Is your firewall set to only allow SMTP (port 25) traffic from your Exchange server?
Die dulci fruere! Roger Wright ___ On Mon, Aug 2, 2010 at 2:21 PM, Osborne, Richard <richard.osbo...@wth.org> wrote: > I disabled their accounts and it didn't help. > > > -----Original Message----- > From: Roger Wright [mailto:rhw...@gmail.com] > Sent: Monday, August 02, 2010 1:09 PM > To: NT System Admin Issues > Subject: Re: malware that creates Outlook rules > > Have you had the users change their passwords yet? > > > Die dulci fruere! > > Roger Wright > ___ > > > > > On Mon, Aug 2, 2010 at 1:46 PM, Osborne, Richard > <richard.osbo...@wth.org> wrote: >> Has anyone seen malware that creates an Outlook rule that moves all new >> mail to Deleted Items and then sends out a bunch of spam? I have a few >> users that have been hit with something I can't find. I scanned the PCs >> with VIPRE, MalwareBytes, & Symantec's online scanner and didn't find >> anything. Then I turned off the PCs and something is still accessing >> their mailboxes. I scanned the Exchange server also. I am not seeing >> anything in Exchange User Monitor or Windows Security logs and our >> network guys say they don't see any unusual traffic to our Exchange >> server. >> >> Google finds a couple of people reporting the same thing but no >> resolution. >> >> Windows XP SP2 clients with Outlook 2002 & 2003; Exchange Server 2003 >> SP2 on Server 2003 SP1. >> >> Thanks for any ideas. >> >> >> >> Richard Osborne >> Information Systems >> Jackson-Madison County General Hospital >> >> NOTICE: (1) The foregoing is not intended to be a legally binding or >> legally effective electronic signature. (2) This message may contain >> legally privileged or confidential information. If you are not the >> intended recipient of this message, please so notify me, disregard the >> foregoing message, and delete the message immediately. I apologize for >> any inconvenience this may have caused. >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~