D99_Tmp table in the database is found to be a common method for hackers to attack SQL Server, the first method is to execute the master extended storage process xp_mongoshell command to destroy the database, for the sake of database security, it is best to disable xp_cmdShell.
Xp_cmdshell allows the system administrator to execute the specified command string in the operating system command line interpreter,
And returns any output in the form of text lines. It is a very powerful extended storage process.
In general, xp_mongoshell is not necessary for the Administrator. The elimination of xp_mongoshell will not cause the Server
Any impact.
You can remove xp_cmdshell:
Use Master
Exec sp_dropextendedproc N 'xp _ export shell'
Go
If necessary, you can restore xp_mongoshell back:
Use Master
Exec sp_addextendedproc N 'xp _ cmdshell', n'xp log70. dll'
Go
If your database has two tables, D99_Tmp or D99_cmd, you can rest assured.
It indicates that this is the cainiao who downloaded software and maliciously attacked SQL SERVER.
Su.exe (a hacker software that promotes permissions) and D99_tmp (subdirectory, depth, and file fields, all of which contain website Files And Directories ).