W2K netstat detects port 1433 is listenning but fport does NOT..., can't start mission critical sql server !!!
From: SammyBar (sammybar_at_gmail.com)
Date: Fri, 14 Oct 2005 13:20:19 -0500
I have a problem with my Sql Server 2000 server. A malware captured the 1433
port when we restarted the SQL Server service. Now we have some users (that
uses TCP/IP to connect to the server instead named pipes) that can not
access to the server. The server is mission critical, can not be reset until
midnight to eliminate the virus. We want to kill the malware process but we
can not get the process id of the malware. We tryed with fport last version
downloaded from Foundstone but it does't lists the 1433 port as being in
use. But netstat -an clearly shows the 1433 port is listening. The Sql
Server Log says it could not be binded to 1433. So is it possible fport
fails to detect a process? Which other way can I use to detect the process
id of the malware apart of fport?
Thanks in advance