Solved

Infection or Bug?

Posted on 2009-06-30
5
338 Views
Last Modified: 2012-05-07
Hello,

I have a server running Server 2003 Standard that I manage.  The company also has a person who handles their rental software.  Ever since he took over, setup SQL on the server and has had login rights, the server has had two virus infections.  Now it's happening again, and what usually tips me off is there will be tons of cmd.exe in the task manager, and a cmd.exe error followed by a cacls.exe error that appears repeatedly.  Evertime I have done the clean, it pulls files out of the SQL directories.  I am starting to have my doubts as to whether or not it's truly been infected, or if SQL is causing a bug and maybe the anti-virus (Avast) is seeing SQL files as being suspicious.  Any help is greatly appreciated!

Anthony
0
Comment
Question by:MobilePCDR
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Naerwen earned 250 total points
Comment Utility
First, insist that his login rights be revoked until the issue is resolved.
Second, , verify the copy of SQL he installed has a valid license and not some Vol Lic he stole from the last place he worked at. Again, insist on proof.
     - Not for nothin' ... but I've seen an XP Pro installation throw a "Rare Error" (<-- according to M$) that had a key that was on the "Blacklist".
Thirdly, run anti-virus and make sure the system is clean. Once you are certain there, make sure that you "do your homework" and understand what is being used SQL and the related applications ... and how it affects your AV configuration. Make the necessary configuration changes, if any. Every AV pack is different so make sure you are up to date on your knowledge with regards to your solution. Also, AT LEAST lookup the errors you are encountering and the alternative reasons why they may be occurring, so you have the information handy when asked.
 
Lastly, if it points to the "Fly by night" service provider, insist that he is released from his contract. If your leadership refuses, make sure you have covered your ass and have it documented.
 
This very thing was a hard learned lesson for me. All my best.
 
Naerwen
 
 
0
 
LVL 19

Expert Comment

by:deroode
Comment Utility
A course of action could be the following:

Configure Avast to skip the SQL directories where it usually finds viruses

Then scan your system with a different virus scanner, e.g. Trend micro online virusscanner:

http://housecall.trendmicro.com/
0
 
LVL 1

Expert Comment

by:Naerwen
Comment Utility
I hope all is well with this guy...MobilePCDR. However, I would like to know how it all turned out. I've been in his/her position and that's why I offered my comments.
 
Naerwen
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now