Jump to content


AVG is not screening incoming or outgoing E-mail

  • Please log in to reply
1 reply to this topic

#1 harshale



  • New Member
  • Pip
  • 1 posts

Posted 26 July 2004 - 05:34 AM

In case it might be helpful I'll list the info that could be relevant in resolving my problem.: OS = 98SE, Outlook Express ver. 6, ZoneAlarm firewall (free), SpyBot S&D(free), Spyware Blaster, Ad Aware, Cookie Manager, Pest Scan, RegSupreme (trial), Registry Tuneup (trial), Registry Pruner, HiJack This, CW Shredder, and AVG.

I installed AVG sometime around mid-July and it really impressed me. Actually I had no exprience to compare it to (I had never before had any "full-time" anti-virus software installed and just relied on periodic scans by McAfee, Panda, etc. for protection) but AVG was so easy to in-stall and use that I felt it hard for anything else to out-perform it. I was surprised at the number of virus that it detected in incoming mail and put in the vault in just the first few hours.

Not content to leave well enough alone and having too much free-time, I decided to try the Kerio firewall, I did a /clean uninstall of ZoneAlarm and installed Kerio, everything seemed to be fine, Kerio was doing it's stuff and looking good, AVG was putting it's certification note on all the incoming and outgoing e-mail and sticking virii in the vault. Great !!, for a couple of hours, then something went really wrong and the blue screens started ( I hadn't had a blue screen in years). It was out of control. From that point on it was like dealing with a barrelful of Medusas in a room full of Hydras. I finally had to shut it down by means of the power switch.

I restarted in DOS, ran Scandisk thorough, and got into Safe-Mode,...did the step by step confirmation,... MSconfig,...selective... etc.... the whole drill. Finally, I was back up and operating. No firewall though, Kerio was just showing a flat line....uninstalled Kerio and reinstalled ZoneAlarm, at least I was familiar with it. AVG had become corrupted somewhere along the way, so I uninstalled and reinstalled AVG. Somewhere in this chaos I had a dialogue panel on screen which had 2 slots (along with a lot of other stuff which I never got to), one of these slots indicated that my outgoing mail (SMTP) port was 5000, the other slot indicated that my incoming mail (POP3) port was 5001.. It was "stated" in the following way: 25 -> 5000 New, in 1 slot and 110 -> 5001 New in the 2nd slot. Knowing that the proper ports for OE were 25 and 110, I went to OE >Tools > Accounts,...etc and things were a mess. The incoming mail server had something like: 127.000.0 instead of; POP.pacbell.yahoo.com and the outgoing also had a 127.something instead of; SMTP.pacbell.yahoo.com. I got OE straightened out with the proper addresses and ports and then went back to the panel with the port changes shown, at the bottom of the panel was a "Modify" button, I selected one of the slots, hit Modify and reversed the order of it so it now said; 5000 -> 25, made the appropriate modification to the 2nd slot and then started to look at the rest of the panel contents to see what it was all about, at that instant the panel disappeared, never to be seen again.
So, the situation at that point is, I've got a fresh and operational ZoneAlarm firewall, a fresh and operational (I thought) AVG, and OE is back to a proper configuration. Everything is functioning, I'm accessing and surfing the internet, e-mail is coming and going, everything seems right. It was a few days later that I realized that whenever I looked in the AVG vault it was always empty, but I figured that nothing carrying a virus had come in. It was then that I noticed also that my incoming was not carrying the AVG "confirmation" note at the bottom of the mail. I went to Deleted Items and saw that none of the incoming since the fresh AVG installation had the confirmation on it. A look in the contents of Sent Items revealed the same thing. I checked and made sure that Confirmation Notice was enabled for both in and out e-mail. About that time, in comes that bogus MS look-a-like "Security Update" thing which I know is carrying a virus because AVG had impounded one the last time it had arrived. So as soon as I saw it in the Inbox I went to the AVG vault...no virus...obviously AVG is no longer screening my E-mail.
So. hoping it was just a faulty AVG install, I uninstalled and reinstalled AVG, still no e-mail screening. I tried to find the mysterious panel that had disappeared (I had assumed it was part of AVG) but if it's no where to be found it must have been part of Kerio.
I thought I'd been invaded by something so I've run McAfee, Panda, Housecall, PestScan, and probably more. Everyone of them says my system is clean. PestScan, by the way is still reporting CWS.GoogleMS.3...what's going on there?
SpyBot S&D, Spyware Blaster, Ad Aware, HiJack This, etc all report nothing.
I have conjured up one possible explanation for the failure of AVG to screen my e-mail. Assume for the purpose of this discussion; The mystery panel belonged to AVG, I had modified the port values to what they should be, but I never got to the point of hitting "Apply" or "OK" before the panel disappeared, thus leaving the ports being monitored by AVG as 5000 and 5001. Accepting that, forces the conclusion that the AVG uninstalls have not been "clean". Well, I know that to be a fact in that after each uninstall of AVG I have done a "Find > Files and Folders > Named...etc." and there are always a certain number of AVG items to be removed manually. The same held true for Kerio, there were remnants of it left after the uninstall. A couple of days after the Kerio uninstall and the manual removal of remnants, I ran across Kerio stuff in the registry while I was mucking about in there. ZoneAlarm was the same but I found that you can add a "/clean" switch to the ZoneAlarm uninstaller target address which gives a clean uninstall. Back to my point; each new install of AVG is going in more as an update or upgrade when it encounters some pre-existing configuration file or registry entry(s) which both the uninstaller and I miss. It does not over-write them. This scenario would have the fresh AVG watching ports 5000 and 5001 while the mail traffic is on ports 25 and 110. Not inconceivable, because my searchs are limited to what I know; AVG and Grisoft. Who knows what the port designation files are named,? or where they are at? They may be in the registry and named AVG, but Find > Files and Folders...etc. ain't gonna find them there.

Well, there it is, hopefully someone can provide some meaningful advice or help. Thanks for your time and patience.
You can't spend what you ain't got, and you can't lose what you ain't never had.

#2 Guest_Joey1_*

  • Guests

Posted 26 July 2004 - 01:45 PM

CWS.GoogleMS.3 is a false positive caused by SpywareBlaster. Disable protection for xxxtoolbar and the false positive is gone. The key, domains, is the restricted sites in IE. The AVG problem, you're gonna need a real expert for.( By the way, this bumps your thread up :cool: )

Edited by anti-spyware freak, 26 July 2004 - 01:46 PM.

Member of UNITE
Support SpywareInfo Forum - click the button