Solved

SQL Server Hijacked or Infected

Posted on 2014-10-29
3
122 Views
Last Modified: 2015-02-05
I have a customer with an SBS 2003 server. A couple days ago they started experienced huge traffic increases on the network, so much so that their ISP called and wanted to know what was going on. Accessing the server remotely was really really slow so I could tell there was a lot of traffic.

I used the Sonicwall logs to narrow down the traffic to the SBS server on HTTP and UDP 1434. I installed process explorer and tcpview and watched everything for a while and determined that the issue is coming from the SQL server components. I turned off ALL SQL components on the server and the issue stopped within minutes.

Now I'm stuck - we need SQL for our time clock and back office database software. I'm not familiar enough with SQL to begin to try and find the cause of this issue. I've blocked outgoing port 1434 UDP on the firewall for now but have not reactivated the SQL. We've scanned the server with Sophos and with Malwarebytes and nothing comes up.

Any thoughts? Places to start?
0
Comment
Question by:srnowacki
3 Comments
 
LVL 17

Expert Comment

by:pjam
ID: 40410990
If you are local, you could try one of the many Rescue boot CDs.
Checkout Hirensbootcd.org for the BitDender Recuse CD
0
 
LVL 40

Accepted Solution

by:
Kyle Abrahams earned 500 total points
ID: 40410999
Are these 3rd party systems?  

If so do you have everything patched and up to date?  

1434 is a well known SQL port for the sql server browser.

Maybe disable that service (as it's not needed to run sql server) and re-enable the sql server itself?
0
 
LVL 3

Expert Comment

by:prequel_server
ID: 40417413
" time clock and back office database software"
-do you have a support contact for the above software?
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now