Infection or Bug?

Hello,

I have a server running Server 2003 Standard that I manage.  The company also has a person who handles their rental software.  Ever since he took over, setup SQL on the server and has had login rights, the server has had two virus infections.  Now it's happening again, and what usually tips me off is there will be tons of cmd.exe in the task manager, and a cmd.exe error followed by a cacls.exe error that appears repeatedly.  Evertime I have done the clean, it pulls files out of the SQL directories.  I am starting to have my doubts as to whether or not it's truly been infected, or if SQL is causing a bug and maybe the anti-virus (Avast) is seeing SQL files as being suspicious.  Any help is greatly appreciated!

Anthony
MobilePCDRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NaerwenCommented:
First, insist that his login rights be revoked until the issue is resolved.
Second, , verify the copy of SQL he installed has a valid license and not some Vol Lic he stole from the last place he worked at. Again, insist on proof.
     - Not for nothin' ... but I've seen an XP Pro installation throw a "Rare Error" (<-- according to M$) that had a key that was on the "Blacklist".
Thirdly, run anti-virus and make sure the system is clean. Once you are certain there, make sure that you "do your homework" and understand what is being used SQL and the related applications ... and how it affects your AV configuration. Make the necessary configuration changes, if any. Every AV pack is different so make sure you are up to date on your knowledge with regards to your solution. Also, AT LEAST lookup the errors you are encountering and the alternative reasons why they may be occurring, so you have the information handy when asked.
 
Lastly, if it points to the "Fly by night" service provider, insist that he is released from his contract. If your leadership refuses, make sure you have covered your ass and have it documented.
 
This very thing was a hard learned lesson for me. All my best.
 
Naerwen
 
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
deroodeSystems AdministratorCommented:
A course of action could be the following:

Configure Avast to skip the SQL directories where it usually finds viruses

Then scan your system with a different virus scanner, e.g. Trend micro online virusscanner:

http://housecall.trendmicro.com/
0
NaerwenCommented:
I hope all is well with this guy...MobilePCDR. However, I would like to know how it all turned out. I've been in his/her position and that's why I offered my comments.
 
Naerwen
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.