[ skromnibog @ 16.05.2006. 13:18 ] @
Dakle problem je sledeci:

Imam instaliran AVG free edition i ukljucen njegov email scaner sa logovanjem.
Uocio sam da neki proces (a nije outlook express koji inace koristim) pokusava da pristupi nekim cudnim pop3 serverima (na srecu neuspesno):

2.4.2006 AutoPOP3(10110) Cannot connect to 140.232.147.149 110
2.4.2006 AutoPOP3(10110) Cannot connect to 140.232.147.149 110
2.4.2006 AutoPOP3(10110) Cannot connect to 140.232.147.149 110
13.4.2006 AutoPOP3(10110) Cannot connect to 230.Red-83-61-136.dynamicIP.rima-tde.net 110
14.4.2006 AutoPOP3(10110) Cannot connect to 230.Red-83-61-136.dynamicIP.rima-tde.net 110
19.4.2006 AutoPOP3(10110) Cannot connect to 59-171-178-197.rev.home.ne.jp 110
19.4.2006 AutoPOP3(10110) Cannot connect to 93.Red-88-8-218.dynamicIP.rima-tde.net 110
21.4.2006 AutoPOP3(10110) Cannot connect to pd95b5106.dip0.t-ipconnect.de 110
28.4.2006 AutoPOP3(10110) Cannot connect to 12-218-149-157.client.mchsi.com 110
9.5.2006 AutoPOP3(10110) Cannot connect to 24-107-231-146.dhcp.oxfr.ma.charter.com 110
9.5.2006 AutoPOP3(10110) Cannot connect to 24-107-231-146.dhcp.oxfr.ma.charter.com 110
15.5.2006 AutoPOP3(10110) Cannot connect to 174.Red-83-58-210.dynamicIP.rima-tde.net 110

Ovo gore su izdvojene linije koje govore o kojim serverima je rec. Detaljno svaka od njih izgleda ovako:

2.4.2006 06:27:48 AutoPOP3(10110): Connection from process 3040
2.4.2006 06:27:48 AutoPOP3(10110): Connection from 127.0.0.1:4496
2.4.2006 06:27:48 AutoPOP3(10110): Client connected
2.4.2006 06:31:00 AutoPOP3(10110): Cannot connect to 140.232.147.149:110
2.4.2006 06:31:00 AutoPOP3(10110): Connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (10060)
2.4.2006 06:31:00 AutoPOP3(10110): Client disconnected

Broj procesa je uvek drugaciji kao i broj porta za 127.0.0.1
Scaniranje AVG-om i NOD32 (najnovije verzije updateovane) nije otkrilo nista znacajno.
Isto tako ni Ad-aware nista znacajno nije otkrio.
ZoneAlarm (free home verzija) je instaliran i operativan ali on se ni u jednom trenutku nije bunio.

Koristim kablovski internet preko SBB. Flat home paket, znaci dinamicka IP.

Da li neko zna sta predstavljaju ovi pokusaju pristupu pop3 serveru i pre svega da li je to opasno?
[ broker @ 16.05.2006. 14:14 ] @
Najverovatnije imas nekog trojanca ili virus...
[ skromnibog @ 16.05.2006. 14:34 ] @
Zasto onda NOD32 i AVG ga ne registruju?
Ipak je to trojanac star bar mesec dana. Ne bi trebalo da imaju problema da ga registruju.
[ skromnibog @ 16.05.2006. 18:06 ] @

Panda antivirus je nasao neke dodatne viruse, ali nisam siguran da su oni doveli do cudnog ponasanja.
Problem je sto ne mogu da utvrdim da li su oni izazvali pristup pop3.
Panda zahteva da se uninstalira AVG, a ne znam da li ce Panda logovati buduce cudne pristupe pop3.
[ jjovanovic @ 17.05.2006. 12:19 ] @
Pokušaj sa SpyBot-om

http://www.spybot.info/sr/index.html

Pozdrav
[ malisha @ 17.05.2006. 13:25 ] @
cisto da vidis koga tvoj virus/stagod hoce da POP-uje....


whois 140.232.147.149
[Querying whois.arin.net]
[whois.arin.net]

OrgName: Clark University
OrgID: CLARKU
Address: 950 Main Street
City: Worcester
StateProv: MA
PostalCode: 01610-1477
Country: UA

NetRange: 140.232.0.0 - 140.232.255.255
CIDR: 140.232.0.0/16
NetName: CLARKU
NetHandle: NET-140-232-0-0-1
Parent: NET-140-0-0-0-0
NetType: Direct Assignment
NameServer: NYX.CLARKU.EDU
NameServer: EREBUS.CLARKU.EDU
Comment: http://www.clarku.edu
Comment: To report abuse, email: [email protected]
Comment: or call (508) 793-7745
RegDate: 1990-05-21
Updated: 2006-02-09

RAbuseHandle: ABE45-ARIN
RAbuseName: Bennett, Aaron
RAbusePhone: +1-508-793-7315
RAbuseEmail: [email protected]

RNOCHandle: ABE45-ARIN
RNOCName: Bennett, Aaron
RNOCPhone: +1-508-793-7315
RNOCEmail: [email protected]

RTechHandle: ABE45-ARIN
RTechName: Bennett, Aaron
RTechPhone: +1-508-793-7315
RTechEmail: [email protected]

OrgAbuseHandle: ABE45-ARIN
OrgAbuseName: Bennett, Aaron
OrgAbusePhone: +1-508-793-7315
OrgAbuseEmail: [email protected]

OrgTechHandle: ABE45-ARIN
OrgTechName: Bennett, Aaron
OrgTechPhone: +1-508-793-7315
OrgTechEmail: [email protected]
[ superbaka @ 17.05.2006. 18:34 ] @
meni ovo lici na keylogger...