SMSS.exe is also a legitimate program in the Windows OS (Session
Manager Subsystem ).
Mike
At 07:57 PM 2/7/2007, you wrote:
Going aGoogling found that the Intel LANDesk uses a file called
ssm.exe and there are a couple of programs listed as monitors using
it, so be careful before just deleting that file.
Exactly where was the file?
Since Howard is running IMail 8.15 this means that his server has
been compromised ala the SMTP vulnerability that is fixed only in
8.22 (patched) and 9.1. So, it is not a virus that would be found by
F-prot or Symantec, but a server hijack or comprise.
John T
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Justin Moose
Sent: Wednesday, February 07, 2007 3:11 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Need hep - mail server sending out
stock reports email
I called Howard on this, but for everyone else's info, if you are
seeing this, look for ssm.exe to be a running process. I found this
on an Imail server that I administer for another company this
morning. The file was showing processing time in the task manager
and showed up on the Services list at Security Systems Manager, but
the file had a modified date of 2/5/07 and no updated had been done
on that server for over a week. Stopping this service stopped the
junk messages from going out.
Neither F-prot or Symantec showed this file as a virus; however I
did submit it to Symantec for analysis.
Justin Moose
Information Technology Manager
Sioux Valley Energy
DID: (605) 256-1644
Fax: (605) 256-1690
Toll Free: (800) 234 1960
----------
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Howard Smith (N.O.R.A.D.)
Sent: Wednesday, February 07, 2007 4:24 PM
To: declude.junkmail@declude.com
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Need hep - mail server sending out stock
reports email
Running imail 8.15,sniffer and declude - starting on 2/6/7 my
mail server start sending out the stock reports email , even when I
stop the imail smtp process , nothing is in the Imail logs
indicating problems . I have ran full scans with frprot and Symantec .
Need help please , I have already made the spamcop blacklist
Howard Smith
N.O.R.A.D. Inc.
P.O. Box 680116
Miami, Florida 33168
<http://www.norad.com/>www.norad.com
[EMAIL PROTECTED]
Office - (305) NETWORK (638-9675)
Sales - (786) 206-0045
Fax 1 - (305) 359-5144
[]
Confidentiality Notice: This email message, including any
Attachments, is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please
contact [EMAIL PROTECTED] by email and destroy all copies of the
original message.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
