Solved

Windows server 2003 hacked

Posted on 2006-07-19
2
183 Views
Last Modified: 2013-12-04
Hi guys!

I know i've been hacked and I would like to know what you think about those files:

C:\WINNT\system32\inetsrv\daemon\ethernet.exe
C:\WINNT\system32\Etherlink.exe[syslink.exe][xsys.dll]
C:\WINNT\system32\inetsrv\daemon\services.exe
C:\WINNT\system32\ra32hrat.exe    

Thanks!
0
Comment
Question by:polycorjsp
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 250 total points
Comment Utility
Ethernet.exe may be a worm:

http://www.bleepingcomputer.com/startups/ethernet.exe-9935.html

Etherlink.exe pay be a 3com driver.  However if you are hacked it may be anything.  Services.exe is used by genuine applications and many virus/trojan/malware etc.

ra32hrat.exe is a remote administration tool (probably used to control your machine remotely by the attacker):

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453086368

It looks like this server was completely compromised.
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 250 total points
Comment Utility
Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now