1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XP repair problem

Discussion in 'Computer Security' started by ffreeloader, Jan 10, 2006.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I had a really interesting XP problem today. A friend had a laptop with XP on it that quit accessing email. I had installed Ewido and AVG Pro on it a while back--six months ago--but he had never updated anything on it.

    I was getting an error from OE when attempting to connect to the mail server that said: ERR AVG POP3 Proxy Server: cannot connect to the mail server. I also couldn't open the Control Console for AVG. I would get an error that avgcc.exe couldn't be found, and I couldn't find it.

    I ran an ewido scan after updating definitions and it found a few tracking cookies but nothing else. I then ran a virus scan--strangely enough I could still do this--and found a couple of trojans and a virus. I cleaned that mess up, shut down the firewall, and ran an nmap scan against all 65535 tcp and udp ports on the laptop. There were no suspicious ports open. However, I still couldn't open the AVG Control Console so I did a repair install of AVG. That fixed the Control Console problem but I still couldn't download any email.

    What I ended up finding was that the email scanner in AVG was set to use port 10110 for POP3 and 10025 for SMTP. I fixed those settings and away it went.

    Has anyone else run into this before? I've never seen port numbers changed like that before.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    One more thing about this. The email was only a problem on one account on the computer. The others worked fine.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    No Freddy never seen that in my entire life :blink

    However, I have had issues with AVG 7 (the free one) in that it is very date conscious. If you are having any problems with the control centre, updates etc. Check the date on the system is correct.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. michael78

    michael78 Terabyte Poster

    2,085
    29
    141
    Nope, never come across this tbh. Seems a strange problem, possibly a bug in the software?
     
    Certifications: A+ | Network+ | Security+ | MCP | MCDST | MCTS: Hyper-V | MCTS: AD | MCTS: Exchange 2007 | MCTS: Windows 7 | MCSA: 2003 | ITIL Foundation v3 | CCA: Xenapp 5.0 | MCITP: Enterprise Desktop Administrator on Windows 7 | MCITP: Enterprise Desktop Support Technician on Windows 7
    WIP: Online SAN Overview, VCP in December 2011
  5. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Nor me. Strange Fred :blink
    Are you going to contact AVG?
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  6. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    No. It's odd how the control center was deleted and 10,000 added to the POP3 and SMTP port numbers though. I know the owner didn't mess with it. He doesn't know enough about his computer to do it and it would be a pretty rare bug that would cause a piece of software to delete a part of itself.

    I also ran HijackThis and it came up clean. I checked every line that I didn't recognize and there was nothing suspicious. I almost suspect some type of rootkit but if that were true I'd find some suspicious ports open, or so I would think.

    It's a puzzler to me, that's for sure.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  7. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Freddy, I had a quick google for POP3 and port 10110 and came up with this...

    To be honest I can't quite understand what the guy is saying but it is very early :rolleyes:

    You might want to delve further because I think you may have bypassed AVGs email scanning system.

    The link is here...

    http://www.pcanswers.co.uk/tips/default.asp?pagetypeid=2&articleid=35762&subsectionid=616
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Thanks, Bluerinse.

    I read the link, took at look at the computer in question again, and it doesn't apply to the Pro version of AVG. The Pro version has three configuration choices for the AVG email scanner plugin. It uses a setting called Auto Configuration by default. In that setting you use the normal port settings for POP3 and SMTP. All you need to do to use it is to configure AVG to scan incoming and outgoing email and configure the email client as you would normally.

    You can set it up the way the link you provided shows, but there's no need to do that as the auto configuration setting works fine and AVG reports that the email scanner is configured and working properly.

    How the port settings were changed so that the user couldn't download email is still a mystery. The only thing I can think of is that the person from the ISP who set up the email client made the changes as this all started when the guy changed ISP's.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...