Virus on Small Business Server.... "Mass Mailer Virus" 500Pts - Be quick I'm ready to reinstall!
Posted on 2005-05-16
Having a major problem with a virus infection on a Small Business Server.. the major part of the problem is that I cannot work out what the infection is!
We have been disconnected (blocked) from our ISPs SMTP server for sending an excessive amount of email... although we can find no evidence of this...apart from symantec mail security popping up every now and again saying "mail security detected a mass mailer virus" (but that's it, no name or location! very helpfull!)
I have just installed Symentec Anti-Virus multi-tier 9.0 and updated run everything... didn't find anything (apart from some items in the "badmail" folder which where deleted).
I have also run every other online virus scan I can find (symantec, trendmicro, panda, etc, etc, all of which find nothing!)...(also don the same on all the client PCs, only 2!)
The server is not an open relay and we have a Servgate SG100 Firewall protecting the server.
What I have noticed is strange network activity, a small blip every other half second (0.4% network usage), which stops when I terminate dlbtnmon.exe (a small app that comes with a Dell All-in-One printer Scanner)...relaited?
Anyone got any ideas atall???? PLEASE! I have reached the point of re-installing the server from scratch as I cannot find any evidence of the virus.
The ISP originally said it was Netsky - (so I downloaded the symantec tool and ran that, found nothing on server or clients). now they say we are exceeding the send limit of 600 mails per hour).
PLEASE PLEASE get back ASAP - Will be wiping the damn thing this evening if I don't here anything..500Pts could go down the drain!