Network Computer sending spam

I had an infected computer on a network I monitor that was sending spam.  I have cleaned the computer using a varity of tools but the spam is still being sent so I think I have another less obvoius infected computer.  I have run the d.exe from symantec on all the computer to look for the conflicker virus and they were all clean.  Does anyone know away to determin what computer is doing this?


Nancy VillaDirector of ITAsked:
Who is Participating?
MesthaConnect With a Mentor Commented:
If you are seeing the messages on your Exchange server then I can pretty much guarantee the problem is not inside your network. The Exchange server is being abused directly.
It isn't clear where you are seeing the spam messages.

On your firewall enable logging of Port 110 traffic Would probably be the fastest without needeing sniffers. It will also help you catch users running Outlook Express to check their personal accounts another source of virus access.

Happy hunting.
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Disable authenticated relay to stop this and enable logging to find the culprit PC.

Check for steps (towards the end).

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Nancy VillaDirector of ITAuthor Commented:
I have diabled authenticated relay and enabled the logging, what do I look for, the log file contains a bunch of external ip addresses.
Nancy VillaDirector of ITAuthor Commented:
I am seeing it on my exchange server but my relays are all turned off, unless there is another way for them to do it?
If you are seeing the messages in the queues then it is almost certainly NOT a compromised machine on your network.
After changing your settings did you restart the SMTP server service?
Have you cleaned up the queues at all? ESM is notorious for not showing the true extent of the message queues when the machine has been abused.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.