Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jamesptt on June 28, 2005, 07:51:45 AM
-
Hey, I've been using Avast for awhile and this is the first time that I've ever recieved this message:
There are too many identical e-mails in appointed time
Sender:
Recipient:
Subject: There are too many identical e-mails in appointed time
Sender:
Recipient:
Subject:
I get dozens of these pop-ups from the scanner and even these:
There are too many identical e-mails in appointed time
Sender: "Violeta CastaƱeda" <Salvador@gmail.com>
Recipient: clargen@yahoo.com
Subject: Millones de Personas en Mexico Veran su PublicidadThere are too many identical e-mails in appointed time
Sender: "David Aguilera" <Mora@gmail.com>
Recipient: clargen@yahoo.com; "Cincotam" <cincotam@yahoo.com>
Subject: Unicas Actualizadas al 1ero de Junio de 2005There are too many identical e-mails in appointed time
Sender: "David Aguilera" <Mora@gmail.com>
Recipient: clargen@yahoo.com; "Cincotam" <cincotam@yahoo.com>
Subject: Unicas Actualizadas al 1ero de Junio de 2005
I don't know any of these people and I don't speak spanish, so I can only assume this is due to a malicious virus that is on the computer - I scanned and found a trojan and deleted it, but continued to get this message?
Any suggestions?
I can be reached through this post and through my e-mail address: james.plett at gmail dot com
Thanks!
James
-
You may have a worm trying to send out spam emails.
Please ensure you have the latest definitions and then schedule a boot time scan.
Right click on the avast! icon, select Start avast! anti-virus. If avast! detects a worm in memory, it will ask you if you want to schedule a boot time scan: accept. If avast! doesn't detect anything in memory, click the drop down menu (top left) and schedule a boot time scan from there.
-
Will do.
I am also recieving warnings from avast! telling me internet connection time outs and such, the source of the problem seeming to be fnhbh.exe.
Any ideas?
-
Random filenames are usually malware. Nothing comes up on Google about his file. It is almost certainly a malware process.
If avast! doesn't remove it during a boot time scan, you could submit the file to Jotti's scanner, to see what a variety of anti-virus scanners say about it:
http://virusscan.jotti.org/
-
Ok, I ran it, and deleted all viruses. Before that I also ran Microsoft Anti-Spyware and that took out a bunch of stuff, but upon boot up avast detected installer.exe as adware, I removed that but the problem see be as bad as ever.
I'll try that scanner you suggested, but I really have no idea what to do after that.
James
-
Hi James,
Ewido anti-trojan scanner is also worth a try.
http://www.ewido.net/en/
The new Microsoft Malicious Software Removal Tool will remove some rootkits and many worms. Download it here:
http://www.microsoft.com/security/malwareremove/default.mspx
If these fail you could do a HijackThis scan and post the log file:
Instructions here:
http://www.bleepingcomputer.com/forums/tutorial42.html
(http://www.bleepingcomputer.com/forums/tutorial42.html)
-
Thanks alot, that seemed to have solve the problem.
I'm going to download the Software Removal Tool to take out the fnhbh.exe file - I also found another one that one fo the scanners found as a worm, so that ought to finish the spyware problem on this computer.
Thanks again! You've been a great help.
-
I get the same "There are too many identical e-mails in appointed time" error when I am sending, but I know it's the amount of emails I am sending. I need to notify a number of club members at the same time, is there anyway to turn off this warning if it's from a known email account i.e. my own.
-
Is there anyway to turn off this warning if it's from a known email account i.e. my own.
I think not... you may disable all avast! scanning, you may disable the scanning for just one email account, but you can't use an exception list for the Heuristic Mail settings. Maybe you can just increase the value or, even, disable this specific option of the Heuristics.
-
You can if you change the sensitivity of the Internet Mail provider Heuristics to Custom and Then click the Heuristics Advanced Tab, there you can set the figure higher.
However, that will be used for everything not just sending email to club members. So if you got infected with a new virus or spamming trojan, etc. there would be no stopping multiple emails being sent out that are either spam or virus, etc. Possibly a better option id to temporarily disable outbound email checks, send your email to the club members and enable it again.
