Hi guys,
I know it's a bit cheeky to ask, but one of our servers is throwing a mental and Google really isn't being much help at the moment. We have a server (SBS 2003 & Exchange 2007) that is running a small group of PC's and we have recently been having problems getting blocked on spam blacklists. I believe that there is a trojan mailer on one of our PC's which is causing this problems as one of the exchange queues (yahoo.com.tw) has 97,000+ outgoing emails sitting in the queue from the past few days alone. I have frozen the queue, however there are still other queues with hundreds of outgoing emails in which I know won't be real emails.
The problem lies in identifying the computer on the network that is casuing this. They all run Kaspersky AV and we have scanned all machines and found nothing. We have also run Malware Bytes and MS Malicious Software Removal Tool (something I heard was good at picking up these trojans) but still found nothing.
I have already blocked port 25 on the firewall for everything on the network apart from the exchange server, but this is a real problem now. What's the best way to locate and remove these trojans?
Thanks in advance,
Allen