Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Worm Email HELP!!!

Status
Not open for further replies.
goldenboiyaj

goldenboiyaj

IS-IT--Management
Dec 2, 2005
30
US
Hi, I need help. I have 2 servers. server1 is the DC and server2 is my email server which runs exchange 2003. both servers are on windows server 2003. I run symantec mail security for microsoft exchange. I have SonicFirewall.

I keep getting hit with w32.sober.X@mm!zip mass worm virus on server2. I have the most updated version of symantec antivirus. It detects the worm and deletes/quaratines it. I ran the delete tool from symantec also, does that same thing. The location is of them is "c:\windows\temp". It looks like my exchange2003 has a hole in it and it's letting in these emails with the worm or else i still have the worm. Is there a way to delete the extension? any settings I should look at on my server2k3 or exchange2k3?

thanks
ky
 
Sort by date Sort by votes
Totally a personal preference, but I hate Symantec AV and find TrendMicro to work better and be MUCH easier to manage.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Same here. I prefer a combination of Norman Virus Control with Sybari Antigen for exchange. Now in your case, try to disconnect your lan links for the servers, scan and clean the servers. Then start reconnecting the DC, scan again. Maybe your virus is coming from another computer on the LAN. One way I used to solve a huge virus infection in one network was to disconnect every single computer from the network (disconnected everything from the patch panel or switch). Install a copy of Zone Alarm (that I carry with me all the time and downloaded from a clean computer previously). Once Zone Alarm is installed, I scan the computer with it's anti-virus. Then I reconnect the computer to the Internet and see if any weird connexions are attempted towards the outside. If so, then the computer is still infected and proceed with more cleaning (downloading removal tools from my laptop that's clean). Once I'm sure the computer is cleaned (and fully patched), then I proceed with another computer. If the computer keeps on trying to connect outside, then I isolate that computer and format/reinstall.
 
Upvote 0 Downvote
Ky if it is showing up in the Event Viewer, go download and run the trial, delete what needs to be deleted then try things out. The virus will be seen multiple times on inbound emails also. Each time Symantec locates it, it will give you a display/warning and then delete it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
3K
Satishkumar007
Satishkumar007
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
3K
sreejay2211
sreejay2211
IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
3K
IcarusHallsorts
IcarusHallsorts
Trevor Gryffyn
  • Locked
  • Question
Removed Accepted Domain, now can't email that (now external) domain
Replies
2
Views
511
AdrianGates
AdrianGates
m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
2K
m245
m245

Part and Inventory Search

Sponsor

Back
Top