Jamestechman
Tue Mar 18 13:58:49 CDT 2008
Is there any header information from these SPAM messages? If so are
they coming from same IP? If yes; remove the host or block the IP in
the SMTP virtual server.
James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com
On Mar 17, 4:46=A0pm, ulyses_96 <ulyse...@discussions.microsoft.com>
wrote:
> I changed the password on the account and it still sent emails.
> in fact now it is using more than one account to send emails...
> Please help i think this hacker installed some kind of script or something=
> running right in my server.
> also today i saw the inetinfo.exe process take a lot of CPU time and readi=
ng
> online it says that this might be caused by a virus masquerading as the
> inetinfo.exe process. =A0
> there are thousands of spam emails being generated from these accunts ..
> even after reseting their password.. please help!!!
> --
> ulyses96
>
>
>
> "ulyses_96" wrote:
> > Yes i have that checked... i have disabled the account for the weekend a=
nd i
> > will check on monday to see if anymore spam was generated . then i'll re=
set
> > the password. .. =A0 i hope that helps. =A0presently im checking the OWA=
logs to
> > see if possibly it was someone logging in from the outside using OWA...
>
> > --
> > ulyses96
>
> > "John Oliver, Jr. [MVP]" wrote:
>
> > > Anything is possible, have you scanned the local computer for Spyware/=
adware
> > > as well as Virus? =A0Possble someone has hijacked a user account, =A0u=
nder SMTP
> > > Virtual-Properties-Relay Tab, do you have 'allow those computers that
> > > successfull..." checked?
>
> > > --
> > > John Oliver, Jr
> > > MCSE, MCT, CCNA
> > > Exchange MVP 2008
> > > Microsoft Certified Partner
>
> > > "ulyses_96" <ulyse...@discussions.microsoft.com> wrote in message
> > >news:568792EB-D70C-417C-8A3D-31A88BE0B268@microsoft.com...
> > > > So you do not think it is being sent from an email in the inbox itse=
lf?
> > > > How do i know if it's being sent from the inbox residing on the serv=
er
> > > > itself?
>
> > > > --
> > > > ulyses96
>
> > > > "John Oliver, Jr. [MVP]" wrote:
>
> > > >> Have you tried disabling the account temporarily to see if it resid=
es?
> > > >> Worse case, reset the password on the account.
>
> > > >> --
> > > >> John Oliver, Jr
> > > >> MCSE, MCT, CCNA
> > > >> Exchange MVP 2008
> > > >> Microsoft Certified Partner
>
> > > >> "ulyses_96" <ulyse...@discussions.microsoft.com> wrote in message
> > > >>news:6949F235-33F6-4736-A886-1FCAF500BDE1@microsoft.com...
>
> > > >> > My problem is this:
>
> > > >> > i have detected a high amount of spam messages originating from w=
ithing
> > > >> > my
> > > >> > LAN. =A0i traced it back to a specific account. This is a legit a=
ccount
> > > >> > in
> > > >> > my
> > > >> > organization. =A0Thinking it was a spam bot on the users station =
i had
> > > >> > the
> > > >> > station turned off and replaced with a different machine. =A0 How=
ever,
> > > >> > today
> > > >> > spam was being sent from that account again. =A0 What can i do to=
trace
> > > >> > this
> > > >> > problem and where could it be coming from since the other machine=
is
> > > >> > turned
> > > >> > off?
>
> > > >> > by the way all the spam messages appear in the sent item folder i=
n
> > > >> > outlook.
>
> > > >> > Please help
>
> > > >> > --
> > > >> > ulyses96- Hide quoted text -
>
> - Show quoted text -