troubleshooting Question

Unauthorized port scans coming from our mail server

Avatar of webfeat
webfeat asked on
OS Security
2 Comments1 Solution601 ViewsLast Modified:
We have been notified by reliable sources that our mail server is running port scans on their server.  We have closed all access to port 10000, (We think that Veritas may have been the culprit) however the outgoing scans continue.  Nortons found dfind.exe and hacktool.dfind and those have been quarantined.  We have also run:  Spybot, Windows Defender, Unhackme, hijackthis, and AA tools but the outgoing scans continue.  This is running on our mailserver and the control.exe seems to be maxing out the processor.  The mailserver is running Merak mail software and appears to have pirated the control.exe file from the mailserver?  (However, the mailserver runs but has given multiple PHP errors over the last week and is running VERY slow.)  I have run multiple searches for the dfind or hacktool files but am unable to locate them or to find what files that they may have launched in order to initiate the port scans.  Hijackthis logs didn't show anything too suspicious.  Help?  What will make this stop!!
ASKER CERTIFIED SOLUTION
Computron

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros