If there is the possibility of a new or unrecognised virus on a machine, I generally use HijackThis to look for anything dodgy running - you can post the results of the scan if you're having trouble interpreting them
On 21/01/2008, Clayton Doige <[EMAIL PROTECTED]> wrote: > > Dear all, I have a server apparently spewing out a hoarde of SMTP > messages, at least according to the Message Tracking system, which indicates > the emails originate from a specific email address. > > This is Exchange 2003 by the way: > > I have checked and the system is not a relay, and only authenticated users > are allowed to send. I blocked access for this particular user account to > the smtp connector, and changed the password on the user account. > > When looking in Message Tracking subsequent to making the changes above, > the messages are noted, and the last action for each message is Submitted to > Categorizer. > > According to the ISP mails are still coming out, and there is no record of > an SMTP server on the packets. > > netstat outputs also seem like everything is normal, although the output > is extensive. > > The box has been swept by it's local Trend SMEX, and Office Scan, plus two > other online scanners. WireShark is not telling me anything exciting, and > none of the processes running in task manager seem out of the norm. > > If this was another authenticated machine on the LAN I would have > expected the password change to have put an end to that. > > Has anyone seen similar, and if so could you kindly point this already > bald person in the right direction? > > Many thanks in advance > > -- > Regards, > > Clayton > [EMAIL PROTECTED] > http://alsipius.com > > > -- James Rankin Tel: +44 7902 193912 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~