I ran Enterprise manager, but I could not get into my
server. It said that it was not running or to check '
the config, which is fine and is Windows Only Authentication.
Here is the weird and scary part. ZoneAlarm had an alert
at the same time. The alert was asking for Management Console
to use USERINIT.EXE to access 192.5.6.30DNS.
This resolves to a.gtld-servers.net which is part of Verisign.
I refused this outbound access and kept retrying to get into
my server in Enterprise. No luck. I then decided to go ahead
and give outbound access. Next time I tried to get into
my server I was able to.
Does anyone know what's up?
I figured that maybe I should change all my logins?
But, does this show that there is a breach of my system?
There has been another odd thing where WSCRIPT.EXE has
been asking for access to DNS servers. That I keep blocked.
I am pretty sure that is a trojan, but do you think this is this related ?
Thanks for any advice.
FoxAs a very first step -- scan your computer for virus or Trojans, I think you
may have a serious exploit on your hands.
Steve
"Fox" <fox @. connexions .net> wrote in message
news:e9HspB2wDHA.2408@.tk2msftngp13.phx.gbl...
quote:|||I have already scanned several times and have come up with nothing.
> Hi,
> I ran Enterprise manager, but I could not get into my
> server. It said that it was not running or to check '
> the config, which is fine and is Windows Only Authentication.
> Here is the weird and scary part. ZoneAlarm had an alert
> at the same time. The alert was asking for Management Console
> to use USERINIT.EXE to access 192.5.6.30DNS.
> This resolves to a.gtld-servers.net which is part of Verisign.
> I refused this outbound access and kept retrying to get into
> my server in Enterprise. No luck. I then decided to go ahead
> and give outbound access. Next time I tried to get into
> my server I was able to.
> Does anyone know what's up?
> I figured that maybe I should change all my logins?
> But, does this show that there is a breach of my system?
> There has been another odd thing where WSCRIPT.EXE has
> been asking for access to DNS servers. That I keep blocked.
> I am pretty sure that is a trojan, but do you think this is this related ?
> Thanks for any advice.
> Fox
>
I changed all logins related to admin.
A few weeks ago I found entries in my firewall to allow 3 IPs
access. I saw them in there once before and deleted them.
This time I block them entirely from access. It seems I've been
playing a cat and mouse game for a while. But I cannot find
the source and a re-install is out of the question. There were
a few other things that happend earlier this year. I don't
know what to do next to try to find the source of this.
Regards,
Fox
"Steve Thompson" <SteveThompson@.nomail.please> wrote in message
news:eZcXtC$wDHA.3116@.TK2MSFTNGP11.phx.gbl...
quote:
> As a very first step -- scan your computer for virus or Trojans, I think
you
quote:|||What are you using as a firewall?
> may have a serious exploit on your hands.
> Steve
>
> "Fox" <fox @. connexions .net> wrote in message
> news:e9HspB2wDHA.2408@.tk2msftngp13.phx.gbl...
?[QUOTE]
>
Is this a "live" SQL Server on the internet?
What type of applications are connecting to this Server?
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
No comments:
Post a Comment