Solved

Infection or Bug?

Posted on 2009-06-30
5
343 Views
Last Modified: 2012-05-07
Hello,

I have a server running Server 2003 Standard that I manage.  The company also has a person who handles their rental software.  Ever since he took over, setup SQL on the server and has had login rights, the server has had two virus infections.  Now it's happening again, and what usually tips me off is there will be tons of cmd.exe in the task manager, and a cmd.exe error followed by a cacls.exe error that appears repeatedly.  Evertime I have done the clean, it pulls files out of the SQL directories.  I am starting to have my doubts as to whether or not it's truly been infected, or if SQL is causing a bug and maybe the anti-virus (Avast) is seeing SQL files as being suspicious.  Any help is greatly appreciated!

Anthony
0
Comment
Question by:MobilePCDR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 250 total points
ID: 24746084
First, insist that his login rights be revoked until the issue is resolved.
Second, , verify the copy of SQL he installed has a valid license and not some Vol Lic he stole from the last place he worked at. Again, insist on proof.
     - Not for nothin' ... but I've seen an XP Pro installation throw a "Rare Error" (<-- according to M$) that had a key that was on the "Blacklist".
Thirdly, run anti-virus and make sure the system is clean. Once you are certain there, make sure that you "do your homework" and understand what is being used SQL and the related applications ... and how it affects your AV configuration. Make the necessary configuration changes, if any. Every AV pack is different so make sure you are up to date on your knowledge with regards to your solution. Also, AT LEAST lookup the errors you are encountering and the alternative reasons why they may be occurring, so you have the information handy when asked.
 
Lastly, if it points to the "Fly by night" service provider, insist that he is released from his contract. If your leadership refuses, make sure you have covered your ass and have it documented.
 
This very thing was a hard learned lesson for me. All my best.
 
Naerwen
 
 
0
 
LVL 19

Expert Comment

by:deroode
ID: 24751897
A course of action could be the following:

Configure Avast to skip the SQL directories where it usually finds viruses

Then scan your system with a different virus scanner, e.g. Trend micro online virusscanner:

http://housecall.trendmicro.com/
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 25016813
I hope all is well with this guy...MobilePCDR. However, I would like to know how it all turned out. I've been in his/her position and that's why I offered my comments.
 
Naerwen
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question