-
Hi,
I am new in this forum but not with Avast (almost installed @ home for 1 year now :) ) and I have installed it in the whole family network and friends ....
Well, I have this kind of message really often.
Strangely, nothing in the system looks like sending mail : eudora is shutdown, outlook is not running.
Oh, also, the from is always changing. It's not like a zombi which is sending mails (I had this also :( )
Since it's not a brut sender, sometime, nothing, sometime, many...
I have clean the system with a full scan and also with Spybot & adaware.
Nothing found, nothing suspicious.
It's only annoying :(
Only, no routeur to block the internet and only Windows XP friewall.
:P
??? what can it be?
-
It might prove useful to create (for a while) a more detailed avast! log of your mail connections.
You can get the mailscanner to log your connections by editing the avast4.ini file (in Program Files\Alwil Software\Avast4\DATA folder).
In the section headed:
[MailScanner]
add the line:
Log=20
and save the updated file.
The log will be in Program Files\Alwil Software\Avast4\DATA\log\ashmaisv.log
When you get the message the log will show you what process was connecting to which IP address. That should help give you a clue as to the cause.
-
8)
extract:
12/12/05 23:19:33 00000CE4: ->SMTP DATA
12/12/05 23:19:33 00000CE4: sent 50(0x00000032)
12/12/05 23:19:33 00000CE4: received 4983(0x00001377)
12/12/05 23:19:33 00000CE4: ProcessFile entrance E:\TEMP\_avast4_\unp49660997
12/12/05 23:19:33 00000CE4: ProcessFile 2 E-mail 'joeenova' De : "Oralie" Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile scan before E-mail 'joeenova' De : "Oralie" Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile scan after E-mail 'joeenova' De : "Oralie" Xupufatex@hotmail.co, A : joeenova@yahoo.co
12/12/05 23:19:33 00000CE4: ProcessFile exit 1(0x00000001)
12/12/05 23:19:33 00000CE4: --SMTP Mail is clean
12/12/05 23:19:33 00000CE4: sent 6(0x00000006)
12/12/05 23:19:33 00000CE4: received 14(0x0000000E)
12/12/05 23:19:33 00000CE4: <-SMTP 354 go ahead
12/12/05 23:19:33 00000CE4: --SMTP Modified message to send: E:\TEMP\_avast4_\unp49660997
12/12/05 23:19:33 00000CE4: sent 4983(0x00001377)
12/12/05 23:19:33 00000E14: received 100(0x00000064)
12/12/05 23:19:33 00000E14: <-SMTP 451 mta217.mail.mud.yahoo.com Resources temporarily unavailable. Please try again later [#4.16.5].
12/12/05 23:19:33 00000E14: sent 100(0x00000064)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: received 1(0x00000001)
12/12/05 23:19:34 00000E14: ->SMTP QUIT
12/12/05 23:19:34 00000E14: sent 6(0x00000006)
12/12/05 23:19:34 00000E14: received 31(0x0000001F)
12/12/05 23:19:34 00000E14: <-SMTP 221 mta217.mail.mud.yahoo.com
12/12/05 23:19:34 00000E14: sent 31(0x0000001F)
12/12/05 23:19:34 00000E14: connection closed 0(0x00000000)
12/12/05 23:19:34 00000E14: --SMTP Finishing connection handler
12/12/05 23:19:34 000066E8: SMTP accept connection from: 127.0.0.1
12/12/05 23:19:34 000066E8: Connection handler: 0x00006574
12/12/05 23:19:34 00006574: Ignored PIDs: 26244 13640 3120
12/12/05 23:19:34 00006574: Ignored Addresses: mine:119 127.0.0.1:119 mine:143 127.0.0.1:143 mine:25 127.0.0.1:25 mine:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
12/12/05 23:19:34 00006574: Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
12/12/05 23:19:34 00006574: --SMTP command REDIRECT 4.79.181.13:25 1392
12/12/05 23:19:34 00006574: PATH: \Device\HarddiskVolume1\WINDOWS\explorer.exe
Some external address are not mine ....
