I use a small SMTP server that I run from my computer to send mail. I do this because I download my mail from a server in the UK which houses my family’s homepage, and the cable doesn’t allow me to use their SMTP server to send unless I use one of their email addresses.
This system has been working fine for about 3 years, but now every time I start the server it just starts automatically sending masses of emails (all to Taiwan addresses i.e. .com.tw). I have tried running an Ad-Aware scan, and also checked the processes running through Task Manager for anything strange, but the problem persists.
Has anyone had a similar experience and knows how to remedy it, or does anyone have any suggestions?
I think Ad-aware is good for finding spyware but I don’t think it looks for viruses and things like that. You should maybe try using a virus scanner. I use AVG anti-virus and it seems to do a good job. You can get it free from here.
It does sound like a virus. If you’re using free anti-virus tools, you might think about using more than one to clean everything out. The followinig are some I’ve seen recommended (all do a free online cleaning):
Likewise, if you’re only using free anti-spyware, you might think about getting Spybot Search and Destroy and the Microsoft thingee too.
And, in the end, if you need expert advice, I’ve found the folks in the tomcoyote.org forums to be very helpful. They’ll need you to use a freeware program called HijackThis, which will show what’s running on that machine of yers (there’s a link on the site).
Try installing zonealarm (zonelabs.com) first, it will ask you if programs have out going permission. This will close your backdoor.
Than you might look for another smtp mail server on your system or putting yours on hold for a while. Because this virus runs it’s own smtp mail server.
Thanks for all the replies. I did try a virus scan (eTrust), but I think I’m gonna try that Trend Micro house call now. Zone Alarm won’t work because it’s accessing the Internet through a program that I already use and would allow if I install Zone Alarm.
I just did the Trend Micro online scan and it didn’t find anything. After that I tried starting the SMTP server again and it wasn’t sending emails any more. I tested sending with Outlook and it’s working fine as usual. What I think might have happened is that someone hacked my system and did it like that. Any other ideas? … also, how do I stop it from happening again?
aha … but you can reset zonealarm to default and remove all the programs that go out … zonealarm will ask you again and you can decide what software can go out …
You may want to check if your SMTP server has external e-mail forwarding disabled. If it is enabled your server is an open gateway. It allows spammers to forward e-mail through your server by specifying tons of adresses in TO: or CC: fields thus using your bandwidth to route spam e-mails.
Try to disalow any external hosts from accessing your server.
You need to find this option in the SMTP server or configure ZoneAlarm to disallow incoming SMTP sessions from outside.
You might want to think about using the Kerio firewall (kerio.com/kpf_download.html). It’s free for personal use. It has the usual firewall functions, controlling traffic in and out–and a very effective stealth mode. I use it, and I’ve leaktested mine many times and it passed all tests I could find.
The Kerio firewall will also react whenever one program turns on another. This is useful because you will be able to see if there is something residing in your computer that is turning on your emailer (or another program) and you can then 1. prevent that action; 2. identify the offending program, which will help you remove it.
[quote=“teggs”]… also, how do I stop it from happening again?
[/quote]
If you connect to the net via Hinet you can use their SMTP server. They will allow you to use your own reply address, with a different domain (as long as it is valid).
You can try sending using SMTP server as ms33.hinet.net, where a different number can be used for different mail server.
If you are with a different provider they should also provide SMTP service. This way you will not need to use yours.
Antivirus scans are useless, without a Rootkit scanner. Especially if someone was sending e-mails from your PC, antivirus is the first thing to go. Trojans easily do the service.
It’s more common for viruses to use MAPI/Outlook to send email. If you find a SMTP server sending unwanted mail, it’s almost always because, as pb said, it’s an open relay. Mass emailers are always randomly scanning the net for open relays.
Add a login or close the port. If you want to find out for sure, look at the logs and you’ll know.
It’s more common for viruses to use MAPI/Outlook to send email. If you find a SMTP server sending unwanted mail, it’s almost always because, as pb said, it’s an open relay. Mass emailers are always randomly scanning the net for open relays.