Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > My PC may be sending emails I can't stop!

Reply
Thread Tools

My PC may be sending emails I can't stop!

 
 
Sim
Guest
Posts: n/a
 
      09-20-2005
Sometimes when I'm on my computer, AVG pops up with this:

AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar

I have tried updating AVG running a scan and its found nothing. The same
goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
system but I can't get rid of this damn thing!

What can I do?!

Sim


 
Reply With Quote
 
 
 
 
Shepİ
Guest
Posts: n/a
 
      09-20-2005
On Tue, 20 Sep 2005 09:49:40 GMT As Androids Dreamed Of Electric Sheep
and then "Sim" <(E-Mail Removed)> wrote :

>Sometimes when I'm on my computer, AVG pops up with this:
>
>AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
>
>I have tried updating AVG running a scan and its found nothing. The same
>goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
>system but I can't get rid of this damn thing!
>
>What can I do?!
>
>Sim
>


What ISP are you using?



--
Free Windows/PC help,
http://www.geocities.com/sheppola/trouble.html
 
Reply With Quote
 
 
 
 
Gordon
Guest
Posts: n/a
 
      09-20-2005
"Shepİ" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)
> On Tue, 20 Sep 2005 09:49:40 GMT As Androids Dreamed Of Electric Sheep
> and then "Sim" <(E-Mail Removed)> wrote :
>
>> Sometimes when I'm on my computer, AVG pops up with this:
>>
>> AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
>>
>> I have tried updating AVG running a scan and its found nothing. The
>> same goes for Ad-Aware and Microsoft Anti Spyware. I don't want to
>> reinstall my system but I can't get rid of this damn thing!
>>
>> What can I do?!
>>
>> Sim
>>

>
> What ISP are you using?


NTL.


 
Reply With Quote
 
The Old Sourdough
Guest
Posts: n/a
 
      09-20-2005
Sim wrote in 24hoursupport.helpdesk:

> Sometimes when I'm on my computer, AVG pops up with this:
>
> AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
>
> I have tried updating AVG running a scan and its found nothing.
> The same goes for Ad-Aware and Microsoft Anti Spyware. I don't
> want to reinstall my system but I can't get rid of this damn
> thing!
>
> What can I do?!
>
> Sim
>
>

It sounds like *something* is trying to access a remote server. You may
be infected with a Trojan or worm. Download and run HijackThis from:

http://www.majorgeeks.com/download3155.html

Take a look at what it reveals. If you need help you can post the
contents in this thread and someone should be able to assist.

You might also take a look at this thread:

http://forums.majorgeeks.com/showthread.php?t=72442

It might give you a hint or two.

Good luck.

--
The Old Sourdough
May 9 unsociable telephone operators find the meaning of life in your
shower.
 
Reply With Quote
 
Sim
Guest
Posts: n/a
 
      09-20-2005
Here goes:

Logfile of HijackThis v1.99.1
Scan saved at 17:30:31, on 20/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\RMClock\RMClock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Simeon\LOCALS~1\Temp\~AceTemp\hijackth is\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyServer = http=200.69.209.130:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround
Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio
Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator
6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD
Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program
Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook
Express\msimn.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll'
missing
O12 - Plugin for .mdz: C:\Program Files\Internet
Explorer\Plugins\npmod32.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/25700c0a...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1116958275383
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

Sim


"The Old Sourdough" <(E-Mail Removed)> wrote in message
news:Xns96D74F8A1706Ebcx25yti54op@216.196.97.131.. .
> Sim wrote in 24hoursupport.helpdesk:
>
>> Sometimes when I'm on my computer, AVG pops up with this:
>>
>> AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
>>
>> I have tried updating AVG running a scan and its found nothing.
>> The same goes for Ad-Aware and Microsoft Anti Spyware. I don't
>> want to reinstall my system but I can't get rid of this damn
>> thing!
>>
>> What can I do?!
>>
>> Sim
>>
>>

> It sounds like *something* is trying to access a remote server. You may
> be infected with a Trojan or worm. Download and run HijackThis from:
>
> http://www.majorgeeks.com/download3155.html
>
> Take a look at what it reveals. If you need help you can post the
> contents in this thread and someone should be able to assist.
>
> You might also take a look at this thread:
>
> http://forums.majorgeeks.com/showthread.php?t=72442
>
> It might give you a hint or two.
>
> Good luck.
>
> --
> The Old Sourdough
> May 9 unsociable telephone operators find the meaning of life in your
> shower.



