Rebuild server is better.. Anyway, you can identify bogus processes or what apps are opening what port with free tols from www.sysinternals.com http://www.sysinternals.com/Utilities/ProcessExplorer.html http://www.sysinternals.com/Utilities/TcpView.html
Then you should be able to identify an kill/delete the files of those procceses/virus/trojans.. It requires a fair knowledge of the files used by windows to run, but that is information readily available, on the internet.. It worked for me. Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Monday, February 06, 2006 9:24 AM To: [email protected] Subject: RE: [IMail Forum] URGENT/CRITICAL: Virus opening port 3388 I have to agree. We rebuild servers whenever there is any indication of a hack. Better safe than sorry. -DH -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matti Haack Sent: Monday, February 06, 2006 10:57 AM To: groups Subject: Re: [IMail Forum] URGENT/CRITICAL: Virus opening port 3388 As your computer is compromised, you should: - backup your system - export imails portion of the registry - backup the imail directorys - rebuild the machine completly (kill all partitions) - copy back the imail folder and registry - reinstall imail (maybe they compromised some files) otherwise you will never be shure that ther is not anything hidden and waiting on the machine... If you like to do some forensic stuff before, don't shut the system down. Matti > Got a virus on a mail server killing me here. > AVG and Fprot can not find it. > It sends 4k emails as soon as the SMTP service is started on the mail server. > Blocking port 3388 seems to reduce the amount, but doesn?t nail is. > Any ideas, help, URLS is MUCH appreciated. > Dave > ----------------------------------- > |Beach Computers | > |Affordable Hosting Solutions | > |http://www.beachcomp.com | > =================================== > |Cheap Domain Warehouse | > |Get Your Own Dot! | > |http://www.cheapdomainwarehouse.com| > ---------------------------------- > ------------------------------------ > Disclaimer and confidentiality note: > The contents of this communication are intended/meant only for > addressee(s) and may contain information that is privileged or otherwise confidential. > If you are not the intended recipient you are hereby notified that any > disclosure, copying, distribution or taking any action in reliance on > the > contents of this information is strictly prohibited and may be unlawful. > The contents of this e-mail shall not be forwarded to any third party. > If you have received this electronic mail transmission in error, > please delete > it from your system without copying or forwarding it, and notify the > sender of the error by reply email, so that the sender's address > records > can be corrected. > Views and opinions are solely those of the sender unless clearly > indicated as being that of Beach Computers or any of it's affiliated companies. > Beach Computers cannot assure that the integrity of this communication > has been maintained or that it is free of errors, virus, interception > or interference. > ________________________________________________________________ > This message was sent via the free WebMail system at beachcomp.com. > beachcomp.com is hosted on a Beach Computers web hosting mail server. > Beach Computers web hosting does not condone unsolicited messages. > Please visit http://www.beachcomp.com/TOS.asp for details. > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ - Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-22 Fax: +49 851 50477-29 http://www.haack-it.de Dieses Dokument ist ausschliesslich fuer den Adressaten bestimmt. Jegliche Art von Reproduktion, Verbreitung, Vervielfaeltigung, Modifikation, Verteilung und/oder Publikation dieser E-Mail-Nachricht ist untersagt, soweit dies nicht ausdruecklich genehmigt wurde. Jegliche Haftung fur Ansprueche, die aufgrund der Kommunikation per E-Mail begruendet werden koennten, ist ausgeschlossen, soweit der Haftungsausschluss gesetzlich zulaessig ist. -- Ausgehende E-Mail wurde auf Viren gescannt -- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
