Question

Locked

Spamware

By C F USA ·
I had a bout with someone infecting a computer with spyware, cleaned it up, was happy. This particular machine as far as I can tell is 100% clean.

Here is my problem.

*EDIT HERE: It is pushing out on our Mail IP, if that makes a difference*

there are 30+ other computers in this building and one or more of them are putting out spam mail. Am looking for any ideas that could help me from trying to determine which of the pc's are causing the problem

The current plan is to go through every PC with MBAM and see what I can find. Any other tools I should use for this project?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

also try

by PurpleSkys In reply to Spamware

spybot search and destroy as it picks up other things that malwarebytes may miss...I would also scan with a good A/V...I would also run all these programs in safe mode

Collapse -

30 PCs and no firewall? <NT>

by Kenone In reply to Spamware
Collapse -

Firewall...

by C F USA In reply to 30 PCs and no firewall? ...

Honestly, and understand my position of being in the dark with the network, I don't know.

Without going into detail, and not really wanting the arguement, I DO know the importance of a firewall but not certain they have a hardware firewall, and if they did if its even set up.

I personally have a hardware AND software firewall at my residence. I block ports, allow nothing in or out unless I give it the greenlight.

This however is not my network, but it is becoming increasingly my problem.

As far as I know, the last IT guy supposedly handled this. But considering some of what I have found on various machines in the last 6 months or so, I really don't think he did anything but cover up problems or put bandaids on a leaking pipe. This is the same guy who bought PC's with Office on them only to discover (and never tell anyone) that they were trial copies. Guess that "Great deal" wasn't so great. But I digress.

I am not the IT guy, I am the one they ask to check for viruses/spyware on a machine when they see it going down. The one who will replace a hard drive, upgrade RAM, etc...

I have already requested information on the server/router/etc in the building so I can get them on the right track either through a tech service, or stepping up to the job myself and taking on additional responsibilites, with hopefully some sort of additional benefit other than the headaches.

Collapse -

couple ideas...

by ---TK--- In reply to Spamware

you could use wireshark to sniff the network, once you find the IP's that causing the SPAM, you then go after those PC's.

If your determined to scan every PC, you could create a list of PC names or IP's in a .txt and use psexe.exe (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to push out the exe to all the PC's in the list, after some testing you could also install the program with psexe.exe (behind the scenes), and then run it, and have the program output a .txt with its findings to a share...

Malwarebyte complete command line switch list
http://www.technibble.com/forums/showthread.php?t=5763

added: I work hard to be lazy :)

Collapse -

Thanks, another question

by C F USA In reply to couple ideas...

I edited my OP to add that I am looking for something that is pushing out emails through our email server, does that make a difference?

Collapse -

No problem :)

by ---TK--- In reply to Thanks, another question

I just started using the psexe.exe utility not to long ago... Its really handy, well all the Sysinternals utilities are great. They really save you a whole mess of time once you get comfortable with them.

Collapse -

So.... (bump)

by ---TK--- In reply to Thanks, another question

The maleware/virus, is using your exchange server to push out mass emails?

I would use wireshark or some packet sniffer, and sniff for only IMAP, POP, or SMTP protocols... depending on which one you use for your mail... Find the IP that is generating a whole mess of (that protocol) traffic. Then go to that PC, and do your thing.

Note: I have never had the pleasure of tracking down something like this, so my suggestion is only based off of speculation. If another member of TR has a better idea feel free to post up.

Collapse -

Hopefully...

by C F USA In reply to So.... (bump)

I can get it figured out, will have to wait till next week however (as unfortunate as it is since they won't get someone else in here) since my better half is in the hospital now JOY! The hits keep on rolling :)

I will try wireshark when I get back, the manuals will give me something to read. Worse case scenario I will hire a team of ninjas to steal all the computers and ...wait..dreaming again sorry.

Thanks again for the help so far TK

Back to Malware Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums