Author Topic: Can't find email malware, though avast!4 correctly IDing bogus outbound messages  (Read 2137 times)

0 Members and 1 Guest are viewing this topic.

Katya

  • Guest
Since receiving my computer back from the repair shop, I am receiving frequent notifications labelled 'avast! Virus warning' with the familiar flashing nuke symbol and containing the following text:

[START TEXT]
Suspicious Message!

There are too many identical e-mails in appointed time

Sender:  <(various)@(my ISP address and SMTP address but NOT forming part of any email address)>
Recipient:  (various, but frequently to a .de [i.e. German] address)
Subject:  Invoice #(digits, usually four) 
[END TEXT]

It gives me the options of 'Continue' or 'Don't send!'  I have been hitting 'Don't send!' but a little doubt is niggling that if the notification itself is bogus I might be confirming my location to a malware source.

I have run complete C: and D: drive scans by avast!4, by Alwil's dedicated virus/worm disinfector, by Microsoft's Defender and by Ad-Aware, all updated today.  All pronounce my system (Windows XP, SPII) clean, though clearly it isn't.  I also run Zone Alarm (firewall only).

Questions are: 
1. Can anyone confirm this as a standard avast! notification?
2. Is there significance to the fact that avast! says 'The provider is waiting for a sub-system to start' on Outlook/Exchange icon?
3. What can I do to help avast! or another to identify and exterminate this pest?
4. I would be grateful for any constructive suggestions, short of a clean install.

Many thanks, in anticipation ...

Katya

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
1. It is the Internet Mail provider Heuristic detection, so it is a valid avast! notification (though an image would have been better). Unless you were sending out multiple identical emails at the time, then you probably have an undetected trojan spambot on your system.

These tools are more specialised in anti-spyware/trojan detection and removal.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
If using winXP AVG anti-spyware (formerly Ewido). Or SUPERantispyware Or Spyware Terminator. Or a-Squared free if using win98/ME.

2. It is waiting for MS Outlook (not express) to start if you don't have MS Outlook then terminate the Outlook/Exchange provider (it is usually disabled by default unless it detects MS Outlook).

3. Use one of the above tools to try and detect what it is that is sending them and send the sample to avast before deleting (better you can add it to the User Files section of the avast chest if possible).

4. A clean install is the nuclear option and we are a long way from that, start with the about applications one at a time if necessary to try and detect the culprit. Report your findings to us a step at a time after running one of the applications before moving to the next, that way we can help along the way so you aren't on your own.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security