I keep getting a warning when I open my eM Client mail, that offers the following information:
Object: http//www.mystictea.cz/newcall-small.jpg
Infection: URL:mal
I have ran a complete system scan, but can’t get this warning to go away, every time I open the mail program it reappears!
Thanks for any help…
wyocowboy
Follow the guide here, and attach the logs
http://forum.avast.com/index.php?topic=53253.0
anyway those links seems to be dead now, but previous malicious it seem http://urlquery.net/report.php?id=16221
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Morpheus :: MORPHEUS-PC [administrator]
Protection: Enabled
1/15/2012 3:35:31 PM
mbam-log-2012-01-15 (15-35-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174434
Time elapsed: 2 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
One gets an error here: failure: <urlopen error [Errno -2] Name or service not known> IP 0 0 0
it is a booby trapped jpg that is being alerted,
polonus
to avoid multiple post with copy and paste, you need to attach the OTL log
lower left corner: additional options > attach
Sorry!, try this
Wyocowboy
not MBAM log…we have already seen that…
but OTL log, it will be very long thats why you must attach it
Here it is…
wyocowboy
Not a great deal showing there - what is your e-mail client ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKU\S-1-5-21-1831967051-3588195963-903182636-1001\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ():Files
ipconfig /flushdns /c
C:\Program Files (x86)\Search Toolbar:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
eM Client
Thanks
wyocowboy
If you access your e-mail via the web portal do you still get the alerts ?
My thoughts are that the e-mail programme iteself has an infection or a file within it has been tampered with
The “eM Client” has been scanned,and is constantly monitored and this “mystictea.cz” is never found in the virus chest! My mail server is Bresnan (Optimum), the “eM Client” is just the mail client. I am able to check my Bresnan (Optimum) mail utilizing their web client without problems, so it’s just when I open the “eM” client program on my computer.
What I can’t figure out, is why if Avast finds it each time the mail client is opened, it will not remove it? or move it to the virus chest.
Thanks
wyocowboy
I will flash up my VM in a bit and try the e-mail client from there
Thank you, I should mention, the first part of the warning popup displays the following:
“avast network shield has blocked a harmful site”, then goes on to list:
Object:http//www.mystictea.cz/newcall-small.jpg
Infection:URL:Mal
Process: C:\ProgramFiles(x86)\eMClient\MailClient.exe
Could just be something in my avast “network Shield” settings?
Thanks
wyocowboy
No it is blocking a redirect from the e-mail client
So where do I go from here?
Thanks
At the moment I would stop using the e-mail client
Or as an alternative uninstall it a download and install a fresh copy
Give me an hour to check it out
OK a bit quicker that I thought
I have the e-mail client up and running on my system and I am receiving no alerts to Livemail
You say that when you go to the portal and read mail there you do not get the alert ?
If that is true then I would recommend that first you empty the deleted emails - does that help ?
Uninstall and then re-install the client - does that work ?
@Essexboy,
Isn’t it recommended to take a backup of the emails and contacts before uninstalling the email client program?
Aye :-[ Although as it is web based it should retain that data online… Livemail does