Re: Could not get into server instance

From: Fox (_at_)
Date: 12/18/03 

Date: Thu, 18 Dec 2003 00:26:59 -0500

I have already scanned several times and have come up with nothing.
I changed all logins related to admin.

A few weeks ago I found entries in my firewall to allow 3 IPs
access. I saw them in there once before and deleted them.
This time I block them entirely from access. It seems I've been
playing a cat and mouse game for a while. But I cannot find
the source and a re-install is out of the question. There were
a few other things that happend earlier this year. I don't
know what to do next to try to find the source of this.

Regards,
Fox

"Steve Thompson" <SteveThompson@nomail.please> wrote in message
news:eZcXtC$wDHA.3116@TK2MSFTNGP11.phx.gbl...
> As a very first step -- scan your computer for virus or Trojans, I think
you
> may have a serious exploit on your hands.
>
> Steve
>
>
> "Fox" <fox @ connexions .net> wrote in message
> news:e9HspB2wDHA.2408@tk2msftngp13.phx.gbl...
> > Hi,
> >
> > I ran Enterprise manager, but I could not get into my
> > server. It said that it was not running or to check '
> > the config, which is fine and is Windows Only Authentication.
> >
> > Here is the weird and scary part. ZoneAlarm had an alert
> > at the same time. The alert was asking for Management Console
> > to use USERINIT.EXE to access 192.5.6.30DNS.
> > This resolves to a.gtld-servers.net which is part of Verisign.
> > I refused this outbound access and kept retrying to get into
> > my server in Enterprise. No luck. I then decided to go ahead
> > and give outbound access. Next time I tried to get into
> > my server I was able to.
> >
> > Does anyone know what's up?
> >
> > I figured that maybe I should change all my logins?
> > But, does this show that there is a breach of my system?
> >
> > There has been another odd thing where WSCRIPT.EXE has
> > been asking for access to DNS servers. That I keep blocked.
> > I am pretty sure that is a trojan, but do you think this is this related
?
> >
> > Thanks for any advice.
> > Fox
> >
> >
>
>

Relevant Pages

  • Re: Could not get into server instance
    ... As a very first step -- scan your computer for virus or Trojans, ... The alert was asking for Management Console ... > I refused this outbound access and kept retrying to get into ... > my server in Enterprise. ...
    (microsoft.public.sqlserver.security)
  • Could not get into server instance
    ... I ran Enterprise manager, but I could not get into my ... The alert was asking for Management Console ... I refused this outbound access and kept retrying to get into ... my server in Enterprise. ...
    (microsoft.public.sqlserver.security)
  • Re: 2 Critical Alerts since I added more RAM
    ... This newsgroup only focuses on SBS technical issues. ... Do you SBS server encounter any performance issue? ... The inetinfo.exe process uses lots of memory and memory usage continues to ... the allocating more memory than usual alert ...
    (microsoft.public.windows.server.sbs)
  • RE: SMTPSVC repeatedly times out along with RESvc, IISADMIN, and W
    ... alert of the inetinfo.exe process from the SBS 2003 server. ... You may safely ignore this alert. ... than the predefined threshold value. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 Critical Alerts since I added more RAM
    ... Do you SBS server encounter any performance issue? ... The inetinfo.exe process uses lots of memory and memory usage continues to ... This newsgroup only focuses on SBS technical issues. ... the allocating more memory than usual alert ...
    (microsoft.public.windows.server.sbs)