Re: PC Connecting to 100s of SMTPs even with active firewall
From: Gerald Vogt (vogt_at_spamcop.net)
Date: Tue, 15 Feb 2005 11:55:48 +0900
Dan Sheridan wrote:
> When I do this... it brings up 100s of smtps... saying established
> connection, time wait or close wait or fin wait or syn sent.
You most likely run a spam relay. I would not reconnect your computer to
the internet if I were you. Else your ISP will become very angry with
you and will disconnect you very soon. (But I guess he has already
noticed and is flooded with spam reports/complaints).
> I believe i must be infected with some kind of virus or malware -
> however AVG or Spybot does not detect anything...
This just means that your computer is pretty well infested. In that
case, my advice would be to reboot the computer from a clean Windows CD
and reinstall the whole system. This is the only way to be 100% on the
safe side. Some local professional could help, too, as cleaning your
computer is a difficult and errorprone process. Once you have a malware
there is usually other malware quick to come, exploiting other malwares
backdoors. All the software available to "clean" and all the nice
step-by-step description usually only work with the average, well-known
infections. But malware writes are quick to adjust and creative in new
ways to run undetected. A local professional hand thus can be much more
effective than going through a simple list if you are not an expert...
> I have noticed a file called r.exe on the main system drive, im not
> sure what this is doing... if i delete it, it will reappear... 5 mins
In a command prompt. Do netstat -a -o to see the PIDs in the last
columns of the connections to the SMTPs. Use tasklist to list all the
processes and look out for the one with the PIDs from the netstat. The
name of the executable gives you a hint.