Author Topic: concurrent connections limit in avast  (Read 67184 times)

0 Members and 1 Guest are viewing this topic.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: concurrent connections limit in avast
« Reply #15 on: November 29, 2007, 09:44:46 AM »
services.exe (and svchost.exe) are the generic service dispatchers... if there are so many open ports, you can expect some service to made this... you can download http://www.microsoft.com/downloads/details.aspx?FamilyID=C055060B-9553-4593-B937-C84881BCA6A5&displaylang=en and run it with the parameter -s to list all services related to services.exe...

Offline ermite67

  • Jr. Member
  • **
  • Posts: 23
Re: concurrent connections limit in avast
« Reply #16 on: November 29, 2007, 10:11:39 AM »
Hi,
Tlist are C langage files (not exe file)

Kaspersky online scanner : I have uninstalled and reinstall ok. RESULT : nothing found (jpg attached).

Thanks

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: concurrent connections limit in avast
« Reply #17 on: November 29, 2007, 11:09:25 AM »
Hi,
Tlist are C langage files (not exe file)

aah, sorry.. i couldn't find the binary :-\... now it's tasklist.exe, you can find it in your win directory... so, run "tasklist /svc > tasks.txt" and put the content of tasks.txt here ;)

Offline ermite67

  • Jr. Member
  • **
  • Posts: 23
Re: concurrent connections limit in avast
« Reply #18 on: November 29, 2007, 02:18:54 PM »
Hi Maxx_original,

Tasklist.exe : Here is no such program in Windows XP... but only in Windows XP PRO ...
Here can it be downloaded : http://www.computerhope.com/download/winxp.htm

Here is then result of the command Tasklist /svc :

Image Name                   PID Services                                     
========================= ====== =============================================
System Idle Process            0 N/A                                         
System                         4 N/A                                         
smss.exe                     564 N/A                                         
csrss.exe                    636 N/A                                         
winlogon.exe                 660 N/A                                         
services.exe                 704 Eventlog, PlugPlay                           
lsass.exe                    716 PolicyAgent, ProtectedStorage, SamSs         
svchost.exe                  872 DcomLaunch, TermService                     
svchost.exe                  920 RpcSs                                       
svchost.exe                  996 AudioSrv, Browser, CryptSvc, Dhcp, ERSvc,   
                                 EventSystem, FastUserSwitchingCompatibility,
                                 helpsvc, lanmanserver, lanmanworkstation,   
                                 Netman, Nla, RasMan, Schedule, seclogon,     
                                 SENS, SharedAccess, ShellHWDetection,       
                                 srservice, TapiSrv, Themes, TrkWks, W32Time,
                                 winmgmt, wscsvc, wuauserv, WZCSVC           
svchost.exe                 1068 Dnscache                                     
svchost.exe                 1164 LmHosts, SSDPSRV, upnphost, WebClient       
aswUpdSv.exe                1292 aswUpdSv                                     
ashServ.exe                 1340 avast! Antivirus                             
spoolsv.exe                 1544 Spooler                                     
cmdagent.exe                1872 CmdAgent                                     
svchost.exe                 1972 stisvc                                       
explorer.exe                 232 N/A                                         
ashDisp.exe                  764 N/A                                         
mixer.exe                    720 N/A                                         
cpf.exe                     1044 N/A                                         
ctfmon.exe                  1064 N/A                                         
msmsgs.exe                  1092 N/A                                         
SUPERAntiSpyware.exe        1120 N/A                                         
wkcalrem.exe                1260 N/A                                         
ScannerFinder.exe           1280 N/A                                         
ashMaiSv.exe                 760 avast! Mail Scanner                         
ashWebSv.exe                 512 avast! Web Scanner                           
soffice.exe                 1660 N/A                                         
soffice.bin                 1584 N/A                                         
alg.exe                     2328 ALG                                         
IncMail.exe                 3052 N/A                                         
ImApp.exe                   2908 N/A                                         
iexplore.exe                2424 N/A                                         
cmd.exe                     2372 N/A                                         
ntvdm.exe                   3812 N/A                                         
notepad.exe                 5952 N/A                                         
iexplore.exe                7212 N/A                                         
tasklist.exe                1956 N/A                                         
wmiprvse.exe                7520 N/A                                         


Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: concurrent connections limit in avast
« Reply #19 on: November 29, 2007, 02:41:17 PM »
i really don't like your ERSvc http://www.liutilities.com/products/wintaskspro/processlibrary/ersvc/ it's probably the reason of your troubles... can you locate the file ersvc.exe somewhere and send it to www.virustotal.com analysis?

