I am working on a computer right now, ran scans/hijackthis/etc/etc, it looks clean but a few minutes after booting, the computer starts sending out a load of smtp traffic. I have the laptop setup behind a gateway running ethereal, so i can monitor the traffic.
Anyways, my question, does anyone have any suggestions for finding the proc that is sending out traffic like this? I tried killing processes one by one, but it looks to be a service or corrupt system exec.
go off to sysinternals and get a couple of apps. Since SMTP uses TCP, port 25 u can watch it with TDIMon, track it with TCPView both to the process handling it inside your PC and the remote addresses which will be identified. Then use ProcessExplorer to get the keys used, files, and DLLs loaded by the process. Go silly.
[ I suggest you set up a folder called ... umm... Monitors in your apps drive, then subfolders named for the 3 apps from sysinternals i have mentioned above, and unzip them into their own folders...]
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.