Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Tries To Connect To Unknown Email Server


  • Please log in to reply
1 reply to this topic

#1 aster77

aster77

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 02 January 2007 - 09:06 PM

Hello... some suspicious goings-on with my computer - would really appreciate some help!

Last week a routine SpybotS&D scan detected the trojan Bifrose.LA on my computer, with an AdAware scan detecting Win32.TrojanDownloader.Agent.am afterwards. I posted in the HJT log forum and MFDnSC helped me out. After taking his advice I am no longer getting positive detections from any of my anti-malware scanners, but my computer is still being a little worrisome. MFDnSC told me to post in this forum to get help.

Here's the original HJT thread:
http://www.bleepingcomputer.com/forums/t/76522/got-me-a-virus-or-two/

As you can see from that last post, my AVG email scanner is still occasionally popping up a window that says it's connecting to "10001265696.0000029181.acesso.oni.pt:110". I have *no* idea what that is, and the behavior just started last week. I switched my AVG email scanner to log "Maximum" info, and now when the acesso.oni.pt message appears I'm getting this in the log:

2.1.2007 17:41:09.937 [98] AutoPOP3(10110): Connection from process 3436
2.1.2007 17:41:09.937 [98] AutoPOP3(10110): Connection from 127.0.0.1:3898
2.1.2007 17:41:09.937 [98] AutoPOP3(10110): Will connect to 213.58.26.169:110
2.1.2007 17:41:10.015 [ea0] AutoPOP3(10110): Client connected
2.1.2007 17:41:10.015 [ea0] OpenInternet = 0
2.1.2007 17:41:10.015 [ea0] AddTrayIcon()
2.1.2007 17:41:54.062 [ea0] AutoPOP3(10110): Cannot connect to 10001265696.0000029181.acesso.oni.pt:110
2.1.2007 17:41:54.062 [ea0] AutoPOP3(10110): Connect: The operation completed successfully. (0)
2.1.2007 17:41:54.078 [ea0] AutoPOP3(10110): PROXY:S:-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!
2.1.2007 17:41:54.078 [ea0] CloseInternet = 1
2.1.2007 17:41:54.078 [ea0] RemoveTrayIcon()
2.1.2007 17:41:54.093 [ea0] AutoPOP3(10110): Client disconnected

Of course, my concern is that my computer is still compromised by some sort of backdoor type thing. Anyone seen this before? Anything in particular I should look into?

Thanks in advance for any help...

Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 02 January 2007 - 09:20 PM.


BC AdBot (Login to Remove)

 


m

#2 HitSquad

HitSquad

    You're Bleepin' or you're Weepin'


  • Members
  • 1,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Momma
  • Local time:05:24 AM

Posted 03 January 2007 - 08:28 AM

Hi Aster77
Looking at both your HJT post and this one, the attempted mail destination (portugal) hasn't changed.
However, the processes have. You'll need to find out which application is using that process.
Hit ctrl+alt+del and then click the processes tab. Click View>Select Columns. Put a check mark in "PID" then click ok. Post back what is using (in this case) process 3436 if you don't already know what it is.
Shady P2P software (i.e emule,etc) would be my first suspicion but I have no idea what is installed on your system beyond what is listed in your original HJT log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users