Re: Infected with SQL worm HELPPPPPP
From: Hina Masud [MS] (Hina@online.microsoft.Net)
Date: 05/30/02
- Next message: Hina Masud [MS]: "RE: Delete login ID"
- Previous message: Hina Masud [MS]: "RE: SQL and Active Directory"
- In reply to: joe: "Re: Infected with SQL worm HELPPPPPP"
- Next in thread: joe: "Re: Infected with SQL worm HELPPPPPP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Hina@online.microsoft.Net (Hina Masud [MS]) Date: Thu, 30 May 2002 19:28:57 GMT
Hi Joe,
The way around this is to register your server using NT Admin account (windows authentication while logged into the
machine as admin) in Enterprise Manager that has admin rights on the SQL server, you should be able to connect, at
that point to your SQL server, you can go to security folder, logins, and double click on SA and change the SA
password to your preference and try to connect again using the new sa password.
Thank you
Hina Masud
Microsoft
Disclaimer:
This posting is provided AS IS with no warranties, and confers no rights.
Are you secure? For information about the Microsoft Strategic Technology
Protection Program and to order your FREE Security Tool Kit, please visit
http://www.microsoft.com/security.
--------------------
-Content-Class: urn:content-classes:message
-From: "joe" <jgonzalez@hsconstructors.com>
-Sender: "joe" <jgonzalez@hsconstructors.com>
-References: <65ac01c20272$3f5b4ab0$37ef2ecf@TKMSFTNGXA13> <#BSclrnACHA.2540@tkmsftngp05>
-Subject: Re: Infected with SQL worm HELPPPPPP
-Date: Thu, 23 May 2002 10:11:09 -0700
-Lines: 50
-Message-ID: <662501c2027c$d50c7980$37ef2ecf@TKMSFTNGXA13>
-MIME-Version: 1.0
-Content-Type: text/plain;
- charset="iso-8859-1"
-Content-Transfer-Encoding: 7bit
-X-Newsreader: Microsoft CDO for Windows 2000
-X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
-Thread-Index: AcICfNUMi3GcCgN9Ri2fgdoxzoe+ng==
-Newsgroups: microsoft.public.sqlserver.security
-NNTP-Posting-Host: TKMSFTNGXA13 10.201.226.41
-Path: cpmsftngxa08!cpmsftngxa07
-Xref: cpmsftngxa08 microsoft.public.sqlserver.security:5996
-X-Tomcat-NG: microsoft.public.sqlserver.security
-
-Ok.. I have contacted the vender and they are in the
-process of sending me a patch. Here's my problem. I can
-not access the server. It continues to give me this
-message "A connection could not be
-established "servername" login failed." whenever i click
-on the server name.
-I am assuming that this because this particuler worm has
-changed my password to sa. This in turn does not allow
-me to login. So, how do i gain control of this server?
-How do i change the password? ahhhhhh..going nuts here.
-
-
->-----Original Message-----
->Do you have any control over this software? Have you
-ensured that the
->connectivity that allowed the infection to occur in the
-first place no
->longer exists? (i.e. you've firewalled off ports 1434
-and 1433 at a bare
->minimum)
->
->Connecting as sa,null is incredibly dangerous. If you
-have control over the
->software, fix it today to connect with a different
-password. If the
->software was provided by a vendor be in touch with them
-now for a patch --
->competent professionals will be aware of the risk
-they've put you in and
->gladly provide you a patch.
->
->Now to get off my soapbox and answer your question. :-)
-See the thread
->today titled "sa password" for password-changing
-instructions.
->
->Beth
->
->
->"joe" <jgonzalez@hsconstructors.com> wrote in message
->news:65ac01c20272$3f5b4ab0$37ef2ecf@TKMSFTNGXA13...
->> ok...so..my sql is infected. I deleted all the files
->> that the security resource mentioned on the Symantec
->> website. Now, my problem is how do i reset my password
->> to Null (because my software requires that to be)? I
->> need some help bad.
->
->
->.
->
-
- Next message: Hina Masud [MS]: "RE: Delete login ID"
- Previous message: Hina Masud [MS]: "RE: SQL and Active Directory"
- In reply to: joe: "Re: Infected with SQL worm HELPPPPPP"
- Next in thread: joe: "Re: Infected with SQL worm HELPPPPPP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
