Lastest attempt was to:
ip141-58-173-82.dyndsl.ver
satel.nl:1
10
I shut down my net connection, which broke the attempt, and haven't seen it again.
There was no email in the cache folders for AVG, just a logged note. I've since cranked up to maximum logging for the time being. This is using Outlook Express as mail client. I have all latest SP, patches, etc.
I had seen wacky stuff like this early on (10-12mos back) when I first built out this machine. Never have been able to find any spyware, virus, trojan, anything... Using a few different tools (MS Antispyware, AVG, a-squared, to name my starters...). About to try some more. Didn't know if it was something wacky with AVG itself, but it freaks me out when I see the AVG popup contacting a strange POP3 server, usually raw IP address or dynamic dns...
Anyone seen stuff like this? It's not trying to open an SMTP address (sending mail), it seems to be opening a 'random-seeming' POP3 box (which, of course, once the connection is opened, a trojan could use that 'transport' for potentially other things...). Concerned given this is my primary EVERYTHING box, and tons of sensitive information on it, used through it (https sites), etc.
Setting high points, hoping someone can either point me to figuring out where the POP3 conns are coming from, how to stop them (if malicious) or at least better track them (if non-malicious, maybe some silly util is trying to use pop3 for updates??), or resources/discussions regarding this exact topic (pop3 connections being made on windows box to pop3 mailboxes NOT specified in my account...).
Thanks folks,
-d
Start Free Trial
