SMTP Spam Malware?

BigYellow · Nov 12, 2013

Good afternoon -

Our Exchange Server recently got blacklisted and upon review I have come to find that we have started generating high volumes of outgoing mail. I have one user that has been getting large volumes of undeliverable email messages. After having our Network consultant review our mail logs they informed me that we very likely have some malware on this users PC. Our exchange server is not an open relay and am told it is configured properly.

No symptoms currently present on this computer. Malware tools did not find any malware. However I did find an odd process running called xdnorbgnd.exe and its description was Xerox Endeavor Background Task. I killed that process and also disabled it in startup. I also ran SuperAntiSpyware since I saw some internet posts suggesting it found some SMTP related malware that other tools did not. It found no malware accept some tracking cookies.

Do these logs show any hint of a problem?

Thanks.

Kestrel13! · Nov 12, 2013

I have reviewed those logs and I am not seeing any signs of malware at all. However I would like to point out to you that you should not be using MSCONFIG to control start ups. You should be using a third party manager instead. I suggest that you go ahead and post in the software forum about this if you wish, but I am definately not seeing any malware.

Log in or Sign up

SMTP Spam Malware?

BigYellow Private E-2

Attached Files:

RKreport[0]_S_11122013_132607.txt

mbam-log-2013-11-12 (13-30-07).txt

TDSSKiller.3.0.0.16_12.11.2013_14.43.43_log.txt

HitmanPro_20131112_1449.log

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member