?
Solved

CATIRPC.EXE & SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

Posted on 2009-04-06
1
Medium Priority
?
808 Views
Last Modified: 2013-11-22
I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-gen).
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.
I cannot activate the Windows Firewall as a message is displayed on activation that "another program or service is running that might use the network address translation component (IPNAT.SYS).
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?
0
Comment
Question by:Bryn Ball
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
Popeyediceclay earned 2000 total points
ID: 24082519
CATIRPC.EXE is a CA process and there is a vulnerability, try installing the patch if it applies to your version:
http://www.ca.com/us/securityadvisor/vulninfo/Vuln.aspx?ID=35058

Or check this and see if it applies:
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question