Offline ermite67

  • Jr. Member
  • **
  • Posts: 23
Re: concurrent connections limit in avast
« Reply #20 on: November 29, 2007, 03:46:39 PM »
Hi,

I have no ersvc.exe, only DLL files :
c:\windows\system\ersvc.dll
c:\windows\ServicePackFiles\i386\ersvc.dll
with same size / date / time : 23 Ko 20/08/2004 0:09

Result from VIRUSTOTAL website :
-------------------------------
Fichier ersvc.dll reçu le 2007.11.29 15:36:12 (CET)

Antivirus   Version   Dernière mise à jour   Résultat
AhnLab-V3   2007.11.29.0   2007.11.29   -
AntiVir   7.6.0.34   2007.11.29   -
Authentium   4.93.8   2007.11.29   -
Avast   4.7.1074.0   2007.11.28   -
AVG   7.5.0.503   2007.11.29   -
BitDefender   7.2   2007.11.29   -
CAT-QuickHeal   9.00   2007.11.28   -
ClamAV   0.91.2   2007.11.29   -
DrWeb   4.44.0.09170   2007.11.29   -
eSafe   7.0.15.0   2007.11.29   -
eTrust-Vet   31.3.5335   2007.11.29   -
Ewido   4.0   2007.11.29   -
FileAdvisor   1   2007.11.29   -
Fortinet   3.14.0.0   2007.11.29   -
F-Prot   4.4.2.54   2007.11.28   -
F-Secure   6.70.13030.0   2007.11.29   -
Ikarus   T3.1.1.12   2007.11.29   -
Kaspersky   7.0.0.125   2007.11.29   -
McAfee   5173   2007.11.28   -
Microsoft   1.3007   2007.11.29   -
NOD32v2   2693   2007.11.29   -
Norman   5.80.02   2007.11.28   -
Panda   9.0.0.4   2007.11.28   -
Prevx1   V2   2007.11.29   -
Rising   20.20.22.00   2007.11.29   -
Sophos   4.23.0   2007.11.29   -
Sunbelt   2.2.907.0   2007.11.27   -
Symantec   10   2007.11.29   -
TheHacker   6.2.9.144   2007.11.28   -
VBA32   3.12.2.5   2007.11.28   -
VirusBuster   4.3.26:9   2007.11.28   -
Webwasher-Gateway   6.6.2   2007.11.29   -

Information additionnelle
File size: 23040 bytes
MD5: a4661552caeaf05a7cae43431987910c
SHA1: 2c711d9f201e303791bf5b79c878ac4f9a542211

Fichier ersvc.dll reçu le 2007.11.29 15:36:12 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.29.0 2007.11.29 -
AntiVir 7.6.0.34 2007.11.29 -
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.28 -
AVG 7.5.0.503 2007.11.29 -
BitDefender 7.2 2007.11.29 -
CAT-QuickHeal 9.00 2007.11.28 -
ClamAV 0.91.2 2007.11.29 -
DrWeb 4.44.0.09170 2007.11.29 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 -
Ewido 4.0 2007.11.29 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.29 -
Ikarus T3.1.1.12 2007.11.29 -
Kaspersky 7.0.0.125 2007.11.29 -
McAfee 5173 2007.11.28 -
Microsoft 1.3007 2007.11.29 -
NOD32v2 2693 2007.11.29 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.28 -
Prevx1 V2 2007.11.29 -
Rising 20.20.22.00 2007.11.29 -
Sophos 4.23.0 2007.11.29 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.6.2 2007.11.29 -
 
Information additionnelle
File size: 23040 bytes
MD5: a4661552caeaf05a7cae43431987910c
SHA1: 2c711d9f201e303791bf5b79c878ac4f9a542211

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: concurrent connections limit in avast
« Reply #21 on: November 29, 2007, 04:09:28 PM »
ook.. then it is the valid ersvc and not the ersvc described under the link... ersvc.dll is microsoft error reporting service, but ersvc.exe is a malware, i guess.. because you don't have it, we can assume, that this is not the point of your problem (i mean the strange count of currently open ports by services.exe)..

Offline ermite67

  • Jr. Member
  • **
  • Posts: 23
Re: concurrent connections limit in avast
« Reply #22 on: November 29, 2007, 04:57:46 PM »
COMODO FIREWALL block access every 10 secondes ...
For example :

Date/Heure :2007-11-29 16:24:13
Sévérité :Moyen
Report :Gestion des applications
Description: L'accès de l'application a été refusé (services.exe:208.72.168.97: :http(80))
Application: C:\WINDOWS\system32\services.exe
Origine: C:\WINDOWS\system32\winlogon.exe
Protocole: TCP sortant
Destination: 208.72.168.97::http(80)

Date/Heure :2007-11-29 16:24:03
Sévérité :Moyen
Report :Gestion des applications
Description: L'accès de l'application a été refusé (services.exe:208.72.168.151: :http(80))
Application: C:\WINDOWS\system32\services.exe
Origine: C:\WINDOWS\system32\winlogon.exe
Protocole: TCP sortantDestination: 208.72.168.151::http(80)

