MySql been constantly attacked by Trojan:Win32/Detplock

Posted on 2013-09-01
Medium Priority
Last Modified: 2013-12-25
I am having a problem with this Trojan:Win32/Detplock constantly messing up my MySql and my client sever application that receives UDP data from datalogger devices on my Windows server I cleaned out the trojan re-installed my MySql but within a few days the infection re-appears and my application software stops receiving data from my data loggers can someone help.
Question by:Trevor_C
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 39457408
You've found the destination, now find the source.
Run the Microsoft Safety Scanner on all PC's that can connect to the msqsl server
LVL 23

Accepted Solution

Mysidia earned 1500 total points
ID: 39457409
Detplock seems to be a Microsoft security essentials designation.  For a threat without specific understood symptoms.

I would suggest you examine more closely if a simple restart fixes the issue:  are you certain there is a malware issue and the SQL install is being broken?    It would be highly unusual for malware  to interfere for mySQL server operations,  or break a server;  usually malware is designed to operate covertly.

Perhaps your malware scanning tool is breaking things;  or it may be registering a false positive  (Detecting a critical SQL binary as malware,  that is not malware).

I would suggest scan a known clean version of the binaries being identified on another machine; to ensure you do not have a false positive.

If you have verified this is not a false positive from your scanning tool;    I would recommend you treat this as persistent (non-removable) malware threat,   meaning it may have made any number of configuration changes to ensure it can re-infect  after cleaned out;   the industry best practice is to rebuild the server and affected computers,  with clean software images,  restore database data from backup,  and ensure the server is fully updated.

Then review threat mitigation procedures  throuhout the environment;  including  making sure no-execute bit features are enabled in the system BIOS  use of EMET Mitigation tool,
review of Windows firewall settings,   antimalware/antivirus,  application whitelisting,
and ensuring that users are not browsing the web on servers,  and  users other than the network admin team do not have local admin access on any client computers or servers.

Author Comment

ID: 39457447
Please see attached results of antivirus scan

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question