Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/14/05
- Previous message: Gina Hernandez: "PASSWORD PROTECTED TABLE"
- In reply to: SammyBar: "W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Next in thread: Steven L Umbach: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Oct 2005 17:18:11 -0400
From: "SammyBar" <sammybar@gmail.com>
| Hi all,
|
| I have a problem with my Sql Server 2000 server. A malware captured the 1433
| port when we restarted the SQL Server service. Now we have some users (that
| uses TCP/IP to connect to the server instead named pipes) that can not
| access to the server. The server is mission critical, can not be reset until
| midnight to eliminate the virus. We want to kill the malware process but we
| can not get the process id of the malware. We tryed with fport last version
| downloaded from Foundstone but it does't lists the 1433 port as being in
| use. But netstat -an clearly shows the 1433 port is listening. The Sql
| Server Log says it could not be binded to 1433. So is it possible fport
| fails to detect a process? Which other way can I use to detect the process
| id of the malware apart of fport?
|
| Thanks in advance
| Sammy
|
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kasperski and McAfee Anti Virus Command Line
Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site. The choices are;
Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Previous message: Gina Hernandez: "PASSWORD PROTECTED TABLE"
- In reply to: SammyBar: "W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Next in thread: Steven L Umbach: "Re: W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
