Author Topic: Spam sender that Avast (Free) can't find  (Read 358 times)

0 Members and 1 Guest are viewing this topic.

Offline tsc_chazz

  • Newbie
  • *
  • Posts: 2
Spam sender that Avast (Free) can't find
« on: November 29, 2021, 11:48:37 PM »
I have a piece of malware active on two machines that I know about that Avast is unable to even see, much less clean.

Here's what I know. I have my own mail server, and there are two clients who are pounding the crap out of it, repeatedly trying to contact port 25 (as many as 15 times a second at peak) and port 993 (about a thousand times over 15 minutes, once or twice a day). I believe that the port 25 attempts are trying to send spam (but fail because my mail server requires credentials), and the port 993 is an attempt to dictionary-search credentials from my IMAP server, but I have not confirmed actual packet contents so I can't be certain. Looking at the list of active connections on one of the affected machines shows that the port 993 connections are being made from a program that has somehow set its program ID to 0; I suspect the same is true of the port 25 connections, but I haven't seen any of those yet - they're very fast.

Neither a full scan, nor a boot time scan, by Avast Free reports any malware found. I've also tried toget help from Bleeping Computer and their tools have also found nothing.

Is there a thing I can do with this? Or do I have to nuke and pave?