avast analyze these two .eml? If it contains a hidden HTML script (which perhaps downloads and installs malicious software)?
If there was a hidden script in the email, it was undetected by Avast Internet Security, Avast could learn from it!
How do I attach eml to a post to this forum?
Is there a hyperlink in the e-mail or an attachment ? As I believe that it is the e-mail trying to connect
Some emails have images, which aren’t embedded in the email, but would be downloaded from the URL source.
Having a hidden script as you say, isn’t necessarily malicious, suspicious perhaps.
As an ICT professional I’m sure you are already aware of these - the HTML iFrame tag, imports data/content from the iFrame source. There are also tracking objects 1x1 pixel image that report that the email got through, sometimes seen in spam email to validate a good email address.
All of the above would be trying to connect to the internet, why you are getting the No Connection error is the question, unless you had your connection closed.
Unfortunately you can’t attach .eml files, only text based files .txt, .log and certain image files.
I can open .eml in Visual Studio: (made anonymous …) no iframe, http or href in both .eml by the way, but I am no expert, can this still be a suspicious email that caused that screenshot message box?
HEADER
Return-Path: <…@…nl>
Original-Recipient: rfc822;…@kpnmail.nl
Received: from cpxmta-msg10.kpnxchange.com (10.94.114.31) by cpxmbs-msg07.support.local (8.6.060.31)
id 547E73D5029C26A8 for …@kpnmail.nl; Mon, 2 Feb 2015 11:31:22 +0100
Received: from cpsmtpb-ews10.kpnxchange.com (213.75.39.15) by cpxmta-msg10.kpnxchange.com (8.6.060.14)
id 547E855A07484301 for …@kpnmail.nl; Mon, 2 Feb 2015 11:31:22 +0100
Received: from cpsps-ews14.kpnxchange.com ([10.94.84.181]) by cpsmtpb-ews10.kpnxchange.com with Microsoft SMTPSVC(7.5.7601.17514);
Mon, 2 Feb 2015 11:31:22 +0100
Received: from mail2.twd…nl ([145.7.91.81]) by cpsps-ews14.kpnxchange.com with Microsoft SMTPSVC(7.5.7601.17514);
Mon, 2 Feb 2015 11:31:22 +0100
Received: from (unknown [10.33.96.97]) by mail2.twd…nl with smtp
id 212f_0d3d_a1a9f1e8_aac6_11e4_9cd6_001517f7dd58;
Mon, 02 Feb 2015 11:31:22 +0100
Received: from VHUB001…local (10.33.34.41) by
VEDG001…local (10.33.96.97) with Microsoft SMTP Server (TLS) id
8.3.389.2; Mon, 2 Feb 2015 11:30:30 +0100
Received: from VMBX004…local ([10.33.35.8]) by
VHUB001…local ([10.33.34.41]) with mapi; Mon, 2 Feb 2015 11:30:31
+0100
From: “…” <…@…nl>
To: “…” <…@…com>
CC: “…'” ...@kpnmail.nl
Date: Mon, 2 Feb 2015 11:30:30 +0100
Subject: …
Thread-Topic: …
Thread-Index: AdA+00S+C13QkMBCQcSWYDr9R7QEFw==
Message-ID: <3F320024669205448DDACA23EBF56A8C0510D7E8E2D4@VMBX004…local>
Accept-Language: nl-NL, en-US
Content-Language: nl-NL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: nl-NL, en-US
Content-Type: multipart/alternative;
boundary=“000_3F320024669205448DDACA23EBF56A8C0510D7E8E2D4VMBX004rott”
MIME-Version: 1.0
X-OriginalArrivalTime: 02 Feb 2015 10:31:22.0738 (UTC) FILETIME=[63D09520:01D03ED3]
X-RcptDomain: kpnmail.nl
X-Antispam: clean, score=2
X-Antivirus: avast! (VPS 150202-0, 02/02/2015), Inbound message
X-Antivirus-Status: Clean
–000_3F320024669205448DDACA23EBF56A8C0510D7E8E2D4VMBX004rott
BULK PLAIN TEXT
BULK HTML TEXT
–000_3F320024669205448DDACA23EBF56A8C0510D7E8E2D4VMBX004rott–
I had just downloaded new email in client, so there was connection, I opened one email and read it, scanned a letter, I wanted to attach in the reply, then I saw message box, did not click it, I unplugged ethernet cable, which I always do when I have the suspicion of a virus, now I do AVAST Full System Virus Scan of whole system, message box can be bogus by the way as in there is still connection, I do not yet know, if a virus clicking it (blue RESOLVE button) could trigger downloading and installing more malicious software.
My first thought was this comes perhaps from the last email opened (= hidden HTML script or with hidden auto run exe virus)
I also do not think this message from the screenshot comes from my Dutch Internet Service Provider (ISP = KPN’s Experia Box modem which has a 250 Mb Internet Manager application on the primary computer client) because these messages are always in the Dutch language and have a green KPN Internet Manager logo.