Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: can I block ALL outgoing emails?

  1. #1
    moraj Guest

    Default can I block ALL outgoing emails?

    Is there a way to completely disable all outgoing emails from my computer? Every time I enable my internet connection Norton Antivirus starts scanning emails that are sent from my computer, but I'm not sending them. It seems I have what is as yet an unidentified trojan on my computer (see some screen shots of it's activities at www.web-mirage.com/email to better understand what I'm talking about), but until I can find and kill it is there some way to stop these emails from being sent through my computer? Any thoughts on what the problem my be would also be appreciated. Thanks.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)

  2. #2
    billc Guest

    Default Re: can I block ALL outgoing emails?

    Sounds likes you are indeed infected with a virus or a spam program. I assume you've used your NAV to scan for viruses and it found nothing? There are settings in ZAP that would indeed block the outgoing mail using a couple options; unfortunately those features are not in ZA Free. This may sound simple, but one thing you could do is reset your ZA Free database which will require all programs to request 'access' permissions again. As you grant permissions, you should be able to identify which program is doing the sending. Once identified, you should be able to kill it with Hijack This proceedures. If you want to try, reset the database this way; you will lose your customizations and will need to reconfigure Zone Alarm.

    1. Boot your computer into the Safe Mode. {Instructions if needed}
    2. Navigate to the c:\windows\internet logs folder.
    3. Delete the backup.rdb and iamdb.rdb files in the folder.
    4.Reboot into the normal mode.

    Another thought I had would be to use a freeware program like Active Ports to see the name of programs actively using ports which might help identify the culprit.

    This is not a Hijack This forum, but I'd recommend Castle Cops forum where you can post your HJT log and have experts look at it. Or try a do-it-yourself review of your HJT log at Help2Go . They've got forums at the site as well.

  3. #3
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: can I block ALL outgoing emails?

    Most mail programs use Port 25 to send mail via an SMTP server but mail can be sent on many other ports as well. Nortons ONLY checks outbound traffic on port 25. To stop outgoing mail, you need to block outbound access via this port. This can be done in ZA Pro as an expert rule, or more effectively in your router. Be aware other ports can be used for SMTP (eg 24, 465 (for SSL), 587, 2525, 10025, or 52525 are just some) but these are not checked by Nortons.

    If you do block Port 25 (as some corporate sites who use IMAP do to prevent empoyees sending private e-mails from work) and you still want to send e-mails, then you will need to find an SMTP server that allows SMTP relay on a non-standard port. There are free services around but a very good commercial relay service is provided by DynDNS.

    To find out which program is sending the e-mails, use TCPView from Sysinternals and make sure you run it with Administrator priveleges. It will show you which program is connected to which port allowing you to identify your rogue program and deal with it.

  4. #4
    billc Guest

    Default Attn: FrereOP

    Do you like TCPView better than Active Ports?

  5. #5
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Attn: FrereOP

    Hi Bill,

    I have both and they both do the same thing essentially - act as a GUI front end for netstat. I prefer TCPView for a couple of reasons, the main one being it has a few more options to play with.
    [*]It doesn't need administrator priveleges to run (although I usually run it with them to display the program causing the connection)[*]I like being able to have the program automatically display resolved addresses (with Active Ports you have to do this manually for each IP address)[*]it has the option of displaying all endpoints (connected and unconnected) or only those which are currently connected.[/list]

    Its just a matter of choice but life is a bit easier with TCPView I find.

  6. #6
    billc Guest

    Default Re: Attn: FrereOP

    Thanks for the imput. My antivirus program thinks Active Ports is a security risk: look here .

  7. #7
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Attn: FrereOP

    <blockquote><hr>BillCherryAtl wrote:
    Thanks for the imput. My antivirus program thinks Active Ports is a security risk: look here .
    <hr></blockquote>
    Hi Guru Bill,

    I suspect Norton's is being paranoid because I use McAfee Enterprise and it doesn't flag either Active Ports or TCPView as malicious or unwanted and neither does Ewido or Pest Patrol.

    I don't see how either could be considered malicious. They are just GUI front ends for the standard DOS command 'Netstat'. What does Norton's make of 'Netstat'?

  8. #8
    billc Guest

    Default Re: Attn: FrereOP

    NAV 2006 doesn't mind netstat or does it have a problem with Cports, the program I used to replace Active Ports. I'm like you, I don't get it but the daily "quick scan" it did always alerted me to Active Ports so I decided to try another solution. CurrentPorts is pretty cool.

  9. #9
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Attn: FrereOP

    <blockquote><hr>BillCherryAtl wrote:
    NAV 2006 doesn't mind netstat or does it have a problem with Cports, the program I used to replace Active Ports. I'm like you, I don't get it but the daily &quot;quick scan&quot; it did always alerted me to Active Ports so I decided to try another solution. CurrentPorts is pretty cool.
    <hr></blockquote>
    It looks pretty good but I still like the automatic DNS lookup for remote IP's that TCPView does. If Cports did this, it'll win me over because the PINK alert for endponts made by suspicious programs is a VERY nice feature.

  10. #10
    billc Guest

    Default Re: Attn: FrereOP

    It does that and much more. It's free, why not give it a go?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •