So One of the 60 computers here in my office has a virus? How do I know this? Because we're getting a bunch of returned email that makes it quite obvious one of the machines is emailing out a bunch of SPAM. The problem is, that the From: field is modified so I can't tell which computer is sending the emails. Suggestions?

 

Nice sig UC. Where have I seen that before?

I still have your sig you made me in my computer.

 

Packet sniffer?

 

search in the header for the ip address and trace it back with that.

 

Unplug the machines one at a time till it quits coming back.


P. S. As much junk as you do on the net, I would start with yours!

 

Header IP is a good shot.

It could be an outside computer that knows you, who is using your address as a return address.

Update all virus defs and run scans.

Check mail server logs to see where they are coming from and block that IP for a day or two (if it's from India or something).

 

That's what we call "process of elimination". It's a looong process, but it works. I wouldn't recommend that to anyone, but if push comes to shove.....

 

True.

Keep in mind, the IP address will only give you the "Whois" of the IP owner (***, Comcast, Cebridge, Suddenlink, etc). Now, if the IP is a static, and has a reverse set, then maybe. A packet sniffer will show you what Work station is the one with the virus...bandwidth usage. It's best to check after hours also.

 

Will a packet snifer work in my situation?

All network computers run to three Cisco routers. Our DSL modem also runs to one of the routers. A Windows 2000 Server establishes IP addresses but the Internet should work without that server in the loop. Where would I install a sniffer?

I did get header info from one of the replies; it was not helpful as we all have the same IP address as far as the external world is concerned.

 

I sent you a PM...

 

We have the same problem here. I wish out IT department would start working on it like you are working on yours.

It's a real pain in the **** getting Viagra and other herbal emails every day or hearing how some rich guy in Africa left me his life savings.

Duke

 

Is this a personal email you get that trash in, or is it your Corp email acct?

 

You're having a different problem.

If you want your SPAM to go away, give IT a bunch of money to purchase, setup, and tune a good filter.

 

or never use/give your email address on the net at ANY website.

 

I am the IT Dept. We are sending out the Spam not receiving it. I just dont know what computer has the spam virus.