Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SQL Server Hijacked or Infected

Posted on 2014-10-29
3
126 Views
Last Modified: 2015-02-05
I have a customer with an SBS 2003 server. A couple days ago they started experienced huge traffic increases on the network, so much so that their ISP called and wanted to know what was going on. Accessing the server remotely was really really slow so I could tell there was a lot of traffic.

I used the Sonicwall logs to narrow down the traffic to the SBS server on HTTP and UDP 1434. I installed process explorer and tcpview and watched everything for a while and determined that the issue is coming from the SQL server components. I turned off ALL SQL components on the server and the issue stopped within minutes.

Now I'm stuck - we need SQL for our time clock and back office database software. I'm not familiar enough with SQL to begin to try and find the cause of this issue. I've blocked outgoing port 1434 UDP on the firewall for now but have not reactivated the SQL. We've scanned the server with Sophos and with Malwarebytes and nothing comes up.

Any thoughts? Places to start?
0
Comment
Question by:srnowacki
3 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 40410990
If you are local, you could try one of the many Rescue boot CDs.
Checkout Hirensbootcd.org for the BitDender Recuse CD
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 40410999
Are these 3rd party systems?  

If so do you have everything patched and up to date?  

1434 is a well known SQL port for the sql server browser.

Maybe disable that service (as it's not needed to run sql server) and re-enable the sql server itself?
0
 
LVL 3

Expert Comment

by:prequel_server
ID: 40417413
" time clock and back office database software"
-do you have a support contact for the above software?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how the fundamental information of how to create a table.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question