We have swept everything on the LAN, nothing revealed from that. I have downloaded HiJakc This and am just running the thing now, and looking at the results.
thanks :-) On 21/01/2008, Candee Vaglica <[EMAIL PROTECTED]> wrote: > > Hi, Clayton. > I second the Hijack this recommendation. > Are you saying you swept the server or the user's workstation? > I would pull the workstation off the LAN first thing. > > > On Jan 21, 2008 10:03 AM, Clayton Doige <[EMAIL PROTECTED]> wrote: > > Dear all, I have a server apparently spewing out a hoarde of SMTP > messages, > > at least according to the Message Tracking system, which indicates the > > emails originate from a specific email address. > > > > This is Exchange 2003 by the way: > > > > I have checked and the system is not a relay, and only authenticated > users > > are allowed to send. I blocked access for this particular user account > to > > the smtp connector, and changed the password on the user account. > > > > When looking in Message Tracking subsequent to making the changes above, > the > > messages are noted, and the last action for each message is Submitted to > > Categorizer. > > > > According to the ISP mails are still coming out, and there is no record > of > > an SMTP server on the packets. > > > > netstat outputs also seem like everything is normal, although the output > is > > extensive. > > > > The box has been swept by it's local Trend SMEX, and Office Scan, plus > two > > other online scanners. WireShark is not telling me anything exciting, > and > > none of the processes running in task manager seem out of the norm. > > > > If this was another authenticated machine on the LAN I would have > expected > > the password change to have put an end to that. > > > > Has anyone seen similar, and if so could you kindly point this already > bald > > person in the right direction? > > > > Many thanks in advance > > > > -- > > Regards, > > > > Clayton > > [EMAIL PROTECTED] > > http://alsipius.com > > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > -- Regards, Clayton [EMAIL PROTECTED] http://alsipius.com ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~