[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Infection or Bug?

Posted on 2009-06-30
5
Medium Priority
?
347 Views
Last Modified: 2012-05-07
Hello,

I have a server running Server 2003 Standard that I manage.  The company also has a person who handles their rental software.  Ever since he took over, setup SQL on the server and has had login rights, the server has had two virus infections.  Now it's happening again, and what usually tips me off is there will be tons of cmd.exe in the task manager, and a cmd.exe error followed by a cacls.exe error that appears repeatedly.  Evertime I have done the clean, it pulls files out of the SQL directories.  I am starting to have my doubts as to whether or not it's truly been infected, or if SQL is causing a bug and maybe the anti-virus (Avast) is seeing SQL files as being suspicious.  Any help is greatly appreciated!

Anthony
0
Comment
Question by:MobilePCDR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 1000 total points
ID: 24746084
First, insist that his login rights be revoked until the issue is resolved.
Second, , verify the copy of SQL he installed has a valid license and not some Vol Lic he stole from the last place he worked at. Again, insist on proof.
     - Not for nothin' ... but I've seen an XP Pro installation throw a "Rare Error" (<-- according to M$) that had a key that was on the "Blacklist".
Thirdly, run anti-virus and make sure the system is clean. Once you are certain there, make sure that you "do your homework" and understand what is being used SQL and the related applications ... and how it affects your AV configuration. Make the necessary configuration changes, if any. Every AV pack is different so make sure you are up to date on your knowledge with regards to your solution. Also, AT LEAST lookup the errors you are encountering and the alternative reasons why they may be occurring, so you have the information handy when asked.
 
Lastly, if it points to the "Fly by night" service provider, insist that he is released from his contract. If your leadership refuses, make sure you have covered your ass and have it documented.
 
This very thing was a hard learned lesson for me. All my best.
 
Naerwen
 
 
0
 
LVL 19

Expert Comment

by:deroode
ID: 24751897
A course of action could be the following:

Configure Avast to skip the SQL directories where it usually finds viruses

Then scan your system with a different virus scanner, e.g. Trend micro online virusscanner:

http://housecall.trendmicro.com/
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 25016813
I hope all is well with this guy...MobilePCDR. However, I would like to know how it all turned out. I've been in his/her position and that's why I offered my comments.
 
Naerwen
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question