Questions

Trojan: nextpart smtp relayer

Tags:
+
0 Votes
Locked

Trojan: nextpart smtp relayer

zablan
Help! Does anyone have info on this and if so, how do you remove it? It caused us to be blacklisted.
  • +
    0 Votes
    Dr Dij

    from faked return addresses. Only by one particularly dumb list guy who didn't verify the rec'd from server with my ISP. outgoing email is locked down tight, and in fact no one has ever sent out email from my domain, they just forge the return address to look like it.

    However in your case, you probably have a problem. There's plenty of info on closing open relays on email servers. Our work domain was hacked and someone started sending out massive amounts of email. Only reason we noticed was running too slow.

    That was a unix sendmail server. Sounds like you have a trojan, so probably windoze. Isolate it, is it on a server or PC? you need to get software to prevent this, and check logs, etc. update patches..

    for one or two PCs is pretty easy, you de-spyware them, maybe zone alarm or other firewall to check outgoing messages.

    blacklist sites will put you back once you convince them you are blocking the spam. You just need to contact them.

    Time for a corporate anti-spyware suite, can't hurt to scan all PCs regularly, and lock down as much as you can. free software blocks registry changes, tea-timer in adaware or javacool spybot , search & destroy.. zillions of anti-spyware pgms.

    you can scan free online at:
    trendmicro.com their online housecall
    and
    safety.live.com (microsoft online scan)
    use multiple detectors; cheap pgms are available that have screen based settings to lock many pc functions, including blocking activex, activescripting..

    surf control software blocking spyware sites will help. mcafee siteadvisor shows but does not block bad sites. (free plugin)

    Remember work PCs are not the employees personal property. Any stupid stuff they do by getting spyware will only make your life miserable and your companies productivity plummet. Dont give web access to everyone. Chances are a whse clerk will use your ERP system but has no biz reason to browse at work.

    +
    0 Votes
    zablan

    We pulled the pc off the network once we discovered it was the culprit....I just wanted to find more information out....What I was really curious about was why Symantec didn't pick up the trojan....

    SpySweeper & Adaware actually found it.....

    Thank you! Happy Holidays!
    Lori

    +
    0 Votes
    Dr Dij

    the spyware people do things like mutating the reg key, changing exe names, size, etc. see recent computerworld article about kapersky's problems creating signatures. They have 700 people doing this and still slip thru.

    I guess that's why the better approach can be to lockdown registry changes, block suspect sites, filter email, etc; and I'd think services like brightmail, messagelabs would be better at this than any company could do in house.

    Sad how easy it is to subvert windows.
    I temp. turned off activex in browser, and now sites like eweek and networkcomputing ping me with message box saying 'site may not display correctly, activex is off'.

    Huh? computerworld manages without activex. Maybe it's the ads. But others claim to be infected regulary by ad rotators.

    I even go some a**h*** computer security software company sending me an EMAIL with ACTIVEX!!

    Don't think I'd buy anything from them :)

    It seems like the whole PC industry is 'immature' in terms of security.

  • +
    0 Votes
    Dr Dij

    from faked return addresses. Only by one particularly dumb list guy who didn't verify the rec'd from server with my ISP. outgoing email is locked down tight, and in fact no one has ever sent out email from my domain, they just forge the return address to look like it.

    However in your case, you probably have a problem. There's plenty of info on closing open relays on email servers. Our work domain was hacked and someone started sending out massive amounts of email. Only reason we noticed was running too slow.

    That was a unix sendmail server. Sounds like you have a trojan, so probably windoze. Isolate it, is it on a server or PC? you need to get software to prevent this, and check logs, etc. update patches..

    for one or two PCs is pretty easy, you de-spyware them, maybe zone alarm or other firewall to check outgoing messages.

    blacklist sites will put you back once you convince them you are blocking the spam. You just need to contact them.

    Time for a corporate anti-spyware suite, can't hurt to scan all PCs regularly, and lock down as much as you can. free software blocks registry changes, tea-timer in adaware or javacool spybot , search & destroy.. zillions of anti-spyware pgms.

    you can scan free online at:
    trendmicro.com their online housecall
    and
    safety.live.com (microsoft online scan)
    use multiple detectors; cheap pgms are available that have screen based settings to lock many pc functions, including blocking activex, activescripting..

    surf control software blocking spyware sites will help. mcafee siteadvisor shows but does not block bad sites. (free plugin)

    Remember work PCs are not the employees personal property. Any stupid stuff they do by getting spyware will only make your life miserable and your companies productivity plummet. Dont give web access to everyone. Chances are a whse clerk will use your ERP system but has no biz reason to browse at work.

    +
    0 Votes
    zablan

    We pulled the pc off the network once we discovered it was the culprit....I just wanted to find more information out....What I was really curious about was why Symantec didn't pick up the trojan....

    SpySweeper & Adaware actually found it.....

    Thank you! Happy Holidays!
    Lori

    +
    0 Votes
    Dr Dij

    the spyware people do things like mutating the reg key, changing exe names, size, etc. see recent computerworld article about kapersky's problems creating signatures. They have 700 people doing this and still slip thru.

    I guess that's why the better approach can be to lockdown registry changes, block suspect sites, filter email, etc; and I'd think services like brightmail, messagelabs would be better at this than any company could do in house.

    Sad how easy it is to subvert windows.
    I temp. turned off activex in browser, and now sites like eweek and networkcomputing ping me with message box saying 'site may not display correctly, activex is off'.

    Huh? computerworld manages without activex. Maybe it's the ads. But others claim to be infected regulary by ad rotators.

    I even go some a**h*** computer security software company sending me an EMAIL with ACTIVEX!!

    Don't think I'd buy anything from them :)

    It seems like the whole PC industry is 'immature' in terms of security.