Mail client starting by itself?

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Mail client starting by itself?
Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
1
July 8, 2009 - 10:15 pm
sp_Permalink sp_Print

Hi All - A strange event has started happening...my email client (Windows Mail in Vista) has begun opening up all by itself....ain't it clever!!!

It's a real nuisance coz, left unattended, it is downloading all emails from the server, whether I want them or not. I have MailWasher installed, which sits between my server and the email client and allows me to delete any unwanted emails before downloading. With WinMail just popping up at it's own discretion though, MailWasher is being bypassed.

At first I thought it was a problem with my wireless keyboard, some other things kept popping up uninvited too; the start menu and sometimes FF would just open. Changing the keyboard to a wired job has stopped most of the uninvited guests, except for WinMail which continues to have a will of its own.

This is an edit/update: It appears my earlier assertion that changing the keyboard had stopped other things from just popping up uninvited was [b:1kc49lr0]wrong[/b:1kc49lr0]!!!! I just had the 'Computer' page open for no apparent reason closely followed by the Start menu. What the heck is going on?????

I have no idea where to go next....any help/advice would be greatly appreciated.

cheers.....JIM

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
2
July 8, 2009 - 11:18 pm
sp_Permalink sp_Print

Jim,

Run Autoruns - http://technet.microsoft.com/en-us/sysi ... 63902.aspx and have a look at the Logon and Scheduled Tasks tabs. Any references to the programs in question?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
3
July 9, 2009 - 6:43 am
sp_Permalink sp_Print

Okay Mate, I didn't even think of the possibility of scheduled tasks...mind you I couldn't think of [i:5sre0l3h]anything[/i:5sre0l3h]!! LOL

Thanks Dave, will get back to you soon,
cheers....JIM

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
4
July 9, 2009 - 7:01 am
sp_Permalink sp_Print

Okay Dave - Couldn't see anything relating to any of the apps/folders which keep opening up. Certainly nothing under 'Logon' but there are quite a few entries under 'Scheduled Tasks' which are not familiar...none of them seem to relate to my problems though.

Since I last reported, another quirk has appeared, my audio is being muted without my permission. It's easy to fix but just another strange event to add to the list. I forgot to mention in my original post too, I have scanned the hard drive with both Avast and MBAM...nothing even remotely suspicious.

Any other ideas mate
JIM

P.S. As an afterthought, here is the list generated by AutoRuns under 'Scheduled Task':
[attachment=0:2a85d92l]Scheduled Tasks.JPG[/attachment:2a85d92l]

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
5
July 9, 2009 - 11:12 am
sp_Permalink sp_Print

Hmmm...

Try something quirky for me -- disconnect the computer from the network and see if the problem continues to happen. I saw this once before and someone had hacked in through VNC and was running random commands. I know you did a scan...but....

You can check netstat as well for any strange connections. It sounds as though you're getting random commands from somewhere, and the first guess would be the Internet. (For netstat, go to a command prompt, type 'netstat -a -b' without quotes).

In this case, however, we're hoping the problem continues to occur when you pull the internet plug. Because if it ceases, your network has been compromised. (ACK, No!!! )

Avatar
Mindblower
Montreal, Canada
Member
Forum Posts: 411
Member Since:
September 17, 2008
sp_UserOfflineSmall Offline
6
July 9, 2009 - 12:46 pm
sp_Permalink sp_Print

Is it just the keyboard that is wireless, or your entire system? As Ziggie mentioned, someone might be accessing you via a backdoor. I'd pull the phone/cable line, and run offline scans (extremely deep). Reboot and rescan, using as many scanners as you have to find the problem. Also, even when you do find the problem, fix by removing, do the reboot and scans for a few times, just to be sure. Might even want to power off in between. Some of these bugs like to hide, Mindblower!

"Light travels faster than sound;
That is why some people seem bright until you hear them speak"

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
7
July 9, 2009 - 6:18 pm
sp_Permalink sp_Print

Thanks for the replies guys.

ZIg - I ran the command but what should I be looking for?? I got a fairly long list of results...most of which mean nothing to me. Are there any particular indicators??

MB - Keyboard and mouse only. Keyboard is now USB so only running wireless mouse at this time. I always run scans in the deepest/most thorough mode available mode anyway but shall try your suggestions...thanks.

Do you think it would be a good idea to run Hijack This? I might do that anyway and see what the logfile turns up.

thanks again,
JIM

Edit/Update: Ran Hijack This..the logfile shows nothing unusual, not even anything remotely suspicious.

Avatar
Mindblower
Montreal, Canada
Member
Forum Posts: 411
Member Since:
September 17, 2008
sp_UserOfflineSmall Offline
8
July 9, 2009 - 8:23 pm
sp_Permalink sp_Print

Well Ziggie, post the log file on a forum where there are experts in reading the log might help. Since you know there is something NOT right, you're looking for the proof, and correction procedure. Wish you luck, Mindblower!

