This is probably one of the most dangerous attacks that one could suffer from.
A friend of mine calls me up and tells me something pretty weird: “My internet connection stops working from 6pm to 8pm, and then it gets back to normal.
At work, our mail server gets blacklisted on spamhaus on a weekly basis.
SPAM MAIL! YOU MIGHT BE SENDING OUT SPAM MAILS FROM YOUR MACHINES.
Some tips that I can give you..
1. Try a virus scanner, a the moment, I am using avast!, but chances that they will find it and CURE it.. is <5%
2. Format the machine.. that’s the best one but make sure you actually protect it later by using a good firewall – ZoneAlarm for example.
3. One a large network, it is usually hard to find the culprit(or the victim?).. and as it spreads, there is no proper tool that can find it for you. If not, it is so expensive that you might need to sell your car, your house and your soul to get it. But there is my favorite tool; wireshark.
Download wireshark, and put it on a machine on the top level hub of your network. Run a capture and let it run for a full day.. when its done, filter it by SMTP and check the logs until you find the culprit. After that it is up to you how you clean the virus/spam engine.