AVG Email Scanner contacting strange IP address
in [Viruses]
|
Prev: Error: SHRerGetValueW
Next: Spyerase
From: dennispublic on 25 Aug 2006 03:22 I use hotmail only, I have Outlook installed on this computer but it's never been run, and its not in my task manager that I can see. I've triple virus scanned this system w/ different programs, also I run Ad-Aware and Spybot and a few other forms of protection. ....With that said, anyone have any thoughts on why my firewall (sygate) is warning me that AVG Email Scanner is trying to contact some strange IP address in Europe? Am I correct to assume that my system is somehow sending an email to Europe (behind my back)? How can I further investigate whats triggering this behaviour?
From: Gel on 25 Aug 2006 05:07 I know my default site is one in what was at AVG Czechslovakia; maybe that's it. dennispublic(a)hotmail.com wrote: > I use hotmail only, I have Outlook installed on this computer but it's > never been run, and its not in my task manager that I can see. I've > triple virus scanned this system w/ different programs, also I run > Ad-Aware and Spybot and a few other forms of protection. > > ...With that said, anyone have any thoughts on why my firewall (sygate) > is warning me that AVG Email Scanner is trying to contact some strange > IP address in Europe? Am I correct to assume that my system is somehow > sending an email to Europe (behind my back)? > > How can I further investigate whats triggering this behaviour?
From: Gabriele Neukam on 25 Aug 2006 12:21 On this special day, dennispublic(a)hotmail.com wrote: > AVG Email Scanner is trying to contact some strange > IP address in Europe? AVG *is* located in Europe, maybe this is a kind of Quality of Service feedback. As I don't use the email scanning module, I can't tell it exactly. Gabriele Neukam Gabriele.Spamfighter.Neukam(a)t-online.de -- Ah, Information. A property, too valuable these days, to give it away, just so, at no cost.
From: MoiMoi on 25 Aug 2006 20:59 In article <1156490577.837940.136580(a)75g2000cwc.googlegroups.com>, dennispublic(a)hotmail.com says... > I use hotmail only, I have Outlook installed on this computer but it's > never been run, and its not in my task manager that I can see. I've > triple virus scanned this system w/ different programs, also I run > Ad-Aware and Spybot and a few other forms of protection. > > ...With that said, anyone have any thoughts on why my firewall (sygate) > is warning me that AVG Email Scanner is trying to contact some strange > IP address in Europe? Am I correct to assume that my system is somehow > sending an email to Europe (behind my back)? > > How can I further investigate whats triggering this behaviour? ======= It's not email, just update check and download. Look in AVG update manager, you can see that it checks at update.grisoft.cz MM
From: dennispublic on 27 Aug 2006 04:01
MoiMoi wrote: > > How can I further investigate whats triggering this behaviour? > ======= > It's not email, just update check and download. > Look in AVG update manager, you can see that it checks at > update.grisoft.cz It's not AVG site its contacting, and I'm talking about the Email scanner, not the update manager. Tonight it randomly tried to connect to an IP in North America (cox). Does anyone out there have any ideas why is AVG Email scanner being triggered and talking to this IP address? My system must be sending an email, right? --------------sysgate firewall log below--------------------- File Version : 7.1.0.400 File Description : AVG E-Mail Scanner (avgemc.exe) File Path : C:\Program Files\AVG Free\avgemc.exe Process ID : 0x6B8 (Heximal) 1720 (Decimal) Connection origin : local initiated Protocol : TCP Local Address : 192.168.0.101 Local Port : 2042 Remote Name : ip24-255-115-60.dc.dc.cox.net Remote Address : 24.255.115.60 Remote Port : 110 (POP3 - Post Office Protocol - Version 3) Ethernet packet details: Ethernet II (Packet Length: 76) Destination: 00-0d-88-c4-79-b7 Source: 00-13-d4-b8-4c-03 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 128 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x734c (Correct) Source: 192.168.0.101 Destination: 24.255.115.60 Transmission Control Protocol (TCP) Source port: 2042 Destination port: 110 Sequence number: 2914107316 Acknowledgment number: 0 Header length: 28 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0x8c0 (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 0D 88 C4 79 B7 00 13 : D4 B8 4C 03 08 00 45 00 | .....y.....L...E. 0010: 00 30 61 0C 40 00 80 06 : 4C 73 C0 A8 00 65 18 FF | ..0a.@...Ls...e.. 0020: 73 3C 07 FA 00 6E AD B1 : BF B4 00 00 00 00 70 02 | s<...n........p. 0030: FF FF C0 08 00 00 02 04 : 05 B4 01 01 04 02 20 38 | ............... 8 0040: C9 AD CF 8D E1 B2 85 24 : AA 69 2D 48 | .......$.i-H -------------------------------------------- |