Author Topic: "Potential Infection" Messages - Too frequent!  (Read 24241 times)

0 Members and 1 Guest are viewing this topic.

Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
"Potential Infection" Messages - Too frequent!
« on: May 03, 2007, 12:12:00 AM »
I had been using Avast Home Edition quite successfully since 2/1/06. 

About 1 week ago (or less) Avast began labeling 95% (OR MORE!)  of the email I receive as
"MULTI CONTENT TYPE HEADER HIGH DANGER."  VOICE: "Caution; potential infection was detected"
A big yellow round thing flashes.

It is happening both on forwards to groups of people that include me;
and messages from one person to me.  Actually the only common thing is
the message I get.


Op Sys:  Windows XP
Avast version:  4.7 Home Edition  4.7.0 0
VPS file:  Compilation date 4/13/07
               File version:  000733-1
Basic Hardware Config: "Intel Pentium D Processor 830 Computer"
Connection:  BellSouth DSL
Windows Firewall:  On


TIA for any help you can give me.  I did uninstall,  get a fresh download, installed it, and nothing is different.


Barbara T.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9346
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: "Potential Infection" Messages - Too frequent!
« Reply #1 on: May 03, 2007, 01:49:35 AM »
Thats controlled by Internet Mail provider. And you certanly are getting highly suspicious emails, otherwise avast! wouldn't warn you about it.
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: "Potential Infection" Messages - Too frequent!
« Reply #2 on: May 03, 2007, 03:06:59 AM »
Are there more info to help us to guess what is happening?
Like the time of the email (txt or html), your Internet Mail Provider settings for Heuristic and Heuristic (Advanced) tab of settings - maybe you can post a screenshot of them.
Do these messages have attachments? Which kind?
The best things in life are free.

Offline BorderCollie

  • Newbie
  • *
  • Posts: 1
Re: "Potential Infection" Messages - Too frequent!
« Reply #3 on: May 03, 2007, 03:12:41 AM »
I have just recently started getting the exact same warnings. My ISP is also Bellsouth DSL. I wonder if that is somehow related. At first I thought it was related to the content-type because all of the messages that caused the warnings had the following type:

Content-Type: multipart/alternative;

But when I received my registration message for this forum, it had the same type.

Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
Re: "Potential Infection" Messages - Too frequent!
« Reply #4 on: May 03, 2007, 05:26:06 AM »
Are there more info to help us to guess what is happening?
Like the time of the email (txt or html), your Internet Mail Provider settings for Heuristic and Heuristic (Advanced) tab of settings - maybe you can post a screenshot of them.
Do these messages have attachments? Which kind?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: "Potential Infection" Messages - Too frequent!
« Reply #5 on: May 03, 2007, 05:34:40 AM »
Is there a message that is not too personal to you where you could review the source of the message in your mail client, capture it, obscure any personal details and then post the results here?  I know, not a small task, but it would help.

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: "Potential Infection" Messages - Too frequent!
« Reply #6 on: May 03, 2007, 07:45:48 PM »
I too have got the same problem. MY ISP is also Bellsouth.
We have recently gotten DSL in my area. A friend has a different virus protection and is having the same problem.I"m wondering if Bell South is doing something to try to encourage us to use their virus protection.


Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
Re: "Potential Infection" Messages - Too frequent!
« Reply #7 on: May 03, 2007, 07:55:00 PM »
Thats controlled by Internet Mail provider. And you certanly are getting highly suspicious emails, otherwise avast! wouldn't warn you about it.

I talked to BellSouth techs last night and they say the mail is spam, but it is the same type messages I have always gotten from the same friends and NOT my description of spam which is from unwanted, unknown users.   I get none of that if my programs are on.

My anti-spam Comodo catches small fraction of the sames messages that Avast warns about.  BS Techs said I could contact the mfg. of my spam program.  In other words they deny responsibility.

BellSouth techs advised me to try BellSouth Web Mail and see if it happens there; it doesn't.  The messages that were giving me the warning that I let through had the attachments (usually forwards in HTML,  but sometimes jpeg attachments) still in tact in Bell S. webmail.  Does this tell you anything reliable?

When I allow these messages to come through anyway, most times the attachments are ripped and of course if they are suspicious I want that.  But why suddenly do all my friends (probably 10 different ones) send suspicious mail?

Here's what I have done other than talk to BellSouth techs:  uninstalled and reinstalled a clean download of 4.7 Home Edition of Avast; ran a thorough scan with Avast and nothing was found.  

I plan to capture what the other responders have requested and post them as additional information.

I appreciate so much your working with me further to resolve this problem.  

Barbara T.



Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: "Potential Infection" Messages - Too frequent!
« Reply #8 on: May 03, 2007, 08:16:18 PM »
I also started getting these alerts yesterday for an email from one individual. He's sent me 3 emails in the past 2 days, and all three I got this alert...

  • (Multiple Content-Type header - HIGH DANGER!).

Today I checked my mail via the web first (Bellsouth) and read the mail, deleted some spam, but there was an attachment there from this friend that I wanted to view. Since it was from the same person I got this alert from yesterday, I downloaded the file to desktop -- scanned it with avast to be sure it was clean -- then opened and read it. Later, when I checked my email with OE-6, I got the same alert, "Multiple Content-Type header - HIGH DANGER!" on that email from my friend that should have been clean.  The choices offered were only 'ignore' or 'delete'... no send to vault.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: "Potential Infection" Messages - Too frequent!
« Reply #9 on: May 03, 2007, 08:21:05 PM »
My friend has AVG virus potection. She is having the same problem. She is also with Bell South.
My opinion is that Bell South is wanting us to purchase a virus protection program.

Offline Spiritsongs

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1757
  • Ad-aware orientated Support forum(s)
Re: "Potential Infection" Messages - Too frequent!
« Reply #10 on: May 03, 2007, 08:33:26 PM »
 :)  Hi all, especially the 3 BellSouth Users :

     With 3 of you receiving the same "messages", sounds likely BellSouth is the
     "culprit" ; however, there is a small possibility that a "SpamBot" has
     gotten into your computer or one of your friends, stolen the addresses
     from an Address Book, and is sending "Messages" !?
     None of you 3 have mentioned IF you have any antiSPYWARE/antiTROJAN
     program(s) on your computer(s), which are most effective in fighting
     "them", the best probably being the "trial" version of AVG Antispyware,
      most easily downloaded from www.ewido.net !? At least it would be wise
     to run the Online Scanner available at the ewido site .
     Even Barbara's 1st post mentioned "Windows Firewall : On" ; a bad sign
     since that firewall is not very good .
For the Best in what counts in Life :
www.tacf.org

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: "Potential Infection" Messages - Too frequent!
« Reply #11 on: May 03, 2007, 08:42:14 PM »
I've got Ad-Aware SE, SpyBot S+D, AVG Anti Spyware, ZoneAlarm FW.  Just ran scans with Ad-Aware and SpyBot yesterday... nothing found.

BUT, these alerts are for 'incoming' emails from other people... not ones being sent out. My first thought yesterday was my friend (who uses Prodigy) had an infected computer because all other emails from other people came thru fine.  Then today I got 2 more alarms from that same person.

I've asked my friend to resend his email that got deleted so I can look at the header.  In the meantime, I've changed my OE-6 to leave mail on the server so I can look at there as well.

BTW... I'm still on Avast 4.7.942 in case you're wondering
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: "Potential Infection" Messages - Too frequent!
« Reply #12 on: May 03, 2007, 08:53:58 PM »
Rick,
is your email's you are receiving alert from,
are they being sent from a Yahoo address??
All the ones I receive from Yahoo show a potential virus.

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: "Potential Infection" Messages - Too frequent!
« Reply #13 on: May 03, 2007, 09:21:00 PM »
Rick,
is your email's you are receiving alert from,
are they being sent from a Yahoo address??
<snip>


No, they're from a Prodigy server.  I've had 3 of these alerts... all coming from the same person. Other emails come thru fine.

I still have an email from this friend from about 3 days ago. I just forwarded it to myself and it comes thru just fine... no alarms.  So either BellSouth has changed something in the past 2 days (of their hearders maybe?), or it's something else.  ???
« Last Edit: May 03, 2007, 09:24:44 PM by Rick F »
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
Re: "Potential Infection" Messages - Too frequent!
« Reply #14 on: May 03, 2007, 09:38:18 PM »
Are there more info to help us to guess what is happening?
Like the time of the email (txt or html), your Internet Mail Provider settings for Heuristic and Heuristic (Advanced) tab of settings - maybe you can post a screenshot of them.
Do these messages have attachments? Which kind?

The situation has changed somewhat but still a problem.

The emal is usually  html.

Today, unlike at first, Comodo (anti spam)  is catching  all these message; I'm also receiving an email from Avast but not the message I was getting when I first described my post.  Comodo was catching some but not all when I first posted.


Example of the type message I receive from Avast in e-mail today (5/3/07)Multiple Content-Type header - HIGH DANGER!


Sender:  Harry Halleck <yahoo.com>
Recipient:  Barbara & Travis Burke >, Jack & Marva Bushong <Bob & Virginia Cash <xxxxxxx>, Crayton& joyce Fisher <>, Hal & Joyce Magner




Subject:  Fwd: Fw: dancing horse


Most of these emails have attachments; i.e. HTML forwards, they are lost when I bring them in despite the message.  One I recall had three attached photos in jpg format.  I bring them in anyway this has
been a sudden problem with probably 10 different friends and I am dubious that many friends who don't necessarily
communicate with each other have a virus/worm, etc.  

NOTE:  I ran Avast after accepting these emails despite the warning message a couple days and checked out clear of problems.

The Avast (home version) heuristic settings:  Sensitivity is "low" and the Silent Mode is checked with "Delete/Deny" checked.

Did you notice that there are now three of us in this thread who are having this problem and all have the same ISP:  BellSouth.  BellSouth denied responsibility and told me to contact the spam manufacturer.  My mail in BellSouth Web Mail has no problem; it was their suggestion I test it there. The attachments were there so I was able to get from webmail.

Please explain how I can find the ISP's Heuristic settings so that I can provide them as you requested.


Barbara T.
« Last Edit: May 03, 2007, 10:51:56 PM by Barbara T. »