potential virus detected.

I’m quite new to avast anti-virus. upon using it, i noticed that ‘Internet Mail’ under on-access scanner is constantly scanning e-mail messages by the thousands. i do not recall having used any internet mail client in my computer and i do not use outlook. now i’m wondering where all these e-mails is coming from. and recently it has been detecting suspicious mail. below is the message given. there’s 3 buttons, delete, continue and don’t send, whereas delete is unclickable.

Suspicious whitespace sequence

Sender: Duane Bishop 22len@abercrombiekent.com.au
Recipient: altimeter@narod.ru
Subject: Ñîçäàíèå ñàéòîâ, ðàñêðóòêà, ïðîäâèæåíèå

i need help in countering this problem. where is the source of all these e-mails? how, if possible, can i stop this unnessary scanning? and what tips could i get in configuring avast?

the problems i had before i reformatted my computer seems to be coming back. [unable to minimize certain programs, error in explorer.exe upon shutdown] if anyone would know how to correct these errors, i would much appreciate the help. :slight_smile: thank you.


Welcome to the forums, Olorin ! :slight_smile:

Please give us a little more info about your computer … such as OS, any past av program, have you done a virus scan with avast, do you have a firewall? Also, do you have any other anti-malware programs such as Ad-Aware, Spybot-S&D, ewido, a-squared, etc? ???

Please reply as soon as possible with more info.


I may be having a similar problem.
Not a new user. On-Access Scanner is busily popping up the blue note at bottom right for two days solid now, continuous. Well, sort of continuous…it spurts up 2, 5, 10 existing message subject lines, or so, then releases them, one after another until the blue note disappears. Then it takes another gulp and repeats. It seems to be working through all outlook folders, currently working in Sent Items folder, so it has come quite a ways thus far. I do not know if it is in Archives/Sent Items or Personal Folders/Sent Items, as there is no such indication.
Appears to be scanning each and every piece of mail though I can’t say for sure. I have no idea where to spy on this process’ origin or stage of completion, or even whether it is actually expected behavior or not.
If it is running some sort of deliberate maintenance, perhaps seeking Kama Sutra evidence?, which is what I first imagined upon seeing it in process.
If the behavior is expected, I would prefer that it do this work in the background without the perpetual messaging.

Thinking back, the sequence of events was that

  1. I became aware of the kama sutra situation a few days ago.
  2. I immediately started a disc scan using the tray icon Start-avast-antivirus path.
  3. Eureka, perhaps I should be CERTAIN that I have the latest updates.
  4. Stopped the scan.
  5. Forced the updates from the system tray.
  6. Received message to restart computer
  7. did so
  8. Working along for several hours when
  9. bluenote bluenote bluenote gang-o-bluenotes.

;D
Wat givs? How to proceed ?

XP Pro SP2, OL2003Pro, Dell Lat C840, more? ask.

Details above.PLEASE RESPOND! ???

I am going now to update my system details, as the signature line is not current yet, I see.

i’m using win2000…i used mcafee before this. and i’m using spybot s&d and spyware blaster. but i already delete the previous programs registry…it that might be the cause…

and duff…what do you mean by “1. I became aware of the kama sutra situation a few days ago.”??
just curious here.

Please be aware that the Internet Mail scanner does not ever scan the folders of your mail client. The internet Mail scanner has absolutely no idea what mail client you use or where the folders for your mail client are.

What the Internet Mail scanner does scan is mail that is being read into your system from an external mail server, as it is being read, and also outgoing mail as it is being created by your system and going to an external mail server.

What this sounds like - in both your reports - it that you have probably become infected with an email “spambot” that is using your system to generate mass mailings of spam.

You may wish to look at the recommendations in this thread:

http://forum.avast.com/index.php?topic=18648.msg158086#msg158086

Okay, well. The thread mentioned bore no resemblance whatsoever to the problem I have described above.

It is indeed the Avast On-Access Scanner blue-topped pop-up (same as the one that always has popped up with subject line when an email comes in; same as the one that has always popped up with subject line as I move through my mailboxes within Outlook). What is happening is the popup, instead of just signalling and scanning new mail as it arrives (as usual), is pretty much continuously flipping through my Outlook folders, as noted. I can see the folder titles and message subjects in the popup, and the title bar of the pop-up is (as in the two just-described ordinary circumstances) Avast On-Access Scanner.

Finally, one odd note. I ran Hijack this (and yes, it’s current) and I got these four lines, TWO OF THEM VERY ODD, referencing Avast:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Please Advise

Olorin-
Kama Sutra is a bad worm, set to go off today. News about it was released all during last week. Google it, for sure you will find much to gather on the details. Surely Avast has some resources on it here??? I only mentioned it because it was my awareness of the threat, and my action to avert the threat, which initiated my current drama.

Duff,

The “hijack this” lines you report happen for every user of avast and represent no problem.

It might prove useful to create (for a while) a more detailed avast! log of your mail connections.

You can get the mailscanner to log your connections by editing the avast4.ini file (in Program Files\Alwil Software\Avast4\DATA folder).

In the section headed:

[MailScanner]

add the line:

Log=20

and save the updated file.

The log will be in Program Files\Alwil Software\Avast4\DATA\log\ashmaisv.log

If you choose to share the log with us then please be sure to edit the log first and obscure any information personally identifiable to you.

Duff,

by the way on which provider(s), in the advanced tab, do you have “show detailed info on action performed” checked?

Are you using the Outlook plugin of avast or the Internet Mail provider?

Could you be a little more specific as to the advanced tab to which you referred? I don’t know where to gather that information for you.

When I open Outlook, the Alwil/Avast green & orange splash screen pops up, indicating that I am using the plugin. Also, there are 7 providers running in the On-Access Scanner. I don’t know if that answers your question adequately.

Here is the log content, after making the log=20 change you proposed. Hopefully I have struck a balance between privacy & usefulness:
02/02/06 15:53:53 00000378: Started as service, Log = 1(0x00000001)
02/02/06 15:53:53 00000378: Build 4.6.763
02/02/06 15:53:53 00000378: Windows XP Workstation (Service Pack 2)
02/02/06 15:53:53 00000378: Using WinSock 2.0
02/02/06 15:54:09 00000378: AutoRedirect settings changed 1(0x00000001)
02/02/06 15:54:28 00000378: IgnoreLocalhost settings changed 1(0x00000001)
02/02/06 15:54:28 00000378: POP Start settings changed: 1
02/02/06 15:54:29 00000378: POP Listen settings changed: xxx.x.x.x xxxxx
02/02/06 15:54:29 00000378: POP RedirectPort: xxx
02/02/06 15:54:29 00000378: SMTP Start settings changed: 1
02/02/06 15:54:29 00000378: SMTP Listen settings changed: xxx.x.x.x xxxxx
02/02/06 15:54:29 00000378: SMTP RedirectPort: xx
02/02/06 15:54:29 00000378: IMAP Start settings changed: 1
02/02/06 15:54:29 00000378: IMAP Listen settings changed: xxx.x.x.x xxxxx
02/02/06 15:54:29 00000378: IMAP RedirectPort: xxx
02/02/06 15:54:29 00000378: NNTP Start settings changed: 1
02/02/06 15:54:29 00000378: NNTP Listen settings changed: xxx.x.x.x xxxxx
02/02/06 15:54:29 00000378: NNTP RedirectPort: xxx
02/03/06 23:02:17 00000378: Log settings changed 20(0x00000014)

Also, it’s still behaving as described.
Is it possible that a particular specialized avast scan is underway, and is that something that I can confirm or monitor?

Please advise.

The messages (below the blue bar labeled avast! On-Access Scanner Message) read:

Scanning\Inbox\whatever subfolder<Subj:whatever the subject is

or, depending on who-knows-what, perhaps

Scanning\Sent Items<Subj:whatever the subject is

Duff,

if you select the Outlook/Exchange provider click “Customize” and then go to the “Advanced” tab do you have the “show detailed info on action performed” box checked?

Yes I do have that box checked. Also: THIS IS THE PROCESS that is scanning as described. AH! that was also the solution. Turning of that switch.
Now then.
MESSAGE TO PROGRAMMERS:
How did it get switched on?
Was that a default that got reset with the program update, and if so, why? SEVERAL HOURS OF WASTED TWEAKING INVOLVED HERE!
As well as screen interruptions making all other programs and work that I’ve been trying to focus on, FAR more difficult to use. I strongly recommend not flipping that switch in future program updates. Thank You.

As I look back over that hijack this log, more sense emerges.
Please advise what other settings switches have been altered.
I can’t bear any more unscheduled chaotic behavior from my antivirus product. I promise that I will seriously consider the paid version (which I already had been moving toward when this happened) if you will please identify what mysteries have been altered, or ppoint me in the direction where those CHANGES TO SETTINGS are specifically detailed.

Finally, Alanrf, if there are points to be given for problem solving, you get my unfettered vote. Triumph, baby. Right on.

Oh. Also. Olorin’s problem is not solved, & on reflection I completely hijacked his thread, thinking at first that I had the same problem. Perhaps this can be fixed at the moderator level, with a more appropriate title for my problem. Such a:
“Default Settings Changes on Update Caused Bothersome Display-Related Program Quirks,” perhaps. =)

as. “Such as:”

Duff,

I speak as just an avast user and if I have assisted you a little in detecting your issue then I am glad, but if this switch had been turned on by the latest update for all avast users of Outlook I am sure we would be seeing more comments about it in this forum. I will leave it to the avast team to ponder how it may have been changed for you.

The only time I have been aware of unexpected changes (for myself and others I support) has been after using the “Repair” function of avast but that has typically involved turning on providers that had previously been turned off.

I hope that avast will continue to behave itself for you.

As for Olorin … we will continue to try to find a resolution there too.

Olórin,

may we get a little information about your system? Which operating system do you use? Do you use a firewall on your system? If you do which one do you use?

Am I correct in understanding that you do not use any email program on your system to send email?