Delete the SQL process with security issues. It is comprehensive. Everything is safe!
The permission to corrupt shell, registry, and COM components is deleted.
Ms SQL Server2000
Log on to the query analyzer using a system account
Run the following script:
Use master
Exec sp_dropextendedproc 'xp _ export shell'
Exec sp_dropextendedproc 'xp _ enumgroups'
Exec sp_dropextendedproc 'xp _ loginconfig'
Exec sp_dropextendedproc 'xp _ enumerrorlogs'
Exec sp_dropextendedproc 'xp _ getfiledetails'
Exec sp_dropextendedproc 'SP _ oacreate'
Exec sp_dropextendedproc 'SP _ oadestroy'
Exec sp_dropextendedproc 'SP _ oageterrorinfo'
Exec sp_dropextendedproc 'SP _ oagetproperties'
Exec sp_dropextendedproc 'SP _ oamethod'
Exec sp_dropextendedproc 'SP _ oasetproperties'
Exec sp_dropextendedproc 'SP _ oastop'
Exec sp_dropextendedproc 'xp _ regaddmultistring'
Exec sp_dropextendedproc 'xp _ regdeletekey'
Exec sp_dropextendedproc 'xp _ regdeletevalue'
Exec sp_dropextendedproc 'xp _ regenumvalues'
Exec sp_dropextendedproc 'xp _ regremovemultistring'
Exec sp_dropextendedproc 'xp _ regwrite'
Drop procedure sp_makewebtask
Go
Delete all dangerous extensions:
Exec sp_dropextendedproc 'xp _ export shell' [after this extension is deleted, the database cannot be remotely connected]
The following three stored procedures will be used when SQL Server recovers the backup. Do not delete them unless necessary.
# Exec sp_dropextendedproc 'xp _ dirtree '[after this extension is deleted, the database cannot be created or attached]
# Exec sp_dropextendedproc 'xp _ regread '[restore the database after deleting this extension]
# Exec sp_dropextendedproc 'xp _ fixeddrives '[The database cannot be restored after this extension is deleted]
Recovery script
Use master
Exec sp_addextendedproc xp_cmdshell, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumgroups, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_loginconfig, @ dllname = 'loglog70. dll'
Exec sp_addextendedproc xp_enumerrorlogs, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_getfiledetails, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc sp_oacreate, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oadestroy, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oageterrorinfo, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oagetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oamethod, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oasetproperty, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc sp_oastop, @ dllname = 'odsole70. dll'
Exec sp_addextendedproc xp_regaddmultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletekey, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regdeletevalue, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regenumvalues, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regremovemultistring, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regwrite, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_dirtree, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_regread, @ dllname = 'xpstar. dll'
Exec sp_addextendedproc xp_fixeddrives, @ dllname = 'xpstar. dll'
Go
Copy all to "SQL query analyzer"
Click -- "query" -- "execute" on the menu to delete the SQL process with security issues.