Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Server > Server Networking > Re: Best methods for tracing a mass-mailing worm infected workstation on a network?

Reply
Thread Tools Display Modes

Re: Best methods for tracing a mass-mailing worm infected workstation on a network?

 
 
Dustin Cook
Guest
Posts: n/a

 
      11-14-2009
BadBoy House <> wrote in news:cd2f12df-c3eb-
49e5-ad0c-:

> I've had instances in the past where a workstation has been infected
> with a mass-mailer worm and whilst I resolved the issue in the end I
> encountered the following circumstances in relation to the infected
> workstation:-
>
> - no up-to-date anti virus package found any mass mailer worms. I
> tried Panda, McAfee, Norton.
> - no port 25 traffic (other than the mail server) was going through
> the router (I checked all the logs/tables)
>
> In the end, via a process of elimination and used malware bytes anti
> malware to find, and remove the virus.


It likely wasn't a virus. As our software doesn't really deal with
those. You may wish to consider the commercial/pro version as it offers
realtime protection against nasties known to it, as well as IP blocking
of known malicious websites. It's a onetime registration, not a yearly
deal unless your a company...

> I'm interested in finding out about any other proven methods for
> tracking down mass-mailer infected workstations. It seems it can be
> like finding a needle in a haystack.


Watching router traffic can often tell you which computer might be
responsible for consuming a large portion of the bandwidth for spamming.

> What methods would you suggest?


Wireshark.



--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Best methods for tracing a mass-mailing worm infected workstation on a network? David H. Lipman Server Networking 2 11-15-2009 08:36 PM
Re: Best methods for tracing a mass-mailing worm infected workstation ona network? Virus Guy Server Networking 4 11-13-2009 01:26 PM
Re: Best methods for tracing a mass-mailing worm infected workstation on a network? David H. Lipman Server Networking 0 11-12-2009 09:13 PM
Got infected by a worm thru MSN messenger The Undertaker Windows MSN Messenger 2 03-07-2005 07:40 PM
I think we are infected with the Spybot worm! Frances Jones Windows Update 2 08-12-2003 12:08 PM