Okay, I'm trying to figure this out to be a better IT Geek.
I get called to a client to check up on someone's computer that has been having problems. We had had one of our techs out here twice, etc., he ran the cheap suite of spyware tools (adaware, spybot) and cleaned some crap out.
Of course, that didn't work. So I get out here and I was able to find that it was infected with the Straterion Trojan which is a mail massing worm/virus. I was able to locate instructions in how to remove it and scanning back over to make sure its gone.
Now the second part of this is, the IP was added to the spamhaus lists because of this trojan, and it was even suggestted in the delist page that the trojan was responsible.
My question is, how would one analyze traffic, or see if that trojan is on any other computers and or sending data out that will get the company back on the blacklist. They use Trend Micro here, and that does NOT find it. I'm just wanting to make sure the infection is under control and locallized to one PC.
The thing is, I KNOW there is a way to monitor the data, and even be abel to find out which offending IP address is the culprit. I just don't know how.
Any veterans wanna tell me how?