Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SAV ccapp, trying to email Brazil?????

Status
Not open for further replies.

nixie21

Programmer
Jul 19, 2005
16
US
The last couple of days, zonealarm is alerting me that ccapp is trying to transmit email to an ip in brazil
ANY IDEAS

Msg =

email client program

Symantec User session is trying to transmit emails
ccapp.exe
destination = 200.195.88.163:SMTP

I have scanned with SAV, a squared, trojan hunter, ewido, msas, kavrapsky online all clean......
hijackthis also looks clean to me....
Jotti scan on ccapp = clean.....

it looks like when I upgraded the sav from 10.0.1 to 10.0.2 it left both instances, I uninstalled both and reinstalled the newest...still dont think that would cause this though....I did this last night so will see when I get home later if it still tries to get to that ip address again!

THANKS SO MUCH for any input (ideas!)
 
Its not something strange in name resolution is it. What apps are installed that might try to send SMTP (apart from the obvious)...

Might it be trying to look up a real world version of your outbound mails server?

Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

[yinyang]
 
Not sure, the computer is usually very safe. I contacted my ISP and they said it sounded very fishy as that is not thier IP.

Thanks
 
What is the name of the outbound SMTP server you are using?

Just try an "nslookup servername.domain.com" and see what IP is returned.

I do agree - sounds v.smelly.

Mike

*************************************

Remember - There is always another way..........I just haven't found out what it is yet!

[yinyang]
 
Thanks for your help as I think I know what happened. My son was using Emule (P2P) I have read now that some people with ZA have had the same problem. It seems that some emule users set the P2P to use 'email' ports and ZA mistakes a request for a file as outgoing mail...

Thanks for your help as this was driving me crazy!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top