Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows server 2003 hacked

Posted on 2006-07-19
2
Medium Priority
?
199 Views
Last Modified: 2013-12-04
Hi guys!

I know i've been hacked and I would like to know what you think about those files:

C:\WINNT\system32\inetsrv\daemon\ethernet.exe
C:\WINNT\system32\Etherlink.exe[syslink.exe][xsys.dll]
C:\WINNT\system32\inetsrv\daemon\services.exe
C:\WINNT\system32\ra32hrat.exe    

Thanks!
0
Comment
Question by:polycorjsp
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 1000 total points
ID: 17140744
Ethernet.exe may be a worm:

http://www.bleepingcomputer.com/startups/ethernet.exe-9935.html

Etherlink.exe pay be a 3com driver.  However if you are hacked it may be anything.  Services.exe is used by genuine applications and many virus/trojan/malware etc.

ra32hrat.exe is a remote administration tool (probably used to control your machine remotely by the attacker):

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453086368

It looks like this server was completely compromised.
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 1000 total points
ID: 17142231
Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Integration Management Part 2
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question