Re: System Process (PID 8) creates mail
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Tue, 4 Apr 2006 07:41:46 -0700
But keep in mind that finding the app that was generating the outbound
SMTP does not mean you have found what might (still) be present
collecting what was being emailed.
<wkrueger@xxxxxxxxx> wrote in message
news:1144159528.195698.105410@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I used Process Explorer to see what was under the System Process
listing. I then used TDI Monitor from sysinternals to see which of the
apps under System were trying to send email. I found something called
msdxdsvc.exe that was trying to send email. I looked at the properties
and it was listed as a .Net application. Tricky... but there was no
msdxdsvc found on google, MS' website, nor 6 machines I had here in the
office - all of which had .net installed.
I used kill to stop this app, deleted it, then rebooted. The flow of
email from this machine finally stopped.
Thanks - Steven - your tips got me in the right direction to stop this
attack. I just heated the thought of a reformat/rebuild of this machine.
.
- References:
- System Process (PID 8) creates mail
- From: wkrueger
- Re: System Process (PID 8) creates mail
- From: Steven L Umbach
- Re: System Process (PID 8) creates mail
- From: wkrueger
- Re: System Process (PID 8) creates mail
- From: wkrueger
- System Process (PID 8) creates mail
- Prev by Date: Re: Windows XP downloading/installation/digital signatures issue
- Next by Date: Capture IP Address?
- Previous by thread: Re: System Process (PID 8) creates mail
- Next by thread: Re: CA Certificates
- Index(es):
Relevant Pages
|
|
