[Lynnex1138]

We are using Domino 7.0.3 and Lotus notes client 7.0.2. We have 3 domino servers. One is the smtp server and admin server, with no user mail files on it. The other two are a cluster where all the mail files live. We are running Windows 2003 server std with updated service packs and updates on the two clusters. Windows server 2k sp4 is on the smtp server.

One one pc and only one, a user is reporting folders missing. these are custom folders she created under the folders drop down on the left for the mail window. We checked both copies of her mail files and the folders no longer exist.

We had our consultant check the design of the folders and he could find no reason for the folder to not be there.

We checked all the other folders to see if it had been moved to one of them and it was not there either.

this just started happening since one of the employees of this manager was let go. The folders in question had to do with this person's HR business.

I have checked protocol activitiy and see quite a bit for TCP Port 1026 on several LAN pc's including this one.

This person has a told of folders but I have even more and have never had a problem.

Am I paranoid to think something malicious may be going on? If so, what should I look for?

I am planning to scan her PC with malware bytes and superantispyware when I have a chance.

Any and all suggestions are welcome!

[Cookiegal]

Since this is a company computer in a setup that appears to have multiple work stations, we really shouldn't get involved in this. Do you not have an IT Department that can handle it?

[Lynnex1138]

Well, my boss and I are the IT department.

Besides, I'm not asking about the personnel issue, I'm not involved in that myself. I'm just trying to find out what kind of malware or bot could be present, if any.

I may not have phrased things properly and if so I apologize. My questions are meant to be purely technical.

As far as activity on tcp port 1026 and deletion of files from a pc behind a firewall, how can I detect any malevolent programs? That's all I'm asking for help on.

Thanks!

[Cookiegal]

Would you please post the scans after you run MalwareBytes and SuperAntiSpyware?

TCP port 1026 is related to the Task Scheduler from what I understand but there are other functions as well. I'm not sure of the consequences of activity on it in a work environment. This might be better addressed in the Networking forum.

But if you post those scan results, we will see if any infection is detected.

[Lynnex1138]

Hey thanks alot for getting back to me so quickly.

I was able to run malwarebytes and it came up clean. Also, after research on Lotus Notes functionality we believe this happened by accident, and it also seems that when you delete a folder from a lotus notes mailbox, it deletes the folder and keeps the email, so she still has all the email she thought was lost.

As a result of the clean malwarebytes scan, the lotus info and the business of the user we're leaving it alone.

I appreciate the help and the port info, so thanks again, very much.

Lynne

[Cookiegal]

I'm glad you got it sorted and thanks for posting back to let us know.