0 Replies Latest reply on Mar 6, 2009 1:15 PM by Cram

    VSE 8.7 indicates dns.exe is trying to send mail

      Hello,

      Lately I noticed that my on access scanner log states that dns.exe is trying to send mail and perform IRC communications on one of my 2003 dns servers. The dns server both hosts internal and external zones. This is from the log:

      [SIZE="1"]3/6/2009 6:15:39 AM Blocked by port blocking rule C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 62.109.4.89:25
      3/6/2009 9:29:31 AM Blocked by port blocking rule C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:Prevent IRC communication 62.109.4.89:6666
      3/6/2009 4:05:27 PM Blocked by port blocking rule C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:Prevent IRC communication 62.109.4.89:6667
      3/6/2009 5:02:17 PM Blocked by port blocking rule C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 62.109.4.89:587[/SIZE]

      The mentioned address resolves to a russian site. The server is not a mail server. I scanned everything with latest dat files. Replaced dns.exe with a fresh copy but to no avail. The messages keep coming up. I am getting worried here. Does anybody have any idea what is happening and what I can do about it? Any help is appreciated. Thanks in advance.

      Cram