Hey All...

On my PC i have a programme that is sending emails, and i am not asking it to, which makes me think. hmmmmmm...

Anyway, here is the log from my email avg

7.11.2006 18:55:26 AutoPOP3(10110): Connection from process 2540
7.11.2006 18:55:26 AutoPOP3(10110): Connection from 127.0.0.1:4548
7.11.2006 18:55:27 AutoPOP3(10110): Client connected
7.11.2006 18:55:48 AutoPOP3(10110): Cannot connect to 220-132-64-178.HINET-IP.hinet.net:110
7.11.2006 18:55:48 AutoPOP3(10110): Connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (10060)
7.11.2006 18:55:48 AutoPOP3(10110): Client disconnected
7.11.2006 19:14:15 AutoPOP3(10110): Connection from process 2540
7.11.2006 19:14:15 AutoPOP3(10110): Connection from 127.0.0.1:1134
7.11.2006 19:14:16 AutoPOP3(10110): Client connected
7.11.2006 19:15:02 AutoPOP3(10110): Cannot connect to 220-132-64-178.HINET-IP.hinet.net:110
7.11.2006 19:15:02 AutoPOP3(10110): Connect: The operation completed successfully. (0)


It seems to me like its using a random port each time, there are two times on the above section. It seems to be going to the same location and the same port. It seems to have a process number 2540, i am not to sure how you find out what this would be...

I have AVG Internet Security ands its picking nothink up, just the fact that an email is trying to be sent...

Help appreciated =) thanks...

The general home email anti virus application works by injecting a fake email server between your email client and your isp server. Local client connects to the AV server, and the AV server connects to the ISP. The AV server downloads the email, checks for virus and then sends it back to your email client as if it wasn't there at all. Your email client is connecting to the AV server on port 4548, the AV server then connects to the ISP on port 110 (110 is a well known port used for the pop3 mail transfer protocol, and used for mail retrieval rather than sending). In this case, your ISP does not seem to be responding to the connection request from the AV server.

If you are running windows XP/2000 you can use the task manager to check the process number. Right click your taskbar, select task manager and move to the Processes tab. Click the PID column to sort by the process ID, and look for the value shown in the log as "Connection from process ...."

If you have a bit more experience with windows, look for TCPView from Sysinternals. This is a bit if freeware which will show you which processes have which network connections open.

Right click your taskbar, select task manager and move to the Processes tab. Click the PID column to sort ny the process ID

...and if you don't have a PID column you can turn it on using the "view/select columns" menu option.:ok:

If those URL's don't ring any bells with you, ie your ISP, you perhaps have some kind of dialler or adware. I tried googling the process 2540 and AVG email 2450 but no luck there...maybe more detail required.
You could try a "housecall" online scan, free courtesy Trend Micro, that should tell you if anything is there. Otherwise I have no idea.

Hey Guys, thanks for that...

It is to do with a P2P Client, reason why, i had 4 P2P's going at the time

Emule
Emule FL
Ares
Bit Torrent
Morpheus
Shareaza
Bareshare
Limewire

Why did i have so many open? I downloaded a load to see what was the best one. I have just checked that PID but now its not their, so it has to be one of the above, which is not surprising. So il report back later when i have ran em all again to find the rouge one...

Limewire is notorious for this sort of thing!

I'd be worried about the site it's trying to contact - hinet.net is one of the biggest spammers to attack my inbox. If your computer is trying to contact it without your involvement, I'd guess you have some kind of harvester virus on the machine trying to send your stuff to Taiwan (or wherever).

If you're using AVG, I'm surprised if anything's got past it, but I'd treat it as a serious attack until you've verified otherwise.

Is your computer a zombie? (http://en.wikipedia.org/wiki/Zombie_computer)

:eek: