outgoing mail

I have avast! home running.
I check the ‘internet mail’ provider.
It scan all the time outgoing mail which I never send. It finds new messages every few seconds.
I suspect I have some virus which causes this.
Avast! scan finds nothing.
AVG scan finds nothing.
Hijackthis shows nothing special.
nothing special in my start programs and services.
I run XP and use Outlook express.
The outgoing mail continues even when outlook is closed.

Any idea how can I locate the source of these outgoing mail?

Thanks,
Yakov.

Yes… most probably.

I suppose your talking about AVGantispyware and not AVG antivirus.

Can you follow general cleaning procedures?

  1. Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

  2. Clean your temporary files. You can use the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run other trojan remover tools: a-squared, Free AVG Antispyware or SUPERantispyware (trojan removers). Some users recommend Spyware Terminator.

  5. Use the immunization of [url=SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

Found and removed by boot scanning of avast!
Good catch!

I got the other tools in your note just as well.
Thanks.

Keep clean 8)
Be happy with avast :wink:

Do you have a firewall and what is it ?
I suspect windows XP’s firewall.

I would however, say you need to look at a third party firewall to protect against unauthorised outbound connections. Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

Welcome to the forums.

I don’t use Firewall on my PC. I have three PC at home so I have a router.
I tend to trust it’s protections. Am I making a mistake?

As for my recent problem, it was outgoing email, though it was not using the outlook express. What does it indicate? What method was used for outgoing? Is it something that should be blocked by sort of FW?

On slightly another issue -
After the correction of the problem I had, and running some additional Scans and tools I get one strange thing. In some sites I get windows with this message -
“Your current security settings prohibit running ActiveX controls on this page. As a result the page may not display correctly”

I didn’t have it before so I assume it is a result of some action done for protectin.
Playing with the IE/tools/option/security/costum does not make any difference.
It is my guess that some tool blocks it externally, but I don’t know which and where.
How can I find out what blocks ActiveX?
Maybe it is better and safer to leave this blocking?
It is annouyning to get these popups, and at lest where I got it, is a trusted site.

Thanks,
Yakov.

Sadly you are as your router doesn’t provide outbound protection.

Many of these trojan spam bots have their own smtp email program but because it still uses email protocols avast monitors it but because spam isn’t detected as a virus or suspicious unless there are many in a short time period they get out. avast providing at least some indication of activity.

It is likely to have been a recent windows security update, changes in how IE works, I stopped using IE a long time ago where ever possible. The custom settings should be able to restore it, it will be buried somewhere in the active scripting. Personally I believe activeX is a vulnerability and MS finally recognised this and it has changed how IE handles activeX scripts.

This change should have happened a some time ago but MS put it off to allow sites that use activeX to conform to the new standard, so it is possible that these problems relates to sites that have yet to conform to the new standard.

I have been using firefox for some considerable time now and it doesn’t have activeX and it is a rare occasion that the site requires activeX in order to display properly, etc. You could try an alternative browser that doesn’t use activeX, Opera or Firefox.

As for browser, I need good Hebrew support. Unfortunately, nothing elese gets even near IE.

About the outbound - how does FW prevent it? Does it restrict the usable port? Can’t this be done by router? In general, I was verry happy to get rid of runnig FW, especially on my oldest PC, a 950MHz Celeron.

Any recomendation for easy going’ free nice FW that can do only the ADDITIONAL work’ that router avoids?

I used to have Norton, both AV and FW. It was killing my PC.
That’s one of the main reason I stopped using it, and changed to avast!..

Thanks.

By user assigned permission. Each application/program that wants to access the internet would need permission. The user choices are usually - allow, block,or ask. There are also user defined rules for customizing. For example, you could allow ie access to this site only. If ie tried to go to another site, it would either be blocked or ask you for permission, depending on your settings.

Jetico,sygate,zone alarm, I’m not sure about comodo. There are probably others. You would have to look at them to see if they meet your needs. A search of this forum for firewalls will retun many results.

I haven’t seen any firewall that only protects outbound (the ‘additional’) protection.
A software firewall must protect both inbound and outbound.
An easy one? ZoneAlarm or Outpost (free).
A better (advanced) one, that allow rules, Comodo or Kerio.