Computer in the Cmd.exe Ftp.exe secretly run the solution _ virus killing
Source: Internet
Author: User
Some days ago even the machine also out of this problem! It's a headache! Use a few anti-virus software such as: NOD32, Rising, McAfee, etc. are useless! Only McAfee detected two file EQ and TT found under System32, but when cleared, it will be generated automatically in a few minutes! Always have no hair completely clear!
After using Trojan Kill guest v5.31 View the network status, found that 1433 traffic is very large! 1433 is not the default port for SQL Server? Indicates that someone is connecting to my database (there are slqserver2000 for temporary testing), Also found that the Ftp.exe process is accessing a remote computer's port, do not know what to download! I guess it's not a good thing! It looks like my machine is being monitored! What to do? Turn off Ftp.exe and cmd.exe after two processes! It was not long before it was automatically opened again! But I found that the time was not the rule of open! Sometimes it's called, and sometimes it's a long time before it happens again! It seems to have been manually executed by others! Think about it carefully! It seems that the problem is on the SQL Server, to the Internet to check the relevant information, and finally notice the stored procedure on the xp_cmdshell, online data explained:
xp_cmdshell operating system command shell. This procedure is an extended stored procedure that executes the specified command string and returns any output as a line of text.
In general, xp_cmdshell is also unnecessary for administrators, xp_cmdshell elimination will not cause the server
Any influence.
xp_cmdshell can be eliminated:
Use Master
Exec sp_dropextendedproc N ' xp_cmdshell '
Go
If necessary, you can return the xp_cmdshell:
Use Master
Exec sp_addextendedproc n ' xp_cmdshell ', n ' xplog70.dll '
Go
Experience
It is best to eliminate the server's xp_cmdshell storage process.
And then shut it off! Oh.... Then use the Trojan kill the guest to view the network status! Ha.. 1433 port is also more normal, and Ftp.exe and Cmd.exe have never appeared! It seems that the problem is indeed in the security settings Ah! Post this experience, hope to encounter the same problem friends can have a reference!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
