Re: SMTP Service when turned on is spamming other SMTP servers.

"Akshay Srinivasan" <AkshaySrinivasan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:249715B5-5BE8-45EB-923A-CE0BCE44119D@xxxxxxxxxxxxxxxx
Hi,

Suddenly this evening my net connection stopped working. I had not done
anything unusual. When I looked at the TCP Connections to the computer I saw
that my computer using inetinfo.exe and a System Process 0 was connecting to
random SMTP servers all over the world. I initially mistook this as a DoS
attack upon my SMTP server. So I stopped the SMTP service and these millions
of connections stopped and my net connection started working again. I tried
to uninstall and reinstall SMTP and POP3 and this didnt help. The moment the
SMTP service was turned on the spamming started again. Anyone know of a
worm/virus that might use inetinfo.exe to do something like this in
conjunction with the SMTP service. I am keeping my SMTP service switched off
but this is not a long term solution as I need email to be up and running.

All the best,

Akshay Srinivasan
--
Life is about joy!

Do a thorough check for malware, following all of the steps at one of these Web pages.
Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing Messenger Plus, whose ads for malware don't identify the malware as such and try to convince you that you owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see what else is being carried along. Don't install any extras you're not sure of.

--
Frank Saunders, MS-MVP OE/WM
Do not send mail.

.

Relevant Pages

  • Re: 2003 cluster logs QUIT in SMTP log every 10 seconds
    ... fields for other connection attempts, but for some reason the one in ... Log files have not been deleted since 2007, and SMTP service does ... normal to see QUIT every 10 secs? ...
    (microsoft.public.exchange.admin)
  • Re: smtp connection
    ... Then you probably don't need to do a manual connection to the host. ... > account and each have an smtp service. ... > am prevented from accessing the service from my php script? ... Your ISP gets a connection from you and handles it according to its ...
    (comp.lang.php)
  • Re: SMTP Service binding to wrong IP address.
    ... smtp service on the same computer. ... and am binding the Microsoft SMTP service to TCP port 25 on ... and the 3rd party SMTP service to port 25 on the second ... i get a connection failure on both ip ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • SMTP Service binding to wrong IP address.
    ... I'm experiencing a problem with the Microsoft SMTP service that is ... and am binding the Microsoft SMTP service to TCP port 25 on ... i get a connection failure on both ip ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • SMTP Service binding to wrong IP address.
    ... I'm experiencing a problem with the Microsoft SMTP service that is ... and am binding the Microsoft SMTP service to TCP port 25 on ... i get a connection failure on both ip ...
    (microsoft.public.exchange.admin)