None of the processes, services, or registry entries that Hijack This outputs looks untowards on the server. Can the tool be used centrally to analyse numerous hosts, or does this need to be done on a host by host basis.
Really what I want to do is see where these messages are originating as they are not in sent items for this users mailbox. Message Tracking has limited output, and I am having a devil of a time trying to track down the source for these messages. BTW, OOF etc are disabled on this server. Thanks On 21/01/2008, Clayton Doige <[EMAIL PROTECTED]> wrote: > > We have swept everything on the LAN, nothing revealed from that. I have > downloaded HiJakc This and am just running the thing now, and looking at the > results. > > thanks :-) > > > On 21/01/2008, Candee Vaglica <[EMAIL PROTECTED]> wrote: > > > > Hi, Clayton. > > I second the Hijack this recommendation. > > Are you saying you swept the server or the user's workstation? > > I would pull the workstation off the LAN first thing. > > > > > > On Jan 21, 2008 10:03 AM, Clayton Doige <[EMAIL PROTECTED]> wrote: > > > Dear all, I have a server apparently spewing out a hoarde of SMTP > > messages, > > > at least according to the Message Tracking system, which indicates the > > > emails originate from a specific email address. > > > > > > This is Exchange 2003 by the way: > > > > > > I have checked and the system is not a relay, and only authenticated > > users > > > are allowed to send. I blocked access for this particular user account > > to > > > the smtp connector, and changed the password on the user account. > > > > > > When looking in Message Tracking subsequent to making the changes > > above, the > > > messages are noted, and the last action for each message is Submitted > > to > > > Categorizer. > > > > > > According to the ISP mails are still coming out, and there is no > > record of > > > an SMTP server on the packets. > > > > > > netstat outputs also seem like everything is normal, although the > > output is > > > extensive. > > > > > > The box has been swept by it's local Trend SMEX, and Office Scan, plus > > two > > > other online scanners. WireShark is not telling me anything exciting, > > and > > > none of the processes running in task manager seem out of the norm. > > > > > > If this was another authenticated machine on the LAN I would have > > expected > > > the password change to have put an end to that. > > > > > > Has anyone seen similar, and if so could you kindly point this already > > bald > > > person in the right direction? > > > > > > Many thanks in advance > > > > > > -- > > > Regards, > > > > > > Clayton > > > [EMAIL PROTECTED] > > > http://alsipius.com > > > > > > > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > > > > -- > Regards, > > Clayton > [EMAIL PROTECTED] > http://alsipius.com > > > -- Regards, Clayton [EMAIL PROTECTED] http://alsipius.com ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
