1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Exchange server 2003

Discussion in 'Web & Email' started by zerobug, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. zerobug

    zerobug Thread Starter

    Joined:
    Jun 23, 2003
    Messages:
    45
    I have Exchange server 2003 running and for some reason now. the postmaster is emailing out approx. 100,000 emails a day. Once I stop the the services for exchange it stops and i have no inbound activity so i know its my server. i was wondering if anyone has heard or seen anything like this before.
    As far as i know there is nothing else on my system running in the background that would cause this I will get some more information of my running processes in a shortwhile.
     
  2. roban

    roban

    Joined:
    Jul 9, 2002
    Messages:
    394
    Sounds like a virus. Have you updated your AV soft and run a scan?
     
  3. zerobug

    zerobug Thread Starter

    Joined:
    Jun 23, 2003
    Messages:
    45
    yes I updated the virus defs and ran that as well as several other programs.
     
  4. zerobug

    zerobug Thread Starter

    Joined:
    Jun 23, 2003
    Messages:
    45
    just if anyone wants to know these are the processes that are running



    Logfile of HijackThis v1.97.7
    Scan saved at 2:53:27 PM, on 4/22/2004
    Platform: Unknown Windows (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 (6.00.3790.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SAV\DefWatch.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\WINDOWS\System32\dns.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\WINDOWS\System32\ismserv.exe
    C:\PROGRA~1\SAV\Rtvscan.exe
    C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
    C:\WINDOWS\system32\ntfrs.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    D:\Exchsrvr\bin\exmgmt.exe
    D:\Exchsrvr\bin\mad.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Exchsrvr\bin\store.exe
    D:\Exchsrvr\bin\emsmta.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SAV\vptray.exe
    C:\WINDOWS\system32\mmc.exe
    D:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37927.5192361111
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = treppel.com
    O17 - HKLM\Software\..\Telephony: DomainName = treppel.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB804BD-90D1-415F-8D59-B65E526AE207}: NameServer = 192.168.0.70,142.165.21.5,142.165.5.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = treppel.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2FB804BD-90D1-415F-8D59-B65E526AE207}: NameServer = 192.168.0.70,142.165.21.5,142.165.5.2
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = treppel.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2FB804BD-90D1-415F-8D59-B65E526AE207}: NameServer = 192.168.0.70,142.165.21.5,142.165.5.2
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222897

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice