Suspicious message?

[Iso-G]

Avast keep pop up a window show that a suspicious message.
the content is
"There are too many identical e-mails in appointed time",

the latest version of avast;
no e-mail client;

Hello loonsave and welcome to the forums,
I guess the alert message from heuristic scanning of the avast! email scanner.
No e-mail client on your comp installed avast!, so it means something may be sending emails like as spams or infected mails and your comp may be infected as Tech says.

And also, if any programs are connecting to internet through port 25, 110, 119 and 143, avast! e-mail scanner should scan the contents (when OS is Win 2000/NT/P only).

I think you could know which file is using those ports, 25, 110, 119 and 143, with TCPView or CurrPorts.
If a firewall was installed on your comp, it should give you info which application uses those ports.

I recommend you to install a firewall on your comp as the forum's members say here.
avast! doesn't have firewall features now, though I wish it to ALWIL.
(Although an independent firewall application from the anti-virus is fine, too.)

[loonsave]

so any recommanded firewall?

[DavidR]

Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Jetico, Sunbelt Kerio, etc.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml

There are also a few topics in the General forum about firewalls and avast.

[alanrf]

The recommendation from IsoG to use TCPView will show that avast (ashmaiSv.exe) is using the ports.  In fact, avast helps to hide email spambots in a way.

I'm sorry that loonsave felt unable to use my simple suggestion to identify the process.

I agree that a firewall can help to show the process, but all too often, especially when new to a firewall people are easily fooled into thinking that explorer.exe or winlogon.exe must be ok programs and give them outbound permission.  These are two of the most typically compromised processes that we have seen spambots using (and reported by avast when the connection timer was turned on by default by avast).

Unfortunately it seems that loonsave is reluctant to take any steps of self help.  Without active participation by loonsave the problem is not going to be solved simply by discussion in this forum. 

[loonsave]

Thanks for everyone help me to solve the problem although the problem still exists.
I really appreciate that the kindness of everyone here.

Unfortunately it seems that loonsave is reluctant to take any steps of self help. Without active participation by loonsave the problem is not going to be solved simply by discussion in this forum.

i can't participate too often because I lived outside,and the infected PC is my home PC,i only back to home every weekend,thant is the only time i can try to fixed the porblem.
Sorry for bringing any inconvenient to you all.

I'm sorry that loonsave felt unable to use my simple suggestion to identify the process.

hey,it is ok,i really appreciate that everyone that do thier best to help me.

[loonsave]

And also, if any programs are connecting to internet through port 25, 110, 119 and 143, avast! e-mail scanner should scan the contents (when OS is Win 2000/NT/P only).

i used TCPView,but non of the programs connect through port 25,110,119 and 143.

[loonsave]

I am using Jetico firewall now,will it affect my torrent download speed?
is this the problem?

[DavidR]

I don't think it should slow your torrent download much, it isn't scanning content, just access ports, etc.

Yes I would say that it could be a problem and probably the use of explorer.exe or rather a fake copy is a common malware trick as no one wants to delete explorer.exe. There is a copy of explorer.exe in my windows folder, its file properties shows it has a file size of 1,032,192,file version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), I'm using XP Pro SP2 and fully updated.

I suggest you block this in your firewall certainly until you identify if this is legitimate. I would also suggest that you check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

Though I can't understand why explorer would want to launch utorrent, can you explain what you were doing when the warning popped up, had you just launched utorrent from explorer, etc. ?

[loonsave]

i set my utorrent as auto start up.i can't settle it for now because i am not at my home now.

Anyway,i'll settle it a.s.a.p.Thanks for all help.

i'll settle it when i back to home,then i think i would need all your help,thanks!!!