Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows server 2003 hacked

Posted on 2006-07-19
2
Medium Priority
?
196 Views
Last Modified: 2013-12-04
Hi guys!

I know i've been hacked and I would like to know what you think about those files:

C:\WINNT\system32\inetsrv\daemon\ethernet.exe
C:\WINNT\system32\Etherlink.exe[syslink.exe][xsys.dll]
C:\WINNT\system32\inetsrv\daemon\services.exe
C:\WINNT\system32\ra32hrat.exe    

Thanks!
0
Comment
Question by:polycorjsp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 1000 total points
ID: 17140744
Ethernet.exe may be a worm:

http://www.bleepingcomputer.com/startups/ethernet.exe-9935.html

Etherlink.exe pay be a 3com driver.  However if you are hacked it may be anything.  Services.exe is used by genuine applications and many virus/trojan/malware etc.

ra32hrat.exe is a remote administration tool (probably used to control your machine remotely by the attacker):

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453086368

It looks like this server was completely compromised.
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 1000 total points
ID: 17142231
Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question