Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tracing Netsky virus emails

Status
Not open for further replies.
meby

meby

IS-IT--Management
Dec 1, 2003
43
My network of over 250 computers keeps getting infected with Netsky.P viruses. It's usually 2-3 computers that bring the network/Internet to a crawl. Is there any way that I can look at the badmail folder and determine the origination of the email. That'd save a lot of time have to check each and every machine on the network. Unfortunately my superior doesn't want to invest in enterprise wide anti-virus software.

Thanks
 
Sort by date Sort by votes
Check the connections at the firewall. That will give you the IP addresses right away.

Good Luck !!!
 
Upvote 0 Downvote
Firewall? We don't have a firewall hooked up. It's sad but we are wide open. The only protection we have it our router and that isn't protection at all. In about a month we'll have a firewall in place as well as virus protection via another company that is going to be handling our email. However, in the meantime we need to be able to search and destroy as quickly as possible.

We are running Exchange 2000 on a Windows 2k box. The systems on our network range from Windows 95 to Windows XP SP2.
 
Upvote 0 Downvote
250 computers and No firewall? No Antivirus?

Pull out the cable NOW I would say.
That is totally irresponsible these days.

Whoever is in charge of budget needs to write a check immediately to get that in place.

Those mails are just going to keep coming in, as as long as you are not stopping them, you r are in an endlessloop, with total failure as a result!

Users will click on anything they see, you know that. If using Outlook, with preview pane ON, they don't even have to click...

You are in a scary situation, and I cannot stress enough the importance of acting NOW, not in a Month!
Especially the anti-virus.

While you are at it, check for relaying too ...

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? See faq222-2244
 
Upvote 0 Downvote
I agree with with marcs41, but don't you have someone there who can limit the problem by configuring your router to block communications that are dangerous?
If you don't have a fire-wall, then check your connections at the router. You should see the IP addresses of the infected systems.

How many people do you have in your IT department?
Do you host your e-mail locally?
 
Upvote 0 Downvote
We currently have 3 people in our IT department. Myself and 2 technicians. I am a converted technican and am having to learn networking and stuff on the fly. It's rough and quite stressful. However, I just have to try to glean as much information off of people who actually know what they are doing like you guys.

Thanks for all the help.

Mark
 
Upvote 0 Downvote
I feel your pain.

Now, try to look at the connections from your router. That will help you very quickly. What router do you have?
 
Upvote 0 Downvote
I have a Cisco 3640 handling all of our P2P T1s to the various schools and a 2640 connected that is the Internet gateway and connected with to the 3640 via the Fast Ethernet card. We are hoping to get a Netscreen 25 Firewall in place to go between the 2640 and 3640 soon.

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
3K
IcarusHallsorts
IcarusHallsorts
m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
2K
m245
m245
M
  • Locked
  • Question
[SOLVED] Unable to send TLS emails via Exchange, but can receive
Replies
1
Views
289
member 1677784
M
intel233
  • Locked
  • Question
Fowarded Emails
Replies
1
Views
216
intel233
intel233
techseek
  • Locked
  • Question
AOL not accepting emails from our domain
Replies
3
Views
210
Zelandakh
Zelandakh

Part and Inventory Search

Sponsor

Back
Top