Solved

SQL Server Hijacked or Infected

Posted on 2014-10-29
3
127 Views
Last Modified: 2015-02-05
I have a customer with an SBS 2003 server. A couple days ago they started experienced huge traffic increases on the network, so much so that their ISP called and wanted to know what was going on. Accessing the server remotely was really really slow so I could tell there was a lot of traffic.

I used the Sonicwall logs to narrow down the traffic to the SBS server on HTTP and UDP 1434. I installed process explorer and tcpview and watched everything for a while and determined that the issue is coming from the SQL server components. I turned off ALL SQL components on the server and the issue stopped within minutes.

Now I'm stuck - we need SQL for our time clock and back office database software. I'm not familiar enough with SQL to begin to try and find the cause of this issue. I've blocked outgoing port 1434 UDP on the firewall for now but have not reactivated the SQL. We've scanned the server with Sophos and with Malwarebytes and nothing comes up.

Any thoughts? Places to start?
0
Comment
Question by:srnowacki
3 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 40410990
If you are local, you could try one of the many Rescue boot CDs.
Checkout Hirensbootcd.org for the BitDender Recuse CD
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 40410999
Are these 3rd party systems?  

If so do you have everything patched and up to date?  

1434 is a well known SQL port for the sql server browser.

Maybe disable that service (as it's not needed to run sql server) and re-enable the sql server itself?
0
 
LVL 3

Expert Comment

by:prequel_server
ID: 40417413
" time clock and back office database software"
-do you have a support contact for the above software?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question