• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 813
  • Last Modified:

CATIRPC.EXE & SRA.EXE ON HP SERVER RUNNING WINDOWS 2003 SERVER

I have a client server that has recently be de-bugged of a nasty trojan rootkit infection (rootkit.cloaked/service-gen).
The system is not yet considered malware-free as there is a service which I believe is a CA Brightstor backup utility running that is utilising up to 99% CPU time (CATIRPC.EXE). In addition IBServer.EXE and SRA.EXE are also hogging CPU time.
I am not a server tech in normal circumstances (still learning) and have little knowledge of server utilities.
The system seems to be casting network requests (or possibly sending spam) as there is network activity through my broadband link to an outside source.
I cannot activate the Windows Firewall as a message is displayed on activation that "another program or service is running that might use the network address translation component (IPNAT.SYS).
Can anyone shed light on the activity observed regarding CATIRPC and the other services mentioned above and/or the inability to activate the windows firewall?
0
Bryn Ball
Asked:
Bryn Ball
1 Solution
 
PopeyediceclayCommented:
CATIRPC.EXE is a CA process and there is a vulnerability, try installing the patch if it applies to your version:
http://www.ca.com/us/securityadvisor/vulninfo/Vuln.aspx?ID=35058

Or check this and see if it applies:
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now