Computer sending Spam.

B

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
I have a computer and I think its sending spam, I can't find what is doing it. The only reason why I noticed is a went to do a routine check on it as it had been marked as trying to access a spyware page and possibly having a Trojan.

When I loged it it was fine but then I logged in as an admin and I started to see tons of scanning messages from Symantec Antivirus Corporate 10 and then a few error messages about not being able to send messages etc etc.

I updated the patterns and the only thing it found was Trojan.Pandex in a few files. They were cleaned and I scanned with spybot as well and nothing really big was found.


Whenever I go back to the system and give it internet access again the mail scanning messages start again and the realtime finds Trojan.Pandex in attachements its trying to put into messages.

I can't for the life of me find what is doing it! I've ran a netstat -b -n -v and found no dlls or attached processes that I didn't recgonize, no processes themselves were contacting the netnet also. The only contact I can see with SMTP seems to be symantec exes and well as svchost (the real one) and system process sometimes!
 
"cleanup! mbam"

I don't get it?

I would just format and be done but its not that simple, its a user's computer and if I do that then I'll have to take the time to back up all the stuff they can't or don't save to the network like they should and since they are counselors of special needs then I'd have to find all their programs and deal with that. Also its not a real solution of this start happening to a number of systems around the district.


I guess what I'm asking is does anyone know anything else to try to find out what specific process or parts of a process are accessing the net? I could run a sniffer on it but it won't tell me what exactly is recieving the commands and what is sending the spam.
 
bigstusexy said:
"cleanup! mbam"

I don't get it?

I would just format and be done but its not that simple, its a user's computer and if I do that then I'll have to take the time to back up all the stuff they can't or don't save to the network like they should and since they are counselors of special needs then I'd have to find all their programs and deal with that. Also its not a real solution of this start happening to a number of systems around the district.
Click to expand...

Isn't your systems patched up and behind a proper firewall?
 
Yes. I don't know how they got it, if it spreads like how its trying to spread now then they could have gotten it and infected themselves. There is obviously some part of it that isn't recognized yet by Symantec as the patterns from yesterday didn't clear out everything.
 
Thanks for the smart reply marley1, perhaps if it were in sentence form I would have thought it was more than one object and not a typo if goodness knows what and I would have searched for them.


When i checked the system today it seems it has stopped, I can't find any trace of anything. Now I get to go to the Superintendent's system which our filter says is also infected woohoo!
 
not a smart ass reply, but generally if you have a issue with computer google should be the first issue.

if you do not know how to search for problems you shouldn't be in IT.

one computer on the network has spyware.

run MBAM on all machines.
 
This is the last I'm going to say on this to stay on topic, you said:

cleanup! mbam

run em in safe mode

If you had said:

Try cleanup! or/and mbam run them in safe mode


Then even if I didn't have a clue what you were talking about I'd know that cleanup! and mbam were two program and I would have searching for them, as you put it they it looked like a typo like statement and a fragmented sentence, I had no clue what you were talking about, heck even if you had just replied with "they are programs" I would have then looked for them and stated that we use ccleaner and any purchases of equipment take a long time or may never happen.


Symantec Antivirus Corp seems to have taken care of it on that system on the second one I have yet to start. I think the problem was that the patterns weren't as current as they could have been and the program kept loading its self into memory, after all traces were cleaned and the active sheild was able to detect it trying to load it was able to keep it out and found where it lived. Since then we have also set an explicit rule stopping anything but the mail server and spam filter from sending email.
 
lol not even going to get into it. if you work in IT you should know what MBAM is, if you even read this subforum you should know because every thread with spyware i mention it as well as 10 other programs that will work.

ccleaner != cleanup! or mbam

cleanup! only deletes temp files and deletes them a hell of a lot quicker then ccleaner.

mbam is simlar to spybot but does much more.

all free software.

and you should have from the begining had the rule on the firewall only accepting mail from your smarthost and only allowing mail to be sent out from the IP of the exchange/mail server.
 
You must log in or register to reply here.
Back
Top