Suspicious Message

Hello,

I have Avast 4.8 Professional. Build Jul2008 4.8.1229. According to the log, my data base was updated yesterday.

I Use XP Professional and Outlook 2003.

I have an avast virus warning message popping up multiple times until it finds at least 22 different instances. The messages state:

Suspicious Message!
There are too many identical e-mails in appointed time.

Sender: “UPS” badq@bonusbooks.com
Recipient: mwansbrough@tafisa.ca
Sublect: UPS INVOICE 8238597476There are too many identical e-mails in appointed tiem.

Sender: “UPS” ioyooaudpy@borsholm.com
Recipient: mwansbrough@tafisa.ca; sales@lcieng.ca
Subject: UPS INVOICE 8881695554There are too many identical e-mails in appointed time

Sender: “UPS” ooyabwrw@bobmilano.com
Recipient: mwansbrough@tafisa.ca; sales@lcieng.ca; felsch@wiband.ca
Subject: UPS INVOICE 7311050595

Then your message window has three buttons on the bottom;
Delete (which is grayed out) Continue and Don’t Send.

If I use continue or Don’t send in any fashion, I keep getting up to 21 more messages, all with different senders and recipients.

This is happening when I am connected to the web. When I disconnect the DLS modem, these messages do not come up.

I disconnected the DSL modem and I scheduled a boot time scan. I did not find anything in the log.

The messages take up so much space on the screen, it is very difficult to navigate anything on the screen.

Can you help please??

Alex


Welcome to the forums, Alex.

It appears that you have a spambot infection.

Please download HijackThis from the link below, run the program but do not make any fixes, and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted. OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.

http://filehippo.com/download_hijackthis/


I ran Spyware and found nohing. Is you suggestion a better or different program?

Alex

Do what CharleyO says in his post.

CharleyO’s suggestion is to download and use a through malware detection and analysis tool (Trend Micro HijackThis 2.0.2)

What spyware ?

Over and above HiJackThis, this is one of the better anti-spyware applications.

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
SUPERantispyware On-Demand only in free version.

It is possible that this is hidden by another piece of malware.

hello,
I have Avast 4.8 home edition.i,m getting troubled by “Avast suspicious message” pop ups since past few hours.i have read your forum and scanned my pc with “hijachthis”.i am posting the log here.please tell me how can i fix the problem.
appreciate your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:50 AM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU..\Run: [AWMON] “C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe”
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip..{6BF60CCC-794C-49E5-9FF5-2CFDE07ED005}: NameServer = 203.115.71.66 203.115.81.38
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe


End of file - 3459 bytes

O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll (This is a problem)

Suggest you follow Davidr’s instructions to remove.
Are you running a firewall?
Update to Windows XP service pack 3 (Service packs increase the safety of your system)

joshitushar
please start your own thread - No more posts in Woodwine’s thread
tednelly
let’s not guess to whom you are replying
joshitushar
tednelly was posting about YOUR 020 entry
carry on
download and run Malware Bytes Anti Malware AND Rogue Remover
click “REMOVE”
post the logs and an new HJT in your new thread (when you FIX the 020)

Woodwine exactly which “spyware” did you run
waiting to hear from you
please ignore the Joshitushar thread hijack :slight_smile:

wyrmrider
duh! gee!! sorry pal-- thought that the reply would be pretty obvious as it was directly after the a HJT log posted by?? joshitushar
this is the only post containing any reference to 020 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
Sheesh!!

tednelly was posting about YOUR 020 entry carry on
Really don't like carrying ON!? OK if I must......again!! As I have already posted Davidr's suggestion will go a long way to solve the O20 - Winlogon Notify: WinCtrl32 problem [b]joshitushar[/b]

There is no need for duplicate/multiple malware removal programs SUPERantispyware will do just fine.

Just in case??
joshitushar Firewall? XPSP3? Post HJT log file after SUPERantispyware Scan
woodnwine please follow advice offered.

PS Hope naming conventions meet with your approval

Jolly good show
Clear to you and me and probably joshitushar- to whom the “carry on” was directed

so far OP Woodnwine is AWOL and most likely still a SPAMBOT

Woodnwine
Read the stickie at the top of this forum for HJT instructions
being a SPAMBOT can make you very unpopular

Not only a spambot but given the email’s Subject/title, the outbound email could also be malicious.

I have seen this subject UPS INVOICE 8238597476 previously related to malware, either there is an attachment to open for the invoice or a web link to view the invoice, either of which is designed/likely to infect the recipient.

So it is potentially more serious than a spambot, a shame that woodnwine hasn’t been back in almost three weeks :frowning:

HI
I sent woodnwine a friendly E-Mail expressing our concerns

I’m of the opinion that you can lead a horse to water but you can’t make them drink. The same is true of information, you can give it but it is a two way process and we shouldn’t have to chase people to help them.

Sorry if that sounds harsh but it is a reality as many topics in the forums in the forums attest, some people only ever post once.

Am I losing time reading all this thread…? ???
Why do people ask for help and do not come back? :cry:


There could be a few reasons, I guess, and one could be that he was blocked by his ISP for spamming.


Hi , here is my log file, please analyse and suggest me with solution to disable the suspecious pop up dialog box:

Hi , here is my log file, please analyse and suggest me with solution to disable the suspecious pop up dialog box:
Hi sathish 1: Last post in this tread was done August 25. 2008 2: If you have a problem start a new post, not inside an old