Weird secure connections...

Hallo, first of let me apologize if this is the wrong forum, i am new here, and are desperately seeking help… Thought this must be the best place to ask…

I am running a Avast 5.0.462, pro version… And have it to secure everything, update, in other words using full protection… So everything should be perfect… And I am happy with it, I love the program, full credit for that…

But here is my problem, today I went to my computer who had been running for quiet some time (a few hours) by its own, just standing there. and there was about 10-15 messages from avast, saying that my mail client have a secured connection to some SMTP server… And then a Ip and a Russian site… The message was the same in every pop up, only different was that the IP and site changes…

The problem is, I never used a mail program, I use web mail only, with no programs installed for that… and I have no idea what sites this is… I have never heard of them…

I would be lying if I said that this isn’t frighting me… I don’t like that some server have connection to my computer… How do I stop it? and is this some kind of hacker or?

While I was registering to this site, 3 new pop up showed up, and while I was writing this yet 10 more popup… all the same story…

I took a screenshot of one of them that I have posted below… I hope to hear from you very soon… Thank you very much for your time…

One message:
http://img9.imageshack.us/i/avast1p.jpg/

My whole screen covered with them…
http://img707.imageshack.us/i/avast2w.jpg/

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

Hallo again…

Thank you for your quick answer…

I have scanned with the two programs you told me, and they both found something so I have posted the logs bellow… So far I have not got any new messages from avast…

Thank very much again for your help…

Malwarebytes’ Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23-03-2010 17:00:23
mbam-log-2010-03-23 (17-00-17).txt

Skan type: Hurtig skanning
Objekter skannet: 113549
Tid tilbagelagt: 6 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\w3svapi32.dll (Trojan.Agent) → No action taken.

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\w3svapi32.dll (Trojan.Agent) → No action taken.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2010 at 05:27 PM

Application Version : 4.34.1000

Core Rules Database Version : 4715
Trace Rules Database Version: 2527

Scan type : Quick Scan
Total Scan Time : 00:22:04

Memory items scanned : 552
Memory threats detected : 0
Registry items scanned : 476
Registry threats detected : 0
File items scanned : 8099
File threats detected : 2

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\77F63818.DLL
C:\WINDOWS\SYSTEM32\C423E104.DLL

your Malwarebytes log say " No Action Taken "
so scan again and when finish you click the " Remove Selected " button ( Fjern det valgte ) knappen

And you did not update MBAM before the scan, it say Database version: 3510…latest is 3905

Sorry… I have posted the wrong log… ::slight_smile: (I saved that log just in case, before I clicked remove…) But I found the right log now, and posted that one… I also updated it, and scanned it again… This time it didn’t find any files…

Malwarebytes’ Anti-Malware 1.44
Database version: 3905
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23-03-2010 19:06:18
mbam-log-2010-03-23 (19-06-18).txt

Skan type: Hurtig skanning
Objekter skannet: 124859
Tid tilbagelagt: 5 minute(s), 19 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


Malwarebytes’ Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23-03-2010 17:00:47
mbam-log-2010-03-23 (17-00-47).txt

Skan type: Hurtig skanning
Objekter skannet: 113549
Tid tilbagelagt: 6 minute(s), 56 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\w3svapi32.dll (Trojan.Agent) → Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\w3svapi32.dll (Trojan.Agent) → Delete on reboot.

And if all problems are gone ? …da er du sikkert ren og pen… ;D

Haha :wink:

Yes I think they are gone it have not been there again… So it should be over ;D

Thank you very much for your time I appreciate it…

Mange takk for hjelpen :wink: