Solved

Infection or Bug?

Posted on 2009-06-30
5
344 Views
Last Modified: 2012-05-07
Hello,

I have a server running Server 2003 Standard that I manage.  The company also has a person who handles their rental software.  Ever since he took over, setup SQL on the server and has had login rights, the server has had two virus infections.  Now it's happening again, and what usually tips me off is there will be tons of cmd.exe in the task manager, and a cmd.exe error followed by a cacls.exe error that appears repeatedly.  Evertime I have done the clean, it pulls files out of the SQL directories.  I am starting to have my doubts as to whether or not it's truly been infected, or if SQL is causing a bug and maybe the anti-virus (Avast) is seeing SQL files as being suspicious.  Any help is greatly appreciated!

Anthony
0
Comment
Question by:MobilePCDR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 250 total points
ID: 24746084
First, insist that his login rights be revoked until the issue is resolved.
Second, , verify the copy of SQL he installed has a valid license and not some Vol Lic he stole from the last place he worked at. Again, insist on proof.
     - Not for nothin' ... but I've seen an XP Pro installation throw a "Rare Error" (<-- according to M$) that had a key that was on the "Blacklist".
Thirdly, run anti-virus and make sure the system is clean. Once you are certain there, make sure that you "do your homework" and understand what is being used SQL and the related applications ... and how it affects your AV configuration. Make the necessary configuration changes, if any. Every AV pack is different so make sure you are up to date on your knowledge with regards to your solution. Also, AT LEAST lookup the errors you are encountering and the alternative reasons why they may be occurring, so you have the information handy when asked.
 
Lastly, if it points to the "Fly by night" service provider, insist that he is released from his contract. If your leadership refuses, make sure you have covered your ass and have it documented.
 
This very thing was a hard learned lesson for me. All my best.
 
Naerwen
 
 
0
 
LVL 19

Expert Comment

by:deroode
ID: 24751897
A course of action could be the following:

Configure Avast to skip the SQL directories where it usually finds viruses

Then scan your system with a different virus scanner, e.g. Trend micro online virusscanner:

http://housecall.trendmicro.com/
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 25016813
I hope all is well with this guy...MobilePCDR. However, I would like to know how it all turned out. I've been in his/her position and that's why I offered my comments.
 
Naerwen
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Learn about cloud computing and its benefits for small business owners.
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question