Solved

Windows server 2003 hacked

Posted on 2006-07-19
2
184 Views
Last Modified: 2013-12-04
Hi guys!

I know i've been hacked and I would like to know what you think about those files:

C:\WINNT\system32\inetsrv\daemon\ethernet.exe
C:\WINNT\system32\Etherlink.exe[syslink.exe][xsys.dll]
C:\WINNT\system32\inetsrv\daemon\services.exe
C:\WINNT\system32\ra32hrat.exe    

Thanks!
0
Comment
Question by:polycorjsp
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 250 total points
ID: 17140744
Ethernet.exe may be a worm:

http://www.bleepingcomputer.com/startups/ethernet.exe-9935.html

Etherlink.exe pay be a 3com driver.  However if you are hacked it may be anything.  Services.exe is used by genuine applications and many virus/trojan/malware etc.

ra32hrat.exe is a remote administration tool (probably used to control your machine remotely by the attacker):

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453086368

It looks like this server was completely compromised.
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 250 total points
ID: 17142231
Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now