GregMcL
asked on
I think I have a mass mailer on my server, how do I find it and disable it
I think I have a mass mailer virus/bot on my system. I know this because I recieve replys to emials I haven't sent.
Typically it will look like this
Your message did not reach some or all of the intended recipients.
Subject: Better sex with organ pills
Sent: 8/27/2010 3:04 PM
The following recipient(s) cannot be reached:
Greg McLandsborough on 8/27/2010 3:03 PM
The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
< franklin.ultrafast.com.au #5.1.0 SMTP; 554 5.1.0 Sender Denied>
I also occasionally recieve Out of office replys from my contacts in my address book, to whom I have not sent an email.
I have a static Ip and use Exchange for my email system, and have 5 PC running of the Server. I have Trend Micro set up as a virus scanner.
Can anyone give me some advice on how to stop these virus/bots etc
Typically it will look like this
Your message did not reach some or all of the intended recipients.
Subject: Better sex with organ pills
Sent: 8/27/2010 3:04 PM
The following recipient(s) cannot be reached:
Greg McLandsborough on 8/27/2010 3:03 PM
The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
< franklin.ultrafast.com.au #5.1.0 SMTP; 554 5.1.0 Sender Denied>
I also occasionally recieve Out of office replys from my contacts in my address book, to whom I have not sent an email.
I have a static Ip and use Exchange for my email system, and have 5 PC running of the Server. I have Trend Micro set up as a virus scanner.
Can anyone give me some advice on how to stop these virus/bots etc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is it possible to verify the security of my system ?
I'll repeat:
What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.
I assume you understand that appropriate anti-malware software means anti-virus and anti-rootkit software that you should have handy and be able to download from various anti-virus sites.
What you can do is VERIFY that your server is clean - run appropriate anti-malware software to perform a scan, check for unknown services and processes, search for rootkits on the server, and run the mail server check at www.mxtoolbox.com.
I assume you understand that appropriate anti-malware software means anti-virus and anti-rootkit software that you should have handy and be able to download from various anti-virus sites.
Take your network off the internet (off of business hours, assuming a business network?) and see if the bounced emails continue. As Leew said, use mxtoolbox.com and see if you have any blacklist records, that will be a pretty clear cut answer for you.
If you have a smart switch, monitor port 25 on your server's switch port.
If you have a smart switch, monitor port 25 on your server's switch port.
Get multiple virus scans running on each machine and your server (combofix, malwarebytes, panda activescan to name a few) to clean them out.
I reccommend dropping in a filtering box such as Untangle to control your internet traffic. They have some pretty good spam and spyware/virus guarding, but you get what you pay for. (is free but only so good until you pay for other options)