I received the following message form my ISP, (ATT_, I am on a T-1 there is no server just a router and a few switches and about 75 desktops. Right before I received this message I could notice a considerable slowdown in my Internet speed, which still continues. Have been going from desktop to desktop to try and figure where the problem is without any luck. Any ideas would be great; I know desktops but come up a little short on networks. The x's is my gateway

A host (xx.xx.xx.xx) within your IP block may be
Infected with a Trojan, virus, or worm; or you may have a
Malicious user on your network. The host in question,
((xx.xx.xx.xx) ), is sending unsolicited commercial email (spam).
(xx.xx.xx.xx) is your firewall/gateway/NAT then it is
likely that the offending email is originating from your
Internal network.

so investigate your clients - set some monitoring and see who's generating the traffic...

On Question how do I do that. Like I said I know desktops not networks. All running XP Pro. Static Ip's using netgear router.

Try to use a tool like Cain to capture traffic and see who is trying to reach port 25. Or if the router allows, block port 25 and have the router log the attempt. Or run a netstat script on all machines and see who is connecting to port 25 on other hosts.
Edit: some antivirus packages treat Cain as a "malicious" program, you may have to remove the install folder from the scanning.

Only Cain program I can find is for password recovery

http://sectools.org/sniffers.html Maybe this might help.

Now I'm feeling like a complete fool. Have downloaded and installed Cain but have no idea how to use it. Have tried the help files to no avail. How do I capture traffic? System is still bogging down and I'm lost.

smghou
I recieved a message just like yours

A host (xx.xx.xx.xx) within your IP block may be
Infected with a Trojan, virus, or worm; or you may have a
Malicious user on your network. The host in question,
((xx.xx.xx.xx) ), is sending unsolicited commercial email (spam).
(xx.xx.xx.xx) is your firewall/gateway/NAT then it is
likely that the offending email is originating from your
Internal network.

After discovering that spyware can stop internet access I won't let anyone access my network without continuously running a version of spydoctor as well as Norton antivirus. The earlier version of spydoctor 3 something works just fine and doesn't grind the computer into the ground.

My next step was to check every computer and see if either had been disabled.
When I found the computer and reactivated the spydoctor, did a cleansing the network returned to normal.
The operator was given a warning (final):knife:
Hope this helps

Only Cain program I can find is for password recovery
The sniffer in Cain can sniff for well-known services, including SMTP
http://i38.tinypic.com/35aknzb.png