Computer Virii
Thread Starter
|
Senior Member
Joined: Mar 2000
Posts: 481
Likes: 0
From: Westminster, CO
Computer Virii
So One of the 60 computers here in my office has a virus? How do I know this? Because we're getting a bunch of returned email that makes it quite obvious one of the machines is emailing out a bunch of SPAM. The problem is, that the From: field is modified so I can't tell which computer is sending the emails. Suggestions?
Senior Member
Joined: Jul 2006
Posts: 242
Likes: 0
From: Phoenix
Header IP is a good shot.
It could be an outside computer that knows you, who is using your address as a return address.
Update all virus defs and run scans.
Check mail server logs to see where they are coming from and block that IP for a day or two (if it's from India or something).
It could be an outside computer that knows you, who is using your address as a return address.
Update all virus defs and run scans.
Check mail server logs to see where they are coming from and block that IP for a day or two (if it's from India or something).
Senior Member
Joined: Mar 2004
Posts: 1,336
Likes: 1
From: Your moms house
Originally Posted by bluejay432000
Unplug the machines one at a time till it quits coming back.
P. S. As much junk as you do on the net, I would start with yours!
P. S. As much junk as you do on the net, I would start with yours!
That's what we call "process of elimination". It's a looong process, but it works. I wouldn't recommend that to anyone, but if push comes to shove.....
Trending Topics
Senior Member
Joined: Mar 2004
Posts: 1,336
Likes: 1
From: Your moms house
Originally Posted by henkyjenky
Header IP is a good shot.
It could be an outside computer that knows you, who is using your address as a return address.
Update all virus defs and run scans.
Check mail server logs to see where they are coming from and block that IP for a day or two (if it's from India or something).
It could be an outside computer that knows you, who is using your address as a return address.
Update all virus defs and run scans.
Check mail server logs to see where they are coming from and block that IP for a day or two (if it's from India or something).
True.
Keep in mind, the IP address will only give you the "Whois" of the IP owner (***, Comcast, Cebridge, Suddenlink, etc). Now, if the IP is a static, and has a reverse set, then maybe. A packet sniffer will show you what Work station is the one with the virus...bandwidth usage. It's best to check after hours also.
Thread Starter
|
Senior Member
Joined: Mar 2000
Posts: 481
Likes: 0
From: Westminster, CO
Will a packet snifer work in my situation?
All network computers run to three Cisco routers. Our DSL modem also runs to one of the routers. A Windows 2000 Server establishes IP addresses but the Internet should work without that server in the loop. Where would I install a sniffer?
I did get header info from one of the replies; it was not helpful as we all have the same IP address as far as the external world is concerned.
All network computers run to three Cisco routers. Our DSL modem also runs to one of the routers. A Windows 2000 Server establishes IP addresses but the Internet should work without that server in the loop. Where would I install a sniffer?
I did get header info from one of the replies; it was not helpful as we all have the same IP address as far as the external world is concerned.
Senior Member
Joined: Mar 2004
Posts: 1,336
Likes: 1
From: Your moms house
Originally Posted by UrbanCowboy
Will a packet snifer work in my situation?
All network computers run to three Cisco routers. Our DSL modem also runs to one of the routers. A Windows 2000 Server establishes IP addresses but the Internet should work without that server in the loop. Where would I install a sniffer?
I did get header info from one of the replies; it was not helpful as we all have the same IP address as far as the external world is concerned.
All network computers run to three Cisco routers. Our DSL modem also runs to one of the routers. A Windows 2000 Server establishes IP addresses but the Internet should work without that server in the loop. Where would I install a sniffer?
I did get header info from one of the replies; it was not helpful as we all have the same IP address as far as the external world is concerned.
I sent you a PM...
Senior Member
Joined: Apr 2005
Posts: 3,009
Likes: 0
From: In a van down by the river
We have the same problem here. I wish out IT department would start working on it like you are working on yours.
It's a real pain in the **** getting Viagra and other herbal emails every day or hearing how some rich guy in Africa left me his life savings.
Duke
It's a real pain in the **** getting Viagra and other herbal emails every day or hearing how some rich guy in Africa left me his life savings.
Duke
Senior Member
Joined: Mar 2004
Posts: 1,336
Likes: 1
From: Your moms house
Originally Posted by F150 Duke
We have the same problem here. I wish out IT department would start working on it like you are working on yours.
It's a real pain in the **** getting Viagra and other herbal emails every day or hearing how some rich guy in Africa left me his life savings.
Duke
It's a real pain in the **** getting Viagra and other herbal emails every day or hearing how some rich guy in Africa left me his life savings.
Duke
Is this a personal email you get that trash in, or is it your Corp email acct?
Senior Member
Joined: Mar 2004
Posts: 1,336
Likes: 1
From: Your moms house
Originally Posted by henkyjenky
You're having a different problem.
If you want your SPAM to go away, give IT a bunch of money to purchase, setup, and tune a good filter.
If you want your SPAM to go away, give IT a bunch of money to purchase, setup, and tune a good filter.