Hi I have the latest Norton in my system, and full scan with norton, Adaware , spybot,.... shows and an absolutly clean system. However sometimes I notice norton Scanning 2 emails being sent from my computer which I have no idea why and there nothing in my computer to explain it. I was wondering if anybody knows away to monitor the emails sent from my computer, which program are sending it? the content and to whom? I am not using a strong firwall program, just netlimiter and nortons worm protection, however I am not sure a stronger one will help me to find the source. Since the emails seem to be short, I am guessing it's some sort of trojan sending my IP address.

what mail client are you using? if it is outlook or oe, make sure you have it set to save a copy in the sent folder. If you have it set to remember your password you can turn that off so you'll have to manually enter the password each time for a while so you can see what is being sent.

I am not using any mail clients, I only have my SMTP server on in IIS, I just turned on the logging but I am not sure if it routed through that, cause it has happened to me even when it was turned off, whatever it is, it's using its own server to send these emails, but the server is not on all the time, otherwise I would have detected it on port monitoring. Isn't there anyway to monitor outgoing emails?

Dunno but you could try this freebie Trojan finder/fixer on it: A2FREE - JUST DOWN PAGE DerekW

No trojan visible but this time I guess my STMP was used, this is the log : #Software: Microsoft Internet Information Services 5.1 #Version: 1.0 #Date: 2005-12-22 22:14:02 #Fields: time c-ip cs-method cs-uri-stem sc-status 22:14:02 127.0.0.1 HELO - 250 22:14:02 127.0.0.1 MAIL - 250 22:14:02 127.0.0.1 RCPT - 250 22:14:02 127.0.0.1 HELO - 250 22:14:02 127.0.0.1 MAIL - 250 22:14:02 127.0.0.1 RCPT - 250 22:14:31 127.0.0.1 MAIL - 250 22:14:31 127.0.0.1 RCPT - 250 22:14:31 127.0.0.1 DATA - 250 22:14:31 127.0.0.1 MAIL - 250 22:14:31 127.0.0.1 RCPT - 250 22:14:31 127.0.0.1 DATA - 250 22:14:31 127.0.0.1 QUIT - 0 22:14:31 127.0.0.1 QUIT - 0 22:14:33 - - - 0 22:14:33 mta299.mail.scd.yahoo.com EHLO - 0 22:14:33 mta299.mail.scd.yahoo.com - - 0 22:14:33 mta299.mail.scd.yahoo.com MAIL - 0 22:14:33 mta299.mail.scd.yahoo.com - - 0 22:14:33 mta299.mail.scd.yahoo.com RSET - 0 22:14:34 mta299.mail.scd.yahoo.com - - 0 22:14:34 mta299.mail.scd.yahoo.com MAIL - 0 22:14:34 mta299.mail.scd.yahoo.com - - 0 22:14:34 mta299.mail.scd.yahoo.com QUIT - 0 22:14:34 mta299.mail.scd.yahoo.com - - 0 I have my server set to ONLY relay messages from 127.0.0.1, so there can not be anything else other than something locally, still I will not be able to spot the source using my server to send the emails. Any help is appreciated.