MySql been constantly attacked by Trojan:Win32/Detplock

I am having a problem with this Trojan:Win32/Detplock constantly messing up my MySql and my client sever application that receives UDP data from datalogger devices on my Windows server I cleaned out the trojan re-installed my MySql but within a few days the infection re-appears and my application software stops receiving data from my data loggers can someone help.
Trevor_CAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
You've found the destination, now find the source.
Run the Microsoft Safety Scanner on all PC's that can connect to the msqsl server
0
MysidiaCommented:
Detplock seems to be a Microsoft security essentials designation.  For a threat without specific understood symptoms.

I would suggest you examine more closely if a simple restart fixes the issue:  are you certain there is a malware issue and the SQL install is being broken?    It would be highly unusual for malware  to interfere for mySQL server operations,  or break a server;  usually malware is designed to operate covertly.

Perhaps your malware scanning tool is breaking things;  or it may be registering a false positive  (Detecting a critical SQL binary as malware,  that is not malware).

I would suggest scan a known clean version of the binaries being identified on another machine; to ensure you do not have a false positive.

If you have verified this is not a false positive from your scanning tool;    I would recommend you treat this as persistent (non-removable) malware threat,   meaning it may have made any number of configuration changes to ensure it can re-infect  after cleaned out;   the industry best practice is to rebuild the server and affected computers,  with clean software images,  restore database data from backup,  and ensure the server is fully updated.

Then review threat mitigation procedures  throuhout the environment;  including  making sure no-execute bit features are enabled in the system BIOS  use of EMET Mitigation tool,
review of Windows firewall settings,   antimalware/antivirus,  application whitelisting,
and ensuring that users are not browsing the web on servers,  and  users other than the network admin team do not have local admin access on any client computers or servers.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Trevor_CAuthor Commented:
Please see attached results of antivirus scan
anitivirus.PNG
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.