Exchange Guru's, I could use some help in diagnosing an Attack of Service or possibly a trojan horse running in my system. Someone found a test email userid which had been left active on our Exchange 2003 Server and is sent out SPAM from our location the better part of Friday and possibly several days earlier. Once I became aware of the problem I tracked down that outgoing messages from test@xxxxxxxxxxxxx were going out every few seconds. I have since removed the Exchange Mail Store and disabled the test id and deleted over 7,000 messages pending submission. I also rebooted our Exchange server and our Domain Controller where the smtp services run. I reviewed the Event Log on the Exchange Server and I show the user id test being logged on and off many times over the last few days. I was able to deduce from the Logon Type: 3 that the logon is coming from another computer within my network and is not a Remote Desktop Connection of some sort. Now the problem is how to find the culprit. Unfortunately I can not deduce much more from the Event Log - It amazes me that Microsoft would go to the trouble of installing an Event Log Viewer on every machine and yet NEVER document the event log entries themselves! I could use some help in how to deduce the cause, the originating computer, and/or the weakness in our defenses so I can prevent this. To start off - Domain Controller runs Windows Server 2003 and is still SP1 Exchange Server runs Windows Sever 2003 SP2, up to date. Servers run BitDefender for File Servers Exchange Server runs GFI Mail Security and Mail Essentials. Nearly all computers in our network Run BitDefender Client Professional Plus version 8 Suggestions on how to narrow my search would be greatly appreciated!! Thanks In advance John Technology Applied