?
Solved

Windows server 2003 hacked

Posted on 2006-07-19
2
Medium Priority
?
194 Views
Last Modified: 2013-12-04
Hi guys!

I know i've been hacked and I would like to know what you think about those files:

C:\WINNT\system32\inetsrv\daemon\ethernet.exe
C:\WINNT\system32\Etherlink.exe[syslink.exe][xsys.dll]
C:\WINNT\system32\inetsrv\daemon\services.exe
C:\WINNT\system32\ra32hrat.exe    

Thanks!
0
Comment
Question by:polycorjsp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
gidds99 earned 1000 total points
ID: 17140744
Ethernet.exe may be a worm:

http://www.bleepingcomputer.com/startups/ethernet.exe-9935.html

Etherlink.exe pay be a 3com driver.  However if you are hacked it may be anything.  Services.exe is used by genuine applications and many virus/trojan/malware etc.

ra32hrat.exe is a remote administration tool (probably used to control your machine remotely by the attacker):

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453086368

It looks like this server was completely compromised.
0
 
LVL 32

Assisted Solution

by:r-k
r-k earned 1000 total points
ID: 17142231
Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month12 days, 7 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question