Re: Please Help! Hijacked Network!
From: PLD (anonymous_at_discussions.microsoft.com)
Date: 04/01/04
- Next message: Kevin Weilbacher: "Re: VPN TIMEOUT"
- Previous message: Kevin Weilbacher: "Re: ActiveSync included ??"
- In reply to: Dave Podschweit: "Re: Please Help! Hijacked Network!"
- Next in thread: Ken St. John: "Re: Please Help! Hijacked Network!"
- Reply: Ken St. John: "Re: Please Help! Hijacked Network!"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Apr 2004 13:07:15 -0800
I think we've arrived at the same conclusion. It's not a
virus - NAV would have detected it in the scans (tried two
versions of NAV). Scanned locally and from the network.
Doesn't appear to be a rogue program either. Have
carefully inspected the registry and hidden start-up files
w/multiple scan programs.
Found an interesting program called "Filemon" which shows
running programs/processes in real time as they touch the
system. The two ones that frequently come up that touch
the Queue in the Exchange Mailroot are "inetinfo.exe"
and "store.exe". Both of these as we know are legit
system processes under normal circumstances. I suspect
one of them may have been hijacked on my box and replaced
with a rogue process. Another possibility is that a
different process has been hijacked that is kicking off
these two.
As I said before, the box is fine in Safe Mode. This
problem is really complicated. While I corrected the open
relay on the virtual smtp server, the queues continue to
build up internally - gobbling up HD space and processor
time. I hope I can figure this out - would hate to blow
away the box and start from scratch. Will keep trying...
Thanks,
Paul.
- Next message: Kevin Weilbacher: "Re: VPN TIMEOUT"
- Previous message: Kevin Weilbacher: "Re: ActiveSync included ??"
- In reply to: Dave Podschweit: "Re: Please Help! Hijacked Network!"
- Next in thread: Ken St. John: "Re: Please Help! Hijacked Network!"
- Reply: Ken St. John: "Re: Please Help! Hijacked Network!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
