Re: [Declude.Virus] Stranger...

[Matt]

Search the server for CMD and VBS files would be a good place to start.  Maybe search for EXE's and order by date as well.   It appears that you have been hacked and someone is using your server for a spam campaign.  If you host Web sites on the same server, it's possible that someone just simply placed a script in their site, in which case ASP, Perl, PHP and other scripting languages would be likely candidates as well.  I suppose that someone could exploit a server and remotely run an executable in this fashion as well, and firewalling all but the necessary ports is highly advised. Matt serge wrote: i know imail1 is a command line mailer but how do i find what i causing the imail 1 window to be open and filed with all these adresses ? see attached gif     ----- Original Message ----- From: Darin Cox To: [EMAIL PROTECTED] Sent: Monday, June 07, 2004 10:21 PM Subject: Re: [Declude.Virus] Stranger... Does this shed any light?   http://support.ipswitch.com/kb/IM-19980119-DD10.htm Darin.     ----- Original Message ----- From: Serge To: [EMAIL PROTECTED] Sent: Monday, June 07, 2004 3:55 PM Subject: [Declude.Virus] Stranger... hi all urgent help needed I have imail1 client window ("create mail message") pop up on my server with all kind of real and strange addresses in the TO: and CC: Fields. The windows remains open on the server desktop. Is this a virus ? how can i identify the service/virus/application causing this ?   TIA -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================

<<image/gif>>