Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Theres A Zombie In The House...


  • Please log in to reply
2 replies to this topic

#1 v8bertha

v8bertha

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 18 December 2006 - 05:00 AM

Hi there,

I look after a network here at work with about 25 pc's connected to it. I'm not an IT pro or anything like that, it's just that I'm the one who seems to know most about this sort of stuff :thumbsup:

Anyway, last week I got an email from our ISP saying that they had noticed spam being sent from our IP address. Our IP address is also being listed on several spam Black lists, such as http://cbl.abuseat.org We have our own mail server which we have had checked out, and it's all ok, not being used as a relay or anything like that. I have a network licence for AVG on all pc's and they are all up to date and clean. I've also installed ad-aware on a few pc's and they are only reporting things like Alexa, which I believe is something to do with IE6, so not too worried about that.

I have been using the network connection status as an indication of which machine may be infected, if the sent number is massively bigger than the recieved number, then I've been running full scans in safe mode. But I've still not found any infections!

Does anyone have any helpful hints/advice about how to identify which PC on the network may be sending out the spam? Is there a simple utility that can monitor network traffic to identify which may be sending stuff out on Port25?

I really am at a loss as to what to do next other than shut every machine down and turn them on only after running a full scan on each, but obvoiusly the boss ain't gonna be overly keen on this idea!!
So any help would be muchly appreciated! :flowers:

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,702 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:35 AM

Posted 18 December 2006 - 11:14 PM

What firewalls are installed?

Do you use an e-mail client? If so, which one? Outlook, Thunderbird etc.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 December 2006 - 11:05 AM

hello, Icame across this article and I feel it may help. Tho scans are neccesary.

Remove bots from your system -- a four-step process
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users