1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Where does that ESMTP server suddenly come from??

Discussion in 'Security and Privacy' started by tawm, 2007/05/23.

  1. 2007/05/23
    tawm

    tawm Inactive Thread Starter

    Joined:
    2007/05/23
    Messages:
    2
    Likes Received:
    0
    Yesterday I was infected by a virus, and I think I got rid of it by now. But, I just discovered I'm running a local ESMTP server, or at least something that looks like one. I can telnet to localhost 25 and then I get an ESMTP prompt ('220 ESMTP service ready'). I have no idea where this software comes from, where it is running or what it is called. That's why I have lots of problems with getting rid of it.

    Netstat says the following:
    The red line indicates my telnet connection to the (local) ESMTP server. So a connection to port 25 (smtp) is recognized, but notice the fact that according to netstat there is no software listening to port 25!!! How on earth is that possible??? What am I missing here?

    Tim
     
    tawm,
    #1
  2. 2007/05/23
    mailman Lifetime Subscription

    mailman Geek Member

    Joined:
    2004/01/17
    Messages:
    1,901
    Likes Received:
    11
    Hi, Tim. Welcome to Windows BBS! :)

    DiamondCS's Port Explorer (PE) will provide a LOT more information for you than netstat does. PE will show you which ports are being used (updating as they are used, up to once every second) along with which processes are using those ports. (You can even set PE to display the complete paths to the process filenames that are using those communication ports.)

    PE will also let you "sniff" the data packets transferred via certain processes if you wish.

    PE has many other useful features you may be interested in. The documentation that comes with PE (via the F1 key) is fairly extensive. I think the 30-day evaluation/trial version of PE is fully functional.

    It appears your telnet application is using your TCP Simple Mail Transfer Protocol (SMTP) port 25. Perhaps your telnet application is being used by malware for unauthorized communications (such as sending e-mail spam).

    If you have not yet had a malware-removal expert assist you with removing your reported computer's infection, then I also suggest you
    • download HijackThis v1.99.1,
    • double-click the hijackthis_sfx.exe file to extract its contents (HijackThis.exe) to a folder on your hard drive (not to your desktop),
    • run HijackThis (HJT) and
    • choose "Do a system scan and save a logfile ".
    • Then paste the contents of your HJT log in the Removing Spyware & Viruses forum.
      (Please include a link back to this thread so the experts can easily view your background information.)
    CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable.
     
    Last edited: 2007/05/24
    mailman,
    #2


  3. to hide this advert.

  4. 2007/05/24
    tawm

    tawm Inactive Thread Starter

    Joined:
    2007/05/23
    Messages:
    2
    Likes Received:
    0
    Well, it's solved. Port 25 is free again. The annoying thing though, is that I don't know what solved it. I've just been messing around with processes, services and anti-malware-tools, and now it's gone. I ran Gmer (http://www.gmer.net/), so perhaps that did the trick. Anyway, thanks for the help!
     
    tawm,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...