• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Virus Causing Spam!?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Virus Causing Spam!? Page: [1]
Message << Older Topic   Newer Topic >>
Virus Causing Spam!? - 11.Jul.2003 3:27:00 PM   


Posts: 1
Joined: 11.Jul.2003
From: Texas
Status: offline
This is not an Exchange server issue but I was hopeing there would be security experts that would have been through or know what I am dealing with. I think it is an IIS issue.

I have Server 2003 from a MS release show. I have the basic IIS 6.0 services running to allow the server to be an email server that comes with server 2003 (POP and SMTP). I'm using Apache 2.0.44 for my web server. I was doing homework and noticed my router had a lot of traffic. The amount of traffic prompted me to check to see who was on my FTP (Serv-U but no one was logged in. I did netstat -n and found a lot of IPs connected via port 25. I stopped my Virtial SNTP server and then ran netstat -n again and the connections were gone. The instant I restart my Virtual SNTP server the range of IPs start appearing again and the range of IPs gets bigger the longer I leave my server up.

I ran a virus scan (twice) with the latest deffinitions but nothing is found. I searched on suspicous executables in the Process tab in Task Manager and msgsrv.exe comes up as a possible virus (W32.Entangle.Worm and Backdoor.Ohpass) but I verified that my virus scanner checks for those viruses. It also appears to be a necissary process for email servers. I found the W32.Nimda.E@mm virus was detected with real time protection on a workstation box and was quarantined but it was also found during a manual scan in the same file (on the same workstation) but it was left alone. I have since deleted the file but the fact that it found them still shows up in the virus histories. W32.Nimda.E@mm is not found on any of my other boxes including the server.

I have contenplated reinstalling my server to get rid of the virus but if it is a virus I would have to reinstall all of my boxes and worse lose all of my data (assuming it sent itself to the network shares).

Any help suggestions would be greatly appreciated.

Post #: 1
RE: Virus Causing Spam!? - 17.Jul.2003 4:51:00 PM   
Randy Temple


Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline
Please please please do not reformat your machine. Go to symantec site and see how to remove the virus from you machine. Many of the viruses today once on your network will disable you virus software on your machine. Many of the virus once in will attach to a share on your network. DO you have any type of virus monitoring. If not you probably do not know how many machines this has attacked. YOu may have to go to each machine unplug it fromt he network and do the virus check if clean keep it to the side do not plug it back on the network until you know you have the virus quartined. i run Groupshild for exchagne that scans every email that is sent to me i also run macafee ASAp that monitors all of my machines and notifys me if anything has appeared on the network. What i would do is go to symantec site download the white paper on how to remove the nimda and the other viruses.

(in reply to shawn0p)
Post #: 2
RE: Virus Causing Spam!? - 17.Jul.2003 5:06:00 PM   
Randy Temple


Posts: 158
Joined: 1.Aug.2002
From: Michigan
Status: offline

(in reply to shawn0p)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Virus Causing Spam!? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter