Richard,
Bad news. When a virus has turned your server into a proxy, you have
likely been root-kitted and there is generally no way to reliably remove
a good root-kit. Reformating and rebuilding the server is generally the
best way to proceed. Even Microsoft has recommended at times that this
is the proper course of action.
All of the information on that server is now also comprised. If you
have other servers, you need to change all of the administrative
passwords. Generally these things are just used as spam proxies, but
the sky is the limit with your data.
There is also a decent chance that you were hacked by way of a
vulnerability in your older version of IMail. It is unsafe to use any
version of IMail before 8.22 plus the recent hotfix unless you are fully
proxied and protected by a firewall.
Good luck,
Matt
Richard Farris wrote:
Since 10/06/06 I have been fighting a virus on my mail server...was
not too concerned about it until last week when it evidently helped me
get blacklisted with spamcop, spamhause, UBL and some others....can
anyone tell me how to get rid of it...I have tried everything to no
avail....
The virus is putting "a.exe" and ".exe" in the winnt\system32 folder
and or the C:\ drive
Also it has 1x32.exe or 2X32.exe or 0X32.exe running in the Task
Manager and it installs Numeric file in Registry...
It also puts files like Hub101bl in the Internet.IE5 folder in
Temporary Internet Files...
Spamcop said I had a proxy virus that is sending out emails..maybe
thru forms on server as this is my web server also..don't understand
that but I don't doubt it....
I have made a temporary solution by relaying mail to a server that is
not listed and so far in the past week it is OK...but
the 65.240.164.10 server keeps getting blacklisted by one or more
lists..I have declude hijack and have locked the server down by
requiring all customers to go to server authentication..I thought that
would stop it....NOT
I can clean the server completely with F-Prot then Trojan Hunter and
the next moring it is all back and I have to try to do the same thing
over...sometimes the server will stay clean for days and sometimes
just a few minutes...it is driving me crazy....anyone else out there
ever experience this and if so how did you fix it...
Many of my google serches have brought up Chinese web sites which may
be the source....I am not sure..
This web site has a very good description of what I am seeing but has
not helped me..
http://translate.google.com/translate?hl=en&sl=de&u=http://www.pc-magazin.de/internet/cm/virenecke/show_sophos.php%3Fid%3D3570&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3D2x32.exe%2Bvirus%26hl%3Den%26lr%3D
<http://translate.google.com/translate?hl=en&sl=de&u=http://www.pc-magazin.de/internet/cm/virenecke/show_sophos.php%3Fid%3D3570&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3D2x32.exe%2Bvirus%26hl%3Den%26lr%3D>
If you need anymore info let me know and if you thing you can help I
will email you directly...
Richard Farris
Ethixs Online
1.270.247.5555 Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"
