Solved

CATIRPC.EXE & SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

Posted on 2009-04-06
1
786 Views
Last Modified: 2013-11-22
I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-gen).
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.
I cannot activate the Windows Firewall as a message is displayed on activation that "another program or service is running that might use the network address translation component (IPNAT.SYS).
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?
0
Comment
Question by:bryndwcs
1 Comment
 
LVL 3

Accepted Solution

by:
Popeyediceclay earned 500 total points
ID: 24082519
CATIRPC.EXE is a CA process and there is a vulnerability, try installing the patch if it applies to your version:
http://www.ca.com/us/securityadvisor/vulninfo/Vuln.aspx?ID=35058

Or check this and see if it applies:
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question