Date/Heure :2007-11-29 16:23:53
Sévérité :Moyen
Report :Gestion des applications
Description: L'accès de l'application a été refusé (services.exe:208.72.168.151: :http(80))
Application: C:\WINDOWS\system32\services.exe
Origine: C:\WINDOWS\system32\winlogon.exe
Protocole: TCP sortant
Destination: 208.72.168.151::http(80)

Date/Heure :2007-11-29 16:23:43
Sévérité :Moyen
Report :Gestion des applications
Description: L'accès de l'application a été refusé (services.exe:208.72.168.151: :http(80))
Application: C:\WINDOWS\system32\services.exe
Origine: C:\WINDOWS\system32\winlogon.exe
Protocole: TCP sortant
Destination: 208.72.168.151::http(80)

Date/Heure :2007-11-29 16:23:33
Sévérité :Moyen
Report :Gestion des applications
Description: L'accès de l'application a été refusé (services.exe:208.72.168.151: :http(80))
Application: C:\WINDOWS\system32\services.exe
Origine: C:\WINDOWS\system32\winlogon.exe
Protocole: TCP sortant
Destination: 208.72.168.151::http(80)

Etc, etc, etc...

winlogon.exe is OK with virustotal and all antivirus i have tested...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85780
  • No support PMs thanks
Re: concurrent connections limit in avast
« Reply #23 on: November 29, 2007, 05:40:12 PM »
Well there is something strange going on as I see no reason why the winlogon.exe would want or require internet access and if so why use services.exe to do it.

Also the IP 208.72.168.151 belongs to McColo Corporation (so nothing to do with windows either) as is 208.72.168.97, this has also cropped up before co a forum search for McColo might help.

http://www.google.com/search?q=McColo+Corporation
http://www.webmasterworld.com/forum11/3269.htm

I believe there may well be a riitkit hiding a spambot on your system.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/images/AntiRootkit.zip.
- AVG Anti-Rootkit http://free.grisoft.com/doc/avg-anti-rootkit-free/lng/us/tpl/v5.
- F-Secure Blacklight may not always be available, http://www.f-secure.com/blacklight
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline martosurf

  • Full Member
  • ***
  • Posts: 182
  • www.supportkevin.com - Support Kevin Kjonnas SHAC7
Re: concurrent connections limit in avast
« Reply #24 on: November 29, 2007, 06:51:51 PM »
I often open Opera, SeaMonkey and FF2 with several tabs, have Soulseek, uTorrent and eMule running on background, Outlook sitting in the taskbar and Klipfolio 4 with lot of "klips" running; I also run cFosSpeed 4.

What do you say? Do I need to increase the MaxOpenConnections limit?

I already patched the half open connections...

Regards
"Emancipate yourself from mental slavery / none but ourselves can free our mind" - Bob Marley

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1791
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: concurrent connections limit in avast
« Reply #25 on: November 29, 2007, 07:16:18 PM »
uploading that file to VirusTotal and Jotti shows nothing ?
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline martosurf

  • Full Member
  • ***
  • Posts: 182
  • www.supportkevin.com - Support Kevin Kjonnas SHAC7
Re: concurrent connections limit in avast
« Reply #26 on: November 29, 2007, 07:27:59 PM »
Hi Dwarden

both files were "old-friends" of virustotal -the site stores MD5 hash verification- and they are reported as Trojan / Worm by several vendors.
"Emancipate yourself from mental slavery / none but ourselves can free our mind" - Bob Marley

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85780
  • No support PMs thanks
Re: concurrent connections limit in avast
« Reply #27 on: November 29, 2007, 07:41:09 PM »
I often open Opera, SeaMonkey and FF2 with several tabs, have Soulseek, uTorrent and eMule running on background, Outlook sitting in the taskbar and Klipfolio 4 with lot of "klips" running; I also run cFosSpeed 4.

What do you say? Do I need to increase the MaxOpenConnections limit?

I would say no if you aren't experiencing any problems, or 'if it isn't broken don't fix it.'

Also the 'MaxConnections' we are talking about here relate to the MailScanner and not all of your applications would be using those.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85780
  • No support PMs thanks
Re: concurrent connections limit in avast
« Reply #28 on: November 29, 2007, 07:44:51 PM »
Hi Dwarden

both files were "old-friends" of virustotal -the site stores MD5 hash verification- and they are reported as Trojan / Worm by several vendors.

The file name might well be associated with trojan, but a file name is no indication of infection and these file names also have legitimate associations, so you can't make a decision based solely on file names.

Both of the files were uploaded by ermite67 Reply #20 to VT and found not to be infected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1791
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: concurrent connections limit in avast
« Reply #29 on: November 30, 2007, 03:54:43 AM »
well let say if he is infected with unknown mail spamming tool (trojan/rootkit w/e) badware

then it give sense what this message says as it may create too many concurent connections to some relay

or something in this sense ...
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive