Virus? Unknown icon in systray I think is sending emails

Hello,

I have an unknown icon in my systray that I’m having trouble removing and I believe it is either a spam sender or dialer. I can’t do anything to the icon but everytime I hover my mouse over it I can see approximately 3 different web addresses that constantly change. I’ve tried to right-click on it and I can’t do anything. I’ve run scans using both Ad-Aware and Avast and they haven’t found anything but I know something is wrong because I received a notice from Comcast saying my connection is being used to send unwanted emails.

Does anybody know what this icon or virus is? The icon looks like letter with a blue dot on it.

Please, please help

Can you go to the Internet Mail provider settings > Customize > Advanced tab and uncheck the option for an icon in the system tray?
Boot. Will the icon reapper?

If that option is not checked, can you post a screenshot of the icon?

It’s the icon on the left. As you can see, the unknown IP addresses are what’s concerning me because these are constantly changing and I don’t know why my system would be trying to connect to these.

This is really scaring me.

It’s an avast icon… The Internet Mail provider is scanning your emails.

No need for that…
If in next boot the icon comes back, well let’s figure out what is happening. If not, don’t worry. 8)

How can I tell if it’s scanning outbound or inbound emails? Why then would I receive the following message from Comcast:

We have confirmed that your computer has been involved in transmitting unsolicited email, an activity that is in violation of the Comcast Terms of Service Agreement. The reporting parties have provided email header information, which identifies the IP address of the computer that was transmitting the email. The IP address listed was one that was assigned to your computer at the date and time in question.

To see if avast! is scanning emails, check one of these points:

  1. Is the avast icon (the special one of email scanning) be shown in the system tray?

  2. Is your email header with the lines X-Antivirus: avast! (VPS 0XXX-X, XX/XX/2005), Inbound message and X-Antivirus-Status: Clean? (Right click the message, choose Properties and Details)

  3. Are clean notes added at the bottom of the email? (Internet Mail provider settings)

Because it’s very simple for Comcast to make you’re guilty of a thing OF COURSE you’re not: your email address was hijacked and it’s being used to send spam and viruses from other machines… but, Comcast will be right if you’re really infected and the emails are being send by your own machine. Did you run a full avast scanning? What about other spyware scannings?

If you haven’t already got this software (freeware), download, install, update and run it.

  1. Spybot Search and Destroy
  2. Spywareblaster Don’t install this until you are clean.
  3. Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

Run Ewido as that is more likely to find any trojan which may well be responsible for sending emails.

Do you have a firewall as that should be a first line of defence against outbound internet connections? - please don’t say xp’s filewall.
Windows XP’s firewall is almost worse than useless (but better than no firewall), it lulls you into a false sense of protection, it doesn’t provide outbound protection. So anything that penetrates your defenses can connect to the internet and transfer data (sensitive or otherwise) or download more of the same.
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall. Zone Alarm free works well with avast and has a reasonably friendly user interface. There are other free firewalls such as Kerio a google search for free firewall should return more info, etc.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.