Rom
-
You might get infected by some kind of malware that turn your pc into botnet (zombie).
http://www.wilderssecurity.com/showthread.php?t=110550
-
Yes, that's what I am thiking.
Strangely, it's not occuring after having killed explorer.exe and restart one :)
I'll see with AVG, then (it's in the other topic)
Do you need the files for avast?
-
sndmix.dll -> infected by Downloader.Agent.AVZ ...
not found with Avast :o
-
sndmix.dll -> infected by Downloader.Agent.AVZ ... not found with Avast :o
Do you need the files for avast?
Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
-
Sure, will do :)
-
Damn, unable to zip it, copy it or do whatever I want.
There is a lock from winlogon.
So, I cannot send it to you or let me know how to do it :)
Rom
-
Can you add it to the User Files section of the avast chest (File, Add and navigate to the file) you can sedn it to avast from there.
This assumes you can unlock it, there are a number of programs that can do this 'WhoLockMe' is just one - http://www.pcworld.com/downloads/file_description/0,fid,25368,00.asp
-
Well,
It should be in the chest of AVG now...
I said should because the PC went down and looks like it doesn't really want to reboot...
It's an other story.
Be sure that if I can get this file, you will have it!
Rom
-
I said should because the PC went down and looks like it doesn't really want to reboot...
Do you have avast and AVG at the same time in the same computer? Both residents?
-
Hello all. First of all, sorry about my english. I only want to say that we have several customers that reported us the same problem: numerous messages with the message of "time out" related with winlogon.exe.
In all the cases we solved the problem with hijackthis, but I am sure that there is some malware circulating that is not detected by avast! not by the majority of antispyware programs (these customers tested many programs of this type), which were not finding anything in the troubled computers. And since it has been said hereabouts, it is a question of a program that uses the pc of the victim as a zombie to send spam.
-
Thanks for posting Juanjo. Knows this makes us comfortable.
This seems not only a malware cdoes not detected by a lot of programs. I'm thinking there is any rootkit technology involved with its behavior.
-
winlogon.exe depending on the location of the file is almost certainly some form of malware, possibly a component of W32.Netsky or a trojan backdoor, a google search will show this, http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/
A forum search for winlogon.exe would also return hits.
HJT is a very useful analysis tool to stop items from running.
These are usefull for an on-line analysis - HiJackThis Log file - On-line Analysis (http://hijackthis.de/index.php)
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2 (http://hjt.iamnotageek.com/)
-
I said should because the PC went down and looks like it doesn't really want to reboot...
Do you have avast and AVG at the same time in the same computer? Both residents?
Yes... found that...
Just put AVG as resident and stop service for Avast for the moment... I need to clean this sndmix.dll
By the way... sent to you ;)
-
Yes... found that...
Just put AVG as resident and stop service for Avast for the moment... I need to clean this sndmix.dll
By the way... sent to you ;)
You have everything to lose and nothing to earn doing that.
You will, for sure, conflict both antivirus. They aren't compatible as they were in the past.
-
I see but for the moment, I hve only one resident at the same time, not both of them :)
:P
-
You have two AVs installed that expect to be on-access Resident scanners.
They will each have registry entries for AVs that expect to be the resident scanner not a Shared Resident Scanner, that in itself can cause conflict. You have a simple choice to make avast or AVG as resident (Installed) AV and use an AV that is an on-demand only solution or an on-line scanners for backup.
-
I see but for the moment, I hve only one resident at the same time, not both of them :)
I won't be enough... Like David posted, you'll have drivers conflicts, Registry keys, services and files trying to be accessed.
The only secure way to have AVG 7 and avast is not EVEN INSTALLING one of the residents. Well, I've tried. If you have luck, go ahead, just my advice: you could have troubles ;)
-
Yes, only Avast as resident.
BTW, sndmix.dll is still there... unable to remove this bloddy file!
Well for the moment, even AVG7 can't do it. It found it, said that I have to reboot and the file is still there....
-
BTW, sndmix.dll is still there... unable to remove this bloddy file!
Scan with avast at boot time (schedule it) 8)
-
Hum, the only problem is that avast doesn't know this virus.... I've sent the file to your mail :)