Haven't read all the replies yet, but I had a workstation that was behaving oddly last week, with Symantec windows popping up about messages not being delivered, etc. I tried AV scans, with Clam, AVG and Symantec. I tried adware scans with Ad-Aware. Nothing was found by any of those. I installed the free version of Blink, and right away it found an .exe in my Windows directory that was trying to open TCP and UDP connections to the internet, in order to send out spam. I would highly recommend trying Blink to see what you can find...
Joe Heaton ________________________________ From: Clayton Doige [mailto:[EMAIL PROTECTED] Sent: Monday, January 21, 2008 7:04 AM To: MS-Exchange Admin Issues Subject: Virus Hunt (PLEASE HELP!!!!!!!!) Dear all, I have a server apparently spewing out a hoarde of SMTP messages, at least according to the Message Tracking system, which indicates the emails originate from a specific email address. This is Exchange 2003 by the way: I have checked and the system is not a relay, and only authenticated users are allowed to send. I blocked access for this particular user account to the smtp connector, and changed the password on the user account. When looking in Message Tracking subsequent to making the changes above, the messages are noted, and the last action for each message is Submitted to Categorizer. According to the ISP mails are still coming out, and there is no record of an SMTP server on the packets. netstat outputs also seem like everything is normal, although the output is extensive. The box has been swept by it's local Trend SMEX, and Office Scan, plus two other online scanners. WireShark is not telling me anything exciting, and none of the processes running in task manager seem out of the norm. If this was another authenticated machine on the LAN I would have expected the password change to have put an end to that. Has anyone seen similar, and if so could you kindly point this already bald person in the right direction? Many thanks in advance -- Regards, Clayton [EMAIL PROTECTED] http://alsipius.com ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
