I think I have a mass mailer on my server, how do I find it and disable it

I think I have a mass mailer virus/bot on my system. I know this because I recieve replys to emials I haven't sent.

Typically it will look like this


Your message did not reach some or all of the intended recipients.

      Subject:      Better sex with organ pills
      Sent:      8/27/2010 3:04 PM

The following recipient(s) cannot be reached:

      Greg McLandsborough on 8/27/2010 3:03 PM
            The e-mail address could not be found.  Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address.  Check the address and try again.
            < franklin.ultrafast.com.au #5.1.0 SMTP; 554 5.1.0 Sender Denied>

I also occasionally recieve Out of office replys from my contacts in my address book, to whom I have not sent an email.

I have a static Ip and use Exchange for my email system, and have 5 PC running of the Server. I have Trend Micro set up as a virus scanner.

Can anyone give me some advice on how to stop these virus/bots etc
GregMcLAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
You are MOST LIKELY misunderstanding.  ANYONE can send an e-mail message and CLAIM it's from you're e-mail address.   Many malicious programs will simply grab a "random" e-mail address and stick it into the "from" field.  They could get the address from a person's address book of which you are a contact or a random list from somewhere else.  There is virtually nothing you can do about these bounce messages.What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.You can also review the headers of the e-mail messages for any clue that your mail server actually sent the message (probably, the only reference you'll have to your mail server is a message that it received the bounce message).
0
 
jtokarchukCommented:
Get your network off of the internet to start with. You are probably going to end up SMTP blacklisted. (www.spamhaus.org)

Get multiple virus scans running on each machine and your server (combofix, malwarebytes, panda activescan to name a few) to clean them out.

I reccommend dropping in a filtering box such as Untangle to control your internet traffic. They have some pretty good spam and spyware/virus guarding, but you get what you pay for. (is free but only so good until you pay for other options)
0
 
GregMcLAuthor Commented:
Is it possible to verify the security of my system ?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I'll repeat:
What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.

I assume you understand that appropriate anti-malware software means anti-virus and anti-rootkit software that you should have handy and be able to download from various anti-virus sites.  
0
 
jtokarchukCommented:
Take your network off the internet (off of business hours, assuming a business network?) and see if the bounced emails continue. As Leew said, use mxtoolbox.com and see if you have any blacklist records, that will be a pretty clear cut answer for you.

If you have a smart switch, monitor port 25 on your server's switch port.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.