mystictea.cz

I keep getting a warning when I open my eM Client mail, that offers the following information:
Object: http//www.mystictea.cz/newcall-small.jpg
Infection: URL:mal
I have ran a complete system scan, but can’t get this warning to go away, every time I open the mail program it reappears!
Thanks for any help…
wyocowboy

Follow the guide here, and attach the logs
http://forum.avast.com/index.php?topic=53253.0

anyway those links seems to be dead now, but previous malicious it seem http://urlquery.net/report.php?id=16221

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Morpheus :: MORPHEUS-PC [administrator]

Protection: Enabled

1/15/2012 3:35:31 PM
mbam-log-2012-01-15 (15-35-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174434
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

One gets an error here: failure: <urlopen error [Errno -2] Name or service not known> IP 0 0 0
it is a booby trapped jpg that is being alerted,

polonus

to avoid multiple post with copy and paste, you need to attach the OTL log

lower left corner: additional options > attach

Sorry!, try this
Wyocowboy

not MBAM log…we have already seen that…
but OTL log, it will be very long thats why you must attach it

Here it is…
wyocowboy

Not a great deal showing there - what is your e-mail client ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll () O3 - HKU\S-1-5-21-1831967051-3588195963-903182636-1001\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Search Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

eM Client
Thanks
wyocowboy

If you access your e-mail via the web portal do you still get the alerts ?

My thoughts are that the e-mail programme iteself has an infection or a file within it has been tampered with

The “eM Client” has been scanned,and is constantly monitored and this “mystictea.cz” is never found in the virus chest! My mail server is Bresnan (Optimum), the “eM Client” is just the mail client. I am able to check my Bresnan (Optimum) mail utilizing their web client without problems, so it’s just when I open the “eM” client program on my computer.
What I can’t figure out, is why if Avast finds it each time the mail client is opened, it will not remove it? or move it to the virus chest.
Thanks
wyocowboy

I will flash up my VM in a bit and try the e-mail client from there

Thank you, I should mention, the first part of the warning popup displays the following:
“avast network shield has blocked a harmful site”, then goes on to list:

Object:http//www.mystictea.cz/newcall-small.jpg

Infection:URL:Mal

Process: C:\ProgramFiles(x86)\eMClient\MailClient.exe

Could just be something in my avast “network Shield” settings?

Thanks
wyocowboy

No it is blocking a redirect from the e-mail client

So where do I go from here?
Thanks

At the moment I would stop using the e-mail client

Or as an alternative uninstall it a download and install a fresh copy

Give me an hour to check it out

OK a bit quicker that I thought

I have the e-mail client up and running on my system and I am receiving no alerts to Livemail

You say that when you go to the portal and read mail there you do not get the alert ?

If that is true then I would recommend that first you empty the deleted emails - does that help ?

Uninstall and then re-install the client - does that work ?

@Essexboy,

Isn’t it recommended to take a backup of the emails and contacts before uninstalling the email client program?

Aye :-[ Although as it is web based it should retain that data online… Livemail does