Author Topic: What is going on?  (Read 5115 times)

0 Members and 1 Guest are viewing this topic.

Offline AstronomerSmith

  • Newbie
  • *
  • Posts: 10
What is going on?
« on: March 27, 2004, 03:06:09 PM »
I think I have Avast! working now, that I've gotten an earlier problem fixed (thanks for the help).  but now, on two occassions, my computer has tried to connect to the net for no apparent reason.  I have dial up, so I'm not online all the time, and once, while I was reading a text file, the computer tried to connect.  And this morning, as I turned on my computer, the first thing it did was try to connect.  I cancelled the connection both times, but I have gotten online.

Also, I had a strange email returned to me.  I will attach the text part of the file for you to examine, it has 'part' of my correct email address, but it is not correct - I suppose that is why it got bounced back from my ISP.  Another odd thing about this, is that it had two attached files my computer was trying to scan!  They were called "Part 1.2" and "Part 1.3".  Is there any way I can make Avast scan my email to make sure?  I believe I have it set up to scan in and out mail, but this is very unusual and makes me wonder?  I use netscape and netscape email.

Here is the text part of my bounced email that I never sent:
-----------------------
The original message was received at Fri, 26 Mar 2004 22:42:42 -0600 (CST)
from evrtwa1-ar9-4-33-163-141.evrtwa1.dsl-verizon.net [4.33.163.141]

   ----- The following addresses had permanent fatal errors -----
<Smithsasmith@intergate.com>
    (reason: 550 5.1.1 <Smithsasmith@intergate.com>... User unknown)

   ----- Transcript of session follows -----
... while talking to pop.trip.net.:

>>>>>> DATA

<<< 550 5.1.1 <Smithsasmith@intergate.com>... User unknown
550 5.1.1 <Smithsasmith@intergate.com>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)



Reporting-MTA: dns; mailgate2.trip.net
Received-From-MTA: DNS; evrtwa1-ar9-4-33-163-141.evrtwa1.dsl-verizon.net
Arrival-Date: Fri, 26 Mar 2004 22:42:42 -0600 (CST)

Final-Recipient: RFC822; Smithsasmith@intergate.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; pop.trip.net
Diagnostic-Code: SMTP; 550 5.1.1 <Smithsasmith@intergate.com>... User unknown
Last-Attempt-Date: Fri, 26 Mar 2004 22:42:43 -0600 (CST)



Return-Path: <sasmith@intergate.com>
Received: from Jennifer (evrtwa1-ar9-4-33-163-141.evrtwa1.dsl-verizon.net [4.33.163.141])
   by mailgate2.trip.net (8.12.11/8.12.11) with SMTP id i2R4gfAR012861
   for <Smithsasmith@intergate.com>; Fri, 26 Mar 2004 22:42:42 -0600 (CST)
Date: Fri, 26 Mar 2004 23:44:09 -0600
To: Smithsasmith@intergate.com
Subject:
From: sasmith@intergate.com
Message-ID: <vtjxxcgseovbdubfdrw@intergate.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------428107544203632"
X-Scanned-By: MIMEDefang 2.41
----------------------------

Thanks for any advice.

Scott
« Last Edit: March 27, 2004, 03:07:47 PM by AstronomerSmith »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:What is going on?
« Reply #1 on: March 27, 2004, 03:18:11 PM »
Try to find out what program or service is trying to connect. If you have windows XP, check the system log files. They might give you a clue.


Final-Recipient: RFC822; Smithsasmith@intergate.com
Action: failed

The rfc822 is the standard for the format of ARPA Internet text messages.

Don't know what the heck you are doing with that. But it sure looks not right to me.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:What is going on?
« Reply #2 on: March 27, 2004, 03:29:16 PM »
Quote
on two occassions, my computer has tried to connect to the net for no apparent reason.


Hi,

did some program try to start a dial-up connection  before you were online ?
or did a firewall alert you that some prog tried to make an outside connection after you were online ?

avast has by default Auto-Update enabled, but it will try to connect to avast servers only AFTER it detects an inet-connection, so that probably wasn't it, if I understodd you correctly..

have you done a full thorough scan including archive scanning with avast ?

also try Onlinescanners, e.g. from www.ravantivirus.com & www.trendmicro.com
and install, update, scan and fix with:
- Ad-aware
- Spybot
- www.a-2.org (a2-free)

***
The Emails were probably just return Emails from Mailservers about Emails sent with your adress as faked sender, and a botched recipient adress: either by Spammers or by Mailworms.
annoying, but harmless, and there's not really much you can do about it
-> Just delete them in future

Read the program documentation, FAQ on avast'S homepage and here in the board on how to setup automatic Email-scanning with avast.
The Email protection wizard didn't work ??
What type of mailaccount (POP or IMAP) do you use ?


 ;)
« Last Edit: March 27, 2004, 03:30:18 PM by whocares »

Offline AstronomerSmith

  • Newbie
  • *
  • Posts: 10
Re:What is going on?
« Reply #3 on: March 28, 2004, 04:29:24 PM »
Hi,

did some program try to start a dial-up connection  before you were online ?
or did a firewall alert you that some prog tried to make an outside connection after you were online ?

Yes, before I was online.  Once, while I had the computer on for a couple of hours, and was reading a text file (I wasn't even touching the keyboard or mouse at the time).  The most recent was just as soon as I booted up the computer, it immediately tried to connect.  I am using Windows Me, and its been good enough, since I've had very few problems.  
---------------


avast has by default Auto-Update enabled, but it will try to connect to avast servers only AFTER it detects an inet-connection, so that probably wasn't it, if I understodd you correctly..


I wondered about that.  It does the updates fine, as soon as I connect, but I was wondering if the program would try to create a connection.
------------------


have you done a full thorough scan including archive scanning with avast ?

Well...I thought I had?  I told it to scan all drives.  Is there something else I would have to do?
--------------------

also try Onlinescanners, e.g. from www.ravantivirus.com & www.trendmicro.com
and install, update, scan and fix with:
- Ad-aware
- Spybot
- www.a-2.org (a2-free)

I've got Ad aware, but none of the others.  I'll see about getting them.  Thanks for the info.
-----------------------


***
The Emails were probably just return Emails from Mailservers about Emails sent with your adress as faked sender, and a botched recipient adress: either by Spammers or by Mailworms.
annoying, but harmless, and there's not really much you can do about it
-> Just delete them in future

Oh.  Okay, I will do that.  
--------------------

Read the program documentation, FAQ on avast'S homepage and here in the board on how to setup automatic Email-scanning with avast.
The Email protection wizard didn't work ??
What type of mailaccount (POP or IMAP) do you use ?

Thats just it.  I do not know if the protection is working or not?  I see the little blue ball with the 'a' spinning every now and then, so I assumed it was working?  The program is set up to scan POP mail and everything that I could see.  There are 4 out of 5 processes running.  The only one that isn't is Outlook/Exchange, because I use Netscape instead of Outlook for my email.  

 

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:What is going on?
« Reply #4 on: March 28, 2004, 04:50:49 PM »
@Mail protection:
configure the relevant mailprovider to insert a message into scanned Emails (even if it's found clean, if possible?)  
that should decide it

or try to send yourself a message with the harmless testfile eicar.com (from www.eicar.com ) attached;
you'd need to pause avast resident shield for this ;)