• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Pinpointing the location of an infected node...

I

InlineFive

Diamond Member
How easy is this to accomplish? Today I received an email from an associate business which has numerous error messages about a huge amount of email. My best guess is that one of my computers has a virus on it. Here is the message:

Delivery status report re your message
to the following recipient(s):

catchall@ozarknaturalfoods.com
(Was addressed to research@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to krauhala@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to echo@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to 3o7ath@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to CTDAYMX004tlJI2NehG0000322c@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOW60mJWEsBk31TZ000001e5@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWiZ9rWjAKYVpMm000001e3@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to hr@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to CTDAYMX004L5cBhXwqg00003bdd@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to do_not_respond@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to nobody@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to E1DuYzV-0000S2-E3@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to E1DuYzT-0000S0-Dy@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to E1DuZCj-0001mh-QR@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to E1DuZCa-0001m8-Po@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to AJaeger@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to CTDAYMX004ldfwqALHH00000d4a@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to capeannfoodcoop@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to merchandise@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to unge@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to rey@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to sproutedalmonds.com@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to andi_n@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to ncy@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWewHx3NYqOXaUX000000c7@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWlGcrV2w8jyUF7000000c6@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOW8yfogkJXrRjbD0000001f@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOW9FrF7C7ULFOWO0000001d@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOW2LTrpwACkWHZq000004b9@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWBSotwBP8xidGV0000040c@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWWOxbCJnEMzAUo0000037e@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWv4ZQ2QxpBC2UF0000037c@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWqxGGmNN79xavj000001fe@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWoWwr2UAaTzvb5000001d4@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWigPasSmz6UuEh00000149@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWU40WrRWunEsKM00000148@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWVbNDN4CxpAOAk0000013e@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOW3Sv0YKpDS7hx20000013b@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWcarcR4ZDgC81T00000915@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWtsFCPNMJqfN7a0000091e@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWbCdUg07MJJQ8700000943@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to WILLOWDRr58Q6gT7SbA000001f9@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to 0IJO005WDNTN5WS4@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to GGEIIGCOCHAJJNNINEKJOEGODPAA.kz@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to cooperative-bus@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to tweselak@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to cathrine_amour2003@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to cathrine_amour@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to customerservice@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to CTDAYMX004D1kI07rYy000019f9@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to mplssean@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox

catchall@ozarknaturalfoods.com
(Was addressed to gcccoop@ozarknaturalfoods.com)
Delivery failed
There are too many copies of this message in the user's mailbox


... (More recipients)

__________ NOD32 1.1317 (20051209) Information __________

This message was checked by NOD32 antivirus system.

http://www.eset.com
Click to expand...

So how do you effectively track down the infected node? The entire network has McAfee VirusScan Enterprise 8.0i and I have ProtectionPilot scan all nodes as soon as I got wind of this. Yet all the nodes turned up clean (using latest DATs).

I don't have managed switches and my firewall logs aren't comprehensive enough for that kind of information. Am I doomed to mucking around on each computer trying to pinpoint a virus by combing through security reports on Symantec?

Suggestions? I would appreciate them!

Thanks!

-Por
 
setup a decent tool betweent the network and the gateway or firewall (on the inside) and either run a sinffer, or a program like NTOP www.ntop.org

fyi, ntop on windows blows, I would install deb testing and apt-get it, but it still misses a few librarys, like gdimage library, etc (not critical to operation).

NTOP, if going to be used for more then a few hours/day really needs to be dedicated, with loads of memory.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top