 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      09-20-2005

On Tue, 20 Sep 2005 09:49:40 GMT, Sim wrote:

>Sometimes when I'm on my computer, AVG pops up with this:
>
>AutoPOP3: Connecting to 174-221-126-200.fibertel.com.ar
>
>I have tried updating AVG running a scan and its found nothing. The same
>goes for Ad-Aware and Microsoft Anti Spyware. I don't want to reinstall my
>system but I can't get rid of this damn thing!


One of a few matching entries for a quick www.google.com search

"fibertel.com.ar" pop3

CastleCops heelpp!! avg email scanner shows auto pop3:connecting ...
.... box in the bottom right hand side of the screen. within this box is
the
following text...auto pop3:connecting to 38-12-235-201.fibertel.com.ar.
....
http://castlecops.com/t131304-heelpp...ing_to_38.html
- Similar pages


Sounds like a mass mailing worm, there are quite a few you should try
scanning with some other apps, the often posted list is ripped from a
Mike post (including other utilities)


Run two online scanners:
http://housecall.trendmicro.com/hous...start_corp.asp
http://www3.ca.com/virusinfo/virusscan.aspx
http://security.symantec.com/sscv6/default.asp
http://us.mcafee.com/root/mfs/default.asp

Download, update and use ALL of the following -- even
if you already have them installed, UPDATE THEM NOW.
Malware changes by the day, even by the hour, so you MUST
have the latest version of removal tools:

Spybot Search & Destroy
http://www.safer-networking.org/en/index.html
SpyBot S&D guide
http://www.chem.wisc.edu/~network/spybot/

Ad-Aware SE
http://www.lavasoftusa.com/
Ad-Aware VX2 cleaner plug-in
http://www.lavasoftusa.com/software/...2cleaner.shtml
IMPORTANT NOTICE:
http://www.mvps.org/winhelp2002/hosts.htm#Attention

Spyware Blaster
http://www.javacoolsoftware.com/spywareblaster.html

CWShredder (CoolWebSearch remover)
http://cwshredder.net/cwshredder/cwschronicles.html
Now maintained by InterMute
http://www.intermute.com/spysubtract..._download.html
http://cwshredder.net/bin/CWShredder.exe

Finally, for your startups:

Startup Monitor
http://www.mlin.net/StartupMonitor.shtml

Startup Control Panel
http://www.mlin.net/StartupCPL.shtml

WinPatrol
http://www.winpatrol.com/

Check what's necessary and what isn't
http://www.sysinfo.org/startuplist.php
http://www.answersthatwork.com/Taskl...s/tasklist.htm
http://www.windowsstartup.com/wso/index.php
http://pestpatrol.com/Search/
http://www.3feetunder.com/krick/startup/list.html
http://www.greatis.com/regrun3appdatabase.htm
http://www.kephyr.com/filedb/index.php
http://www.reger24.de/processes.php
http://www.pcpitstop.com/spycheck/known.asp



>What can I do?!


Read the castlecops article.

>Sim
>


Me
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Beginner's Networking Query - this may or may not be a problem slaterino@googlemail.com Cisco 1 03-25-2007 05:34 AM
BayPIGgies: May *THIRD* Thursday at Google (May 19) Aahz Python 0 04-22-2005 11:59 PM
News Proxy may be why many people may have missed the vote Renee Digital Photography 5 10-27-2004 06:02 AM
How to optionally use classes that may or may not be installed ? Sam Iam Java 0 01-31-2004 04:09 AM
how may in hell may i take advantage of a IF statement in two separate functions? like quit anytime with button Q Rahmi Acar C++ 5 07-28-2003 08:14 AM



Advertisments