malwarebytes, vipre live and ubcd4win are your friends. On Fri, May 13, 2011 at 02:50, Al Rose <arose...@gmail.com> wrote: > Turns out it is a Trojan:Exploit:Win32/CVE-2009-3129, at least thats what > the antivirus said (the one running on Exchange) the one on the local > computer hasnt seen anything... > Still dont get how this email could have been sent without the user knowing > it. > the user is alone in his office so he's saying no chance someone sent the > email from his computer. > Checked the mailbox rights, there are a couple of security groups for our IT > folks that have full mailbox access, but i assume they would not do that :) > > > > On Wed, May 11, 2011 at 3:57 PM, Ellis, John P. <johnel...@wirral.gov.uk> > wrote: >> >> That changes things slightly then. >> A couple of thoughts..... >> Someone has jumped onto the user machine and sent the email >> Does anyone have access to the users email account (maybe via Mailbox >> rights permissons)? >> System generated email? >> An odd rule on the mailbox? >> >> >> Is the email in the sent items folder? >> Is the name of the spreadsheet the same as one that appears on your >> network drives? >> >> >> Thanks >> >> John >> ________________________________ >> From: Al Rose [mailto:arose...@gmail.com] >> Sent: 11 May 2011 14:10 >> To: MS-Exchange Admin Issues >> Subject: Re: User get NDRs without sending emails >> >> I tracked emails in Exchange, an email was sent around 2pm and the user >> received an NDR 2 hours later. If i look at the original email, there is >> only one recipient which is a recipient unknown from the user. >> After further investigation i also was told that the same email message >> has been received by external users (still unkown from the user who is >> supposed to have sent this message)and they actually responded to our user >> saying they received an excel attachment they could not open. >> So to resume an email is sent from one of our user (even the correct >> signature is in the email and contains a spreadsheet that cannot be opened). >> The user has no delegates nor granted the send as right to anyone. Only >> some helpdesk staff have the send as right to so but i assume my colleagues >> would not send random emails... >> >> On Wed, May 11, 2011 at 10:43 AM, Ellis, John P. <johnel...@wirral.gov.uk> >> wrote: >>> >>> Worth checking the headers of the email and see if it really is generated >>> by yourselves. >>> If the NDRS are being generated with out a user sending an email, then it >>> sounds more like spam emails. I.e someone has faked a from address (in this >>> case from you domain) and send the email to an address that doesnt exist >>> thus generating an NDR. >>> >>> HTH >>> john >>> ________________________________ >>> From: Al Rose [mailto:arose...@gmail.com] >>> Sent: 11 May 2011 09:16 >>> To: MS-Exchange Admin Issues >>> Subject: User get NDRs without sending emails >>> >>> Hi >>> I am seeing more and more of this problem in our environment (still >>> running 2k3 SP2 Exchange servers): Users receive undeliverable NDRs without >>> writing email. >>> Been "googling" lately about it and apparently there are only two >>> solutions: totally disable NDRs (we dont want to do that), or get an >>> appliance (a magic one that will fix our problem). >>> We currently use Antigen but only as an antivirus, as our antipsam >>> filtering is done at a higher level where we dont have control. >>> Anybody? >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe exchangelist >>> >>> ********************************************************************** >>> >>> This email and any files transmitted with it are confidential and >>> >>> intended solely for the use of the individual or entity to whom they >>> >>> are addressed. If you have received this email in error please notify >>> >>> the system manager. >>> >>> This footnote also confirms that this email message has been swept by >>> >>> MIMEsweeper for the presence of computer viruses. >>> >>> www.clearswift.com >>> >>> ********************************************************************** >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist
--- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist