Author Topic: Processes Running  (Read 5852 times)

0 Members and 1 Guest are viewing this topic.

Danondo

  • Guest
Processes Running
« on: December 02, 2006, 04:14:17 PM »
I've been notified by my DSL provider that I may have a Trojan running which may be causing some unusual traffic.  Could anyone tell me which processes should be running for Avast Home Edition with Windows XP. I looked at the processes running and I can identify all but one which is:
aswUpd5v.exe
Is this a process for Avast?

mauserme

  • Guest
Re: Processes Running
« Reply #1 on: December 02, 2006, 04:27:33 PM »
aswUpSv.exe is a valid process for avast! (note 6th character is alpha S)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89659
  • No support PMs thanks
Re: Processes Running
« Reply #2 on: December 02, 2006, 04:47:26 PM »
I've been notified by my DSL provider that I may have a Trojan running which may be causing some unusual traffic.  Could anyone tell me which processes should be running for Avast Home Edition with Windows XP. I looked at the processes running and I can identify all but one which is:
aswUpd5v.exe
Is this a process for Avast?

Are you sure it is from your DSL provider ?
Why would they tell you this ?
What is the content of the message ?

There have been a number of social engineering emails purporting that your system is infected when the purpose is to get you to install and update, attachment or visit a link to install a patch/update. This in fact infects your system, so you need to exercise extreme care when this form of unsolicited email arrives in your inbox.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Danondo

  • Guest
Re: Processes Running
« Reply #3 on: December 02, 2006, 05:04:25 PM »
Yes I'm Sure It Is a an E-mail from my DSL provider.  I contacted them about the e-mail and they had me run the Microsoft Onecare (I think it was called) Virus and Spyware scan. Thanks for your response. 

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Processes Running
« Reply #4 on: December 02, 2006, 05:31:19 PM »
The following process should be running:

ashServ.exe (avast! antivirus service: the resident protection)
aswUpdSv.exe (avast! Update Service)
ashWebSv.exe (avast! Web Scanner service)
ashMaiSv.exe (avast! e-Mail Scanner service)
ashDisp.exe (the interface, the icon on system tray).
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89659
  • No support PMs thanks
Re: Processes Running
« Reply #5 on: December 02, 2006, 05:35:15 PM »
Yes I'm Sure It Is a an E-mail from my DSL provider.  I contacted them about the e-mail and they had me run the Microsoft Onecare (I think it was called) Virus and Spyware scan. Thanks for your response. 

OK, but what was the information they gave to justify their suspicions, mass mail from you, etc. what traffic ?

Do you have a firewall, if so what ?

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Danondo

  • Guest
Re: Processes Running
« Reply #6 on: December 04, 2006, 03:41:02 PM »
I have a Linksys firewall.  I don't have any specific data from the DSL provider.  Is there anything you would suggest I ask for?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89659
  • No support PMs thanks
Re: Processes Running
« Reply #7 on: December 04, 2006, 04:01:44 PM »
The reason I ask about a firewall is I doubt you have outbound protection and whilst most hardware firewalls have good inbound protection almost all don't have any outbound protection. This could stop whatever it is that the ISP finds suspicious.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Comodo, Sunbelt Kerio, Jetico, etc.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml

I would have expected the ISP to say what activity that it finds suspicious/unusual, not simply make a sweeping statement 'unusual activity', ask them what it is that they find unusual and why.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Cactusjack

  • Guest
Re: Processes Running
« Reply #8 on: December 04, 2006, 09:58:22 PM »
I prefeer the Kerio Firewall. Way? he is easy to understand.
And creating no conflicts whit your other Software,and he is Free.
I use the Kerio now 9 months and I can not missing this remarkeble
Firewall,and olso in de Free version. This is after 30 days that he change
in The Free Kerio,1 function then is non actif,but it is not a importend
thing. So i am a happy user!

Danondo

  • Guest
Re: Processes Running
« Reply #9 on: December 05, 2006, 05:24:21 PM »
Thanks for your responses.  I did get a response from my e-mail to the DSL provider, this is a response from their SPAM filter system.  I forgot I have the Windows XP firewall that comes with Service Pack 2.  Is this an adequate firewall?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89659
  • No support PMs thanks
Re: Processes Running
« Reply #10 on: December 05, 2006, 05:35:04 PM »
Windows XP's firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn't provide outbound protection.

I would say you need to look at a third party firewall to protect against unauthorised outbound connections. Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

So check out the links I gave before about firewalls. If as your ISP is saying it is Spam originating from your system you need outbound protection and also run either of the programs AVG anti-spyware or a-squared and see if they find any trojan spambot/mass mailer.

I would also suggest you put the avast Internet Mail provider on High sensitivity.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Processes Running
« Reply #11 on: December 05, 2006, 05:42:40 PM »
You should consider a third party firewall
If you want a suggestion  ;D
Comodo, Kerio, ZoneAlarm and Outpost (even the free version) are some freeware options.
The best things in life are free.

Danondo

  • Guest
Re: Processes Running
« Reply #12 on: December 05, 2006, 09:03:46 PM »
I get the message POP RPC Server is trying to act as a server
as soon as I restarted after turning on ZoneAlarm.  Should I
Allow or Deny this?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89659
  • No support PMs thanks
Re: Processes Running
« Reply #13 on: December 05, 2006, 10:22:13 PM »
I assume that you weren't trying to connect with your email program ?
What is your email program ?

I would certainly deny 'POP RPC Server' access as a server and probably internet access completely, this is not something that I have heard of before and could simply be something trying to look sort of official.

Then check and see if you can use you email normally, if you can it is a good indication that it is the malware possibly sending out spam. If you can't use your email as normal, send, receive, then it is simple to delete the entry for POP RPC Server in ZoneAlarm.

A google search for 'POP RPC Server trojan' without the quotes returns many hits, many relating to MS Outlook (not express) and a vulnerability in XP so if your XP isn't SP2 (?) and fully up to date I suggest an urgent visit to windows update.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci928211,00.html?newsEL=10.13
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Processes Running
« Reply #14 on: December 06, 2006, 01:01:04 AM »
I get the message POP RPC Server is trying to act as a server as soon as I restarted after turning on ZoneAlarm.  Should I Allow or Deny this?
Can you post more info about the program (and the path of the executable) trying to connect the Internet and allow connections from Internet in this case (act like a server)?
The best things in life are free.