steveLaMi
asked on
What is scan500.exe, lserver.exe and lsass.exe?
Our sql server was recently hacked. I am looking at every open process in the task manager and have come across a couple that I cannot tell if they belong there or not. Here they are
scan500.exe
lserver.exe
lsass.exe
are they legit files?
scan500.exe
lserver.exe
lsass.exe
are they legit files?
these files are related to multiple viruses like myDoom. Install the latest patches on your system and run an antivirus application
ASKER
is there legit versions of these files? and what directories SHOULD they reside in? I know that if lsass.exe is anywhere but win32/system32 then it could be a virus. How about scan500.exe or lserver.exe?
Well, these files have a little difference in the resident folders depending on the OS. However, don't make yourself struggle by finding out locations. Instead run a good antivirus scanner.
Try deleting scan500.exe -> it's defeinitely a virus. However, it may not be resident in memory and if that's the case, you would be able to delete it.
Scan500.exe belongs to the Exploit.Win32.WebDav virus class
Try deleting scan500.exe -> it's defeinitely a virus. However, it may not be resident in memory and if that's the case, you would be able to delete it.
Scan500.exe belongs to the Exploit.Win32.WebDav virus class
Thats correct.Scan500 is definetly suspicious....you can check the file versions and the size as well if you are not sure...
Another thing is run a good AN to find any other hidden or unknown worms as well...
Another thing is run a good AN to find any other hidden or unknown worms as well...
ASKER
When I do a search for scan500.exe I find nothing. Any suggestions?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.