I don't know wqhat the hell is this thing!

Discussion in 'malware problems & news' started by after1234, Dec 5, 2005.

Thread Status:
Not open for further replies.
  1. after1234

    after1234 Registered Member

    Joined:
    Dec 5, 2005
    Posts:
    5
    In the attached pic you can see something weird that keeps poping in my tray.
    does nayone have any idea what is it??
    its probably bad right?
    how do i get rid of it?
    thanks!
     

    Attached Files:

  2. after1234

    after1234 Registered Member

    Joined:
    Dec 5, 2005
    Posts:
    5
    BTW, i made it in grayscale. the color icon is the problem, and that's what is sais when the cursor is on it.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Is it my imagination or does that look like a mail client icon that could be performing a periodic check for mail and download of it on your DSL connection?

    Blue
     
  4. after1234

    after1234 Registered Member

    Joined:
    Dec 5, 2005
    Posts:
    5
    nope. i only use web mail.
    and besides - what is that strange IP-like address?
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    here is the info on the IP
    .
    % The objects are in RPSL format.
    %
    % Note: the default output of the RIPE Whois server
    % is changed. Your tools may need to be adjusted. See
    % http://www.ripe.net/db/news/abuse-proposal-20050331.html
    % for more details.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    % Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '194.247.224.0 - 194.247.239.255'

    inetnum: 194.247.224.0 - 194.247.239.255
    netname: X-STREAM-UK
    descr: Tiscali UK Ltd
    descr: Milton Keynes
    remarks: ==========================================================
    remarks: Concerning abuse and spam ... mailto: abuse@uk.tiscali.com
    remarks: e-mail to other addresses will not be dealt with.
    remarks: ==========================================================
    country: GB
    admin-c: TU935-RIPE
    tech-c: TU935-RIPE
    status: ASSIGNED PA
    mnt-by: TU935-RIPE-MNT
    source: RIPE # Filtered

    role: Tiscali UK
    address: Tiscali UK Limited
    address: 20 Broadwick Street
    address: London W1F 8HT
    phone: +44 207 087 2000
    remarks: Information: http://www.tiscali.com
    admin-c: DC-RIPE
    admin-c: DG9105-RIPE
    tech-c: BH-RIPE
    nic-hdl: TU935-RIPE
    remarks: Hostmaster Role Account
    mnt-by: TU935-RIPE-MNT
    source: RIPE # Filtered
    abuse-mailbox: abuse@uk.tiscali.com

    % Information related to '194.247.224.0/19AS9105'

    route: 194.247.224.0/19
    descr: Tiscali UK Limited
    origin: AS9105
    mnt-by: TU935-RIPE-MNT
    source: RIPE # Filtered
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, the domain registration is as follows....

    Registrant:
    Tiscali UK Ltd
    20 Broadwick Street
    London
    London
    W1F 8HT
    UK

    Domain Name: as9105.com

    Any connection to your broadband access?

    Blue

    edit like bigC said.... :)
     
  7. after1234

    after1234 Registered Member

    Joined:
    Dec 5, 2005
    Posts:
    5
    no connection whatsoever. im connecting through my local ISP necer heard of as9105.com or tiscali...
     
  8. Oddbod

    Oddbod Guest

    Hi,

    Have you ever had Avast antivirus installed as that icon looks very similar to the Avast mail scanner icon that appears when checking mail?
     
  9. after1234

    after1234 Registered Member

    Joined:
    Dec 5, 2005
    Posts:
    5
    I do have avast AV running but what does this address have to do with it?
    Still looks suspicious doesn't it?
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  11. toadbee

    toadbee Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    123
    That is the Avast Mail scanner icon.
     
  12. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    This is the remote address that the mail scanner is relaying to.
    That is, some program on your machine is connecting on port 25 (SMTP), 110 (POP3) or 143 (IMAP) to this address.

    Are you running a P2P application?
     
  13. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Tiscali is a large ISP (works under a lot of names), your AV is probably checking the
    mail there because your mailclient starts a POP/imap connection
     
Loading...
Thread Status:
Not open for further replies.