Solved

CATIRPC.EXE & SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

Posted on 2009-04-06
1
803 Views
Last Modified: 2013-11-22
I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-gen).
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.
I cannot activate the Windows Firewall as a message is displayed on activation that "another program or service is running that might use the network address translation component (IPNAT.SYS).
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?
0
Comment
Question by:Bryn Ball
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
Popeyediceclay earned 500 total points
ID: 24082519
CATIRPC.EXE is a CA process and there is a vulnerability, try installing the patch if it applies to your version:
http://www.ca.com/us/securityadvisor/vulninfo/Vuln.aspx?ID=35058

Or check this and see if it applies:
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question