Weird email problem...

/usr/usr Member Posts: 1,768
This morning I jumped online, only to find that my AVG E-Mail Scanner box keeps popping up, with the following text...


AutoPOP3: Connecting to 88-83-136-85.user.auna.net


My email isn't even open.
Any ideas?

Comments

  • WebmasterWebmaster Admin Posts: 10,292 Admin
    If the address 88-83-136-85.user.auna.net is not configured in any of your mail clients, something else is trying to connect to a mailserver. Since it isn't you trying to connect, it's likely a piece of malware 'trying' to mail itself to others using OE.

    In addition to the ones commonly mentioned here, try the Ewido Security suite, I've had some good (better) results with that one. Hijack This may show you the perpetrator too.
  • TURTLEGIRLTURTLEGIRL Member Posts: 361
    It maybe that its automatically scanning incoming/outgoing messages. I personally would use Adaware and make sure your anti virus is up to date. Spybot search and destroy is good to use too. Also if you have an influx of spam...you'll know where its coming from.

    :D
    If you don't know 24 then you don't know Jack!
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    EDIT: keep reading the following replies to avoid confusion ;)
    GBAGIRL2 wrote:
    It maybe that its automatically scanning incoming/outgoing messages.
    POP3 is for sending email, hence outgoing only. But as /usr mentioned, his email is not open, so it's likey something that is not supposed to send email in the first place and AVG is triggered by it.
  • /usr/usr Member Posts: 1,768
    POP3 is for receiving mail. icon_wink.gif

    http://whatis.techtarget.com/definition/0,289893,sid9_gci212805,00.html

    I'll try a couple Spyware scans...

    I did a full scan with AVG, but it turned up nothing.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    omg! icon_redface.gif
    Good morning Johan... having deployed dozens of email servers and thousands of clients... "POP3 is for sending". It will take some time before I get over this one...
    bangdesk.gif

    In that case you might have a Trojan trying to download additional malicious data thru POP3. If you are certain you don't have any clients running that try to 'receive' email, you can be rather sure it is something that 'shouldn't', and likely it's trying to use Outlook Express (I assume you don't even have that one installed though...).
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Here's the link for Ewido's Security Suite btw:
    www.ewido.net/en/download/
    I found that it is frequently able to 'really' remove malware where ad-aware and spybot S&D fail (though I run those first).
  • /usr/usr Member Posts: 1,768
    Good morning Johan... having deployed dozens of email servers and thousands of clients... "POP3 is for sending". It will take some time before I get over this one...

    It happens to the best of us. icon_wink.gif

    Getting ready to install MS Anti Spyware and Ad-Aware...I'll post results.
  • /usr/usr Member Posts: 1,768
    Ad-Aware just found some cookies, as usual.

    MS Anti-Spyware has found nothing so far.

    Another scan with AVG showed nothing.

    I'm going to try that Ewido suite next...

    The only other solution I can think of is to download Zone Alarm and see if I can just block it.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    If Ewido doesn't work, try Hijack to see if anything out of the ordinary is found.

    Btw: the target address is 88-83-136-85.user.auna.net, hence IP 85.136.83.88 (reverse order), which is from SPAIN ANDALUCIA SEVILLA CABLEMODEM-AUNA-ZONA-SUR
  • Non-Profit TechieNon-Profit Techie Member Posts: 418 ■■□□□□□□□□
    Webmaster wrote:
    omg! icon_redface.gif
    Good morning Johan... having deployed dozens of email servers and thousands of clients... "POP3 is for sending". It will take some time before I get over this one...
    .

    i was reading this and was like crap. i better go take A+ again. i was thinking i learned nothing. good thing i kept reading, lol.
  • Ricka182Ricka182 Member Posts: 3,359
    I just ran that Ewido suite.....scanned over 70000 files, and found 17 infected, some of which I thought Ad-Aware had already removed, but apparently left behind. Good program.
    i remain, he who remains to be....
  • /usr/usr Member Posts: 1,768
    Ewido found two things, just some cookies.

    I keep my my machine very clean...I'll try HijackThis...
  • /usr/usr Member Posts: 1,768
    Checked AVG's log...this kind of concerns me. It's the same thing, over and over and over.
    24.4.2005 10:00:19 [4f8] AutoPOP3(10110): Connection from 127.0.0.1:2945
    24.4.2005 10:00:19 [e00] AutoPOP3(10110): Client connected
    24.4.2005 10:01:05 [e00] AutoPOP3(10110): Cannot connect to 88-83-136-85.user.auna.net:10111
    24.4.2005 10:01:05 [e00] AutoPOP3(10110): Connect: The operation completed successfully. (0)
    
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    ROFLMAO @ Johan icon_lol.gif
    Ahhh, is ok my friend, I sometimes fire off a reply without thinking and find out that I am about face with my thoughts.

    /usr - I would try running the Trend online scan.
    www.supercross.com
    FIM website of the year 2007
  • /usr/usr Member Posts: 1,768
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Sorry dood


    http://housecall.trendmicro.com/

    Use the red button - then select the Complete Scan - AV and Security :)
    www.supercross.com
    FIM website of the year 2007
  • drewm320drewm320 Member Posts: 68 ■■□□□□□□□□
    You may also want to take a peek at your hosts file (C:\WINDOWS\system32\drivers\etc\hosts) and make sure someone hasn't mapped the name 88-83-136-85.user.auna.net to 127.0.0.1.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    drewm320 - nothing wrong with that (if it is spywware).
    Mapping rubbish to 127.0.0.1 is the best way to avoid popups etc.
    www.supercross.com
    FIM website of the year 2007
Sign In or Register to comment.