"Light travels faster than sound;
That is why some people seem bright until you hear them speak"

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
9
July 9, 2009 - 8:51 pm
sp_Permalink sp_Print

Umm..err..MB...it's Jim not Ziggie.

I am not an 'expert' at anything...well, maybe at lawn bowls...but not anything to do with the computer. BUT, I know enough about Hijack This logfiles to read them and know if there is anything sinister there. I really don't need anybody to double check it for me....thanks for for thought tho.

Still looking............

cheers...JIM

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
10
July 9, 2009 - 9:30 pm
sp_Permalink sp_Print

Jim,

Sorry I stepped out on you.

Since there was nothing out of the ordinary in AutoRuns I'm leaning toward hardware. Ziggie's recommendations were right on, but I know you're well enough to know you probably aren't infected (now Ziggie on the other hand ).

I know it seems strange, but programs starting - often the same ones leads me to the hardware conclusion. Can you go totally wired (keyboard/mouse) and remove any dongles and associated wireless keyboard/mouse software (think of the quick access keys on most keyboards)?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
11
July 9, 2009 - 9:56 pm
sp_Permalink sp_Print

Hey Dave - Yep, I can do that. The only other thing which is connected wirelessly is the mouse...I can swap that over for a USB variety, disconnect the associated transmitters and uninstall keyboard and mouse drivers.

This is happening mainly after the machine wakes from hibernation. I leave with just the desktop showing and no open programs...I come back and the Calculator, Firefox and Windows Mail are all open/running. Although, I have had the calculator pop up out of nowhere while actually using the machine and occasionally an email I am in the process of writing will just minimize itself for no apparent reason. No instances of FF or Windows Mail opening uninvited..except when left unattended.

thanks Dave,
Cheers...JIM

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
12
July 9, 2009 - 10:02 pm
sp_Permalink sp_Print

Your house isn't built on an old Indian burial grounds is it?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
13
July 9, 2009 - 10:47 pm
sp_Permalink sp_Print

LOL....definitely not. Maybe old Aboriginal burial grounds tho. Either that or a bad case of the Gremlins!!

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
14
July 10, 2009 - 8:57 am
sp_Permalink sp_Print

Heh.

Dave, Jim mentioned (either here or an email to me, can't remember) that he'd set up port forwarding for uTorrent right about the time this started. While I don't think his machine is infected, when you start opening ports on a firewall then commands [i:2b0dcaxk]can [/i:2b0dcaxk] come through. All it takes is unpatched software listening on the wrong port and then you get weird symptoms.

Jim, has removing the port forwarding staved off the issue?

--zig

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
15
July 10, 2009 - 5:53 pm
sp_Permalink sp_Print

Hey Guys - Have now been 24 hours without anything opening up by itself. I remembered 3 things I had done around the time this started happening and reversed all three. That is not the best/most expedient approach because now I am unsure of exactly which was the culprit...however, had I proceeded with the one at a time method, the extended length of time between the phantom events would have meant a possible 4 to 6 day period of testing before finding the culprit and fixing things up. I decided to take the short route. Here are the three things I remembered and how I dealt with them:

1) Was experiencing some serious lag with the wireless keyboard - uninstalled wireless keyboard and changed over to USB.
2) Could not get Skype to connect so downloaded and installed the latest version - left Skype disconnected/inactive.
3) I had setup port forwarding in router - deleted port forwarding NAT entry.
4) I also had a few programs enabled in Windows Firewall exceptions - reset Windows Firewall defaults.

I am leaning heavily toward the wireless keyboard as number 1 suspect. I had been experiencing some serious lag problems with it so it was obviously not 100% well. Skype is a long story and I won't bother you with the whole thing....but just after installing the latest version, even though I had all Privacy options set to "People on my contacts list only", I noticed a new/unknown name had been added to my list of contacts. I deleted the contact and double checked the Privacy settings...all O.K. I did notice that Skype has an option enabling 'uPnP' by default....how much of a security risk is that???
The port forwarding, along with a static IP address, I set up to accommodate uTorrent. It was the first time I had ever set up a torrent client and, after hearing/reading so much about torrents, I went through the process as much for the learning curve as anything. I seriously doubt this was the root cause but as Zig has pointed out...it is a possibility.

Anyway, I am now in the process of returning things back to the way they were when these issues first appeared...this time, one at a time so I will know which was to blame. Have already re-connected Skype and unblocked it through the Windows Firewall. As soon as I have identified the culprit I'll let you know.

Thanks to everyone for your suggestions and help with this...much appreciated,
cheers....JIM

P.S. [b:2v2vm027]Definitely[/b:2v2vm027] no infections involved...I've run more scans than the radiologist at State Hospital......nothing, zilch, nada, zero

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
14 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1272

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet