Author Topic: problem with Ashmaisv.exe  (Read 4622 times)

0 Members and 1 Guest are viewing this topic.

bertjan

  • Guest
problem with Ashmaisv.exe
« on: January 03, 2007, 04:08:18 PM »
Hi all you experts,

since a few weeks I have problems which I suspect are related to Avast. When I first started using Avast, several months ago, I regularly got the error 'concurrent connections limit in avast exceeded ' in outlook express running under XP. By setting Maxconnections to 50 I managed to solve this problem.
 
Until a few weeks ago. The problem is back, and added to that, the computer has become very slow. If I look in task manager I see that the process ' ashmaisv.exe'  is using close to 100% of CPU time, irrespective of whether Outlook Express is open or not.
 
If I disable this process, everything runs as smoothly and as fast as before, so I have the impression  ' ashmaisv.exe'   is the cause. Why it's active all the time however, I don' t know.
 
I've set maxconnections to 150 now, but that doesn;t seem to help.
 
As a first solution I've reinstalled Avast, and it worked fine for a week, then it went back to the same problem.

operating system : XP + SP2
avast 4.7 home ed. VPS 0666-1
Connection: ADSL, windows firewall

please give me your advice
 
Thanks
BertJan

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: problem with Ashmaisv.exe
« Reply #1 on: January 03, 2007, 04:18:03 PM »
If you enable the 'Show detailed info on performed actions' it should show you if anything is actually being scanned.



It could be a trojan sending spam or another program using one of the email ports that avast monitors for non-email protocols.

What are you doing when this happens, e.g sending or receiving, browsing, p2p, news group downloader, etc. what ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bertjan

  • Guest
Re: problem with Ashmaisv.exe
« Reply #2 on: January 03, 2007, 04:29:09 PM »
I normally use my computer only for browsing and limited home office use.

The problem seems to be there always, I have not been able to identify any action that triggers it. It could be related to having installed Skype a few weeks ago, but I think the problem was there before I installed Skype

I have run adaware (newly updated) to see if I had any trojans, but found nothing

Main problem: I am not able to get the screen you show. I have no idea where to enable what you suggest.

thanks

BertJan

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: problem with Ashmaisv.exe
« Reply #3 on: January 03, 2007, 04:47:59 PM »
Click on the avast icon the window that pops-up is the avast on-access scanner one in my image if you don't see the Installed Providers icons, click the Details button at the bottom of the window. Select the Internet Mail icon and click customize, not you will see the second window Resident Task Settings.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bertjan

  • Guest
Re: problem with Ashmaisv.exe
« Reply #4 on: January 03, 2007, 05:06:05 PM »
Did as you said. Indeed I have some trojan sending about 1 email per second.

Any advice on how to catch the bugger?

BertJan

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: problem with Ashmaisv.exe
« Reply #5 on: January 03, 2007, 06:50:56 PM »
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

These spambot trojans are often difficult to detect as there is no harmful effect, ither than this clogging of system resources and sending spam.

Your firewall should be able to stop unauthorised outbound connections, unfortunately XP's firewall provides no such protection.
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
- Zone Alarm free http://www.zonelabs.com works fine with avast and has a reasonably friendly user interface. There are others, Comodo, Sunbelt Kerio, Jetico, etc.
See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml

You could also try TCPView which shows what connections are established and what program/file initiated them, get it at http://www.microsoft.com/technet/sysinternals/default.mspx .

If none of the above detects it, I would like to hope one of them should be able to detect it, then try HiJackThis, useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
On-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
X-RayPc Spyware Remover Process Analyzer http://www.x-raypc.com/

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

bertjan

  • Guest
Re: problem with Ashmaisv.exe
« Reply #6 on: January 03, 2007, 10:36:54 PM »
I updated AdAware agent, and ran it again. It found 2 copies of something called WIN32.TROJAN.AGENT.

These were quarantined, and the problem is gone

Funny thing is that exactly the time that  Adaware found these 2 while it was scanning the entire harddisk,  Avast recognised them as well.

That makes me wonder how they ever got in, past Avast. It doesn't make sense: Either Avast knows them, in which case they should never have gotten in, or it doesn't know them, but how can it then 'see' them at exactly the same moment that Adaware finds them.

I'll try to upgrade my firewall, thanks for the advice.

BertJan

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: problem with Ashmaisv.exe
« Reply #7 on: January 03, 2007, 10:55:53 PM »

Funny thing is that exactly the time that Adaware found these 2 while it was scanning the entire harddisk, Avast recognised them as well.

That makes me wonder how they ever got in, past Avast. It doesn't make sense: Either Avast knows them, in which case they should never have gotten in, or it doesn't know them, but how can it then 'see' them at exactly the same moment that Adaware finds them.

BertJan

The vps was updated today, maybe it was just added to avast.....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: problem with Ashmaisv.exe
« Reply #8 on: January 03, 2007, 11:01:48 PM »
but how can it then 'see' them at exactly the same moment that Adaware finds them.
Which is your sensitivity level of avast? High or Normal?
Are new opened/created/modified files scanned?
If so, when Adware 'opened' the file to scan, avast caught them!  ;)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: problem with Ashmaisv.exe
« Reply #9 on: January 03, 2007, 11:14:21 PM »
It entirely depends on the file name and location where they were found, the file could have been opened by AdAware and then detected by avast. Another consideration, that this was only recently added to the avast signatures.

Yet another as avast is a specialist anti-virus program it does however, detect a lot of spyware which trojans are likely to be. This is a very good reason for using a multi-application approach to security. AdAware you have avast you have, your going to upgrade your firewall so you should add one of the specialist anti-spyware tools like, Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security