• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Help with Virus Problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Help with Virus Problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
Help with Virus Problem - 25.May2004 10:04:00 PM   
tsc2000

 

Posts: 3
Joined: 25.May2004
From: florida
Status: offline
Exchange 2000 Enterprise on a 2000 Advanced server, all MS updates are up to date. SP4 etc.

Have Norton Antivirus running it caught Netsky at one time and cleaned it up, I ran Fixnetsky from norton and it says the server is clean.

The problem is I'm getting thousands of e-mails into the outbound queue file and the same amount going into bad mail, yet nothing show any virus present on that server.

I've checked other servers with Norton with the latest and greatest, also they all have patches up to date.

Nothing is showing a virus anywhere "[Confused]" but it's got to be there as we don't have thousands of messages "[Mad]" going out on viagra etc.

Any help appreciated on where to look.
Post #: 1
RE: Help with Virus Problem - 25.May2004 10:48:00 PM   
Guest
We are experiencing the same problem.
Have Exchange 2000 on Win2000 Server all service pack and rollups on both.

Using Trend Micro and ISA Firewall.

Our SMTP Virtual server has 'relay' allowed for only listed IPs.

Receiving hundreds of queued message and bad mail is consuming our resources.

(in reply to tsc2000)
  Post #: 2
RE: Help with Virus Problem - 30.May2004 3:07:00 PM   
cgcsa

 

Posts: 3
Joined: 18.May2004
From: Quebec Canada
Status: offline
Running an exchange 2000 for 14 months NEVER REBOOTED except to do updates.

All updates done.

May 9th first time IIS services go down, pop goes down, smtp goes down, mailstore goes offline.

Re-boot everything comes up OK.
Norton not finding anything unusual.

During following week we experience 6 more instances.

May 15th we scan from another computer and detect hxdef100.exe and hxdefdrv.sys
Norton quarantines the .sys file wants to remove the .exe but cannot.

We research this file "Backdoorhackdefender"
This is a very nasty virus and may be more prevalent that known. It can hide itself and hide files. see www.webroot.com

We still have not succeeded in removing the package hxdef100.exe

We are still experiencing "sudden" instances of IIS services going down. We don't know if they are correlated. We don't know what brings the IIS service down (no sasser found).

We have no relays and we only allow ssl access to this machine.

Any comments/similar situations?

(in reply to tsc2000)
Post #: 3
RE: Help with Virus Problem - 1.Jun.2004 9:31:00 PM   
ajhugo

 

Posts: 312
Joined: 6.May2004
From: Indianapolis, Indiana, US
Status: offline
have all your clients been scanned for viruses?

from your post is sounds as if only the servers were scaned which leads me to beleive it is most likley a client that is infected and sending the e-mails not the server.

[ June 01, 2004, 09:32 PM: Message edited by: ajhugo ]

(in reply to tsc2000)
Post #: 4
RE: Help with Virus Problem - 1.Jun.2004 9:34:00 PM   
tsc2000

 

Posts: 3
Joined: 25.May2004
From: florida
Status: offline
quote:
Originally posted by ajhugo:
have all your clients been scanned for viruses?

from your post is sounds as if only the servers were scaned which leads me to beleive it is most likley a client that is infected and sending the e-mails not the server.

Yes and I found nothing on any computer client or server.

Finally blew the Exchange server away and reinstalled. The virus is apparantly gone

(in reply to tsc2000)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Help with Virus Problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter