Results 1 to 6 of 6

Thread: How to test SQL server infected with Trojan horse

  1. #1
    Join Date
    Feb 2010
    Posts
    570

    How to test SQL server infected with Trojan horse

    Hi all,

    My SQL Server is not running properly recently? No, I do not mean we will certainly encounter the usual problems of databases and operating systems. What I mean is, i experienced slow response to the server, unstable movements, heavy burden on the network, or server processing or memory utilization of straight up? I experience that Trojan horse on my system. When i find that my database server, a strange phenomenon took place, before i spend countless hours trying to resolve the problem before the application or the database will first run the test to see if infected with a Trojan virus. But not succeed. Please suggest some test about Trojan horse in SQl server. Thanks in advance.

  2. #2
    Join Date
    May 2008
    Posts
    2,389

    How to test SQL server infected with Trojan horse

    If you need real-time protection of resources too much, then would your databases and other high activity in real-time scanning to exclude a directory outside the bar. Otherwise, at least, you have to install anti-virus software, and then every few days, to find a non-peak time to scan the local disk. If you're already running anti-virus software, then make sure that it is the latest and those based on the client-side automatic signature updates and network management is not a hundred percent reliable, and the implementation of a full system scan. Do not be afraid to install and use other vendors of software - especially when it relates to the time spyware protection. All the best.

  3. #3
    Join Date
    May 2008
    Posts
    2,945

    How to test SQL server infected with Trojan horse

    You can use the Windows Task Manager to search for those who appear to belong to malicious software, or using too much memory or CPU time occupied by a large number of applications. I suggest that you use Sysinternals's Process Explorer , because it provides more information on running processes, and more reliable way to kill those who should not be process. You need to understanding of your database - which includes records which process should be run and what should not. So, if you have first installed a good baseline - and even now, assume that all things are running very well - When a Trojan type of problem, you can use it as your basis for comparison. All the best.

  4. #4
    Join Date
    Jan 2006
    Posts
    3,792

    How to test SQL server infected with Trojan horse

    Perhaps your SQL Server to determine whether there had been malicious behavior in the easiest way is to see if it was network communications. If you have a very handy network analyzer, then you can be found in 1,2 minutes the situation. You can use SQL Server's own portable analyzer, or elsewhere, to connect to your Ethernet switch or mirror port on the exchange. I prefer EtherPeek network analyzer, it can be, like, like most other analyzers to capture and out of your SQL Server package. As shown below, some running in the TCP port 12345 (usually the Trojan NetBus port) traffic was found. Check and reply

  5. #5
    Join Date
    May 2008
    Posts
    3,516

    Re: How to test SQL server infected with Trojan horse

    In this crawl process network traffic you can actually create your own network analysis triggers and filters, if you know what to look for words. Here is a list of common ports of Troy and related to the fine. This method was found malicious traffic is not very safe, because the port number can be changed frequently, but it's a server is a good goal. You can "monitor" mode Ether Peek, it is happening on the network there is an overall top-down perspective - without the need to grab bag. You can see which protocol is being used to find the huge flow of strange communications, and other network access to your SQL Server system tendency. Check and reply.

  6. #6
    Join Date
    Apr 2008
    Posts
    3,424

    How to test SQL server infected with Trojan horse

    Trojan horse is a computer to create a repulsive - it creates a remote access tunnel, intercepted keys, delete data, etc. much more - especially in your most important servers. Obviously, the best way is to do your SQL Server for Internet access, Web browsing, e-mail such acts. However, this is unrealistic. You may need it eventually not only as a database server. Once there such a thing, you will need to make sure you are being protected. Do not pass the buck to other people, or any other thing, Troy is not running on their systems. Regardless of the manner in which, never assume that your anti-virus software can guarantee that you foolproof. All the best.

Similar Threads

  1. Trojan Horse PSW.online infected
    By Theodore Long in forum AntiVirus Software
    Replies: 1
    Last Post: 04-08-2010, 12:48 PM
  2. Atapi.sys infected Trojan Horse Packed.Protector.C
    By Carmine in forum Networking & Security
    Replies: 4
    Last Post: 29-03-2010, 09:08 PM
  3. Infected by Trojan Horse: BackDoor-EJY
    By Karsenman in forum Networking & Security
    Replies: 4
    Last Post: 06-01-2010, 02:59 PM
  4. Infected by Trojan horse
    By Asgar in forum Networking & Security
    Replies: 3
    Last Post: 05-11-2008, 01:50 PM
  5. PC is infected Trojan horse Generic10.VPD. Help me ...
    By Kirmiac in forum Networking & Security
    Replies: 2
    Last Post: 20-05-2008, 03:26 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,614,132.55604 seconds with 17 queries