• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Looks like I'm hacked.. Suggestions please..

L

LithiuM

Guest
Hello Today I noticed a vbs file at my c: directory it seems like its downloading a file lsasvc.exe from a website.

When I search lsasvc.exe at server I found 2 files.One of them is under system32 and the other one of them is under a user accounts> documents and settings>desktop directory which I beleive belong to a hacker.

I googled but could not find anything about lsasvc.exe.
If someone help I'll be appreciated.
 
They are two ways:
install latest anti virus software like Norton anti virus,
or terminate all running lsasvc.exe, erase lsasvc.exe from disks and all records from registry
 
Thank you for your reply.

But after I posted here, I found a directory under system32 folder which contains netcat and some other stuff.
Also netcat is currently running on my box.:(

I am now trying to find an expert to determine and secure the box before I delete them cause if directly delete them I think he can upload and run them again same way.
 
You probably suffered from the unpatch sql server that plesk installs. You should patch that up. To be safe you should also reinstall the whole box and start again. You have no idea what has been installed and where.

Adam F
 
Is there any more info on this? Will Windows Update patch that? Fixed in 6.5.1??
 
Do a search I have posted about this before. Windows Update doesn't patch it. You need to run a sql server patch. I would advise using microsoft baseline util.
 
Just heard SP2 Is out today to resolve this, we're patching now.
 
Will do, Datacentre is actually doing it, I felt better leaving it with the Plesk guru there, I'll let you know how we make out.
 
I can't see details of the patch in the readme file so I would recommend that you still check using m$ baseline.

AdamF
 
The patch does not install the SQL server fix, but at the last step is does suggest that this should be installed if it is needed, along with a URL to the download.
 
TRy running the patch on the SQL server. The MSDE version of SQL installed actually is patched.

I verified this by version and attempting to install three different patches which stated they were already there. That was from a fresh install and update of 6.5.1

I haven't checked on 6.5 and don't plan to.
 
Hey Larry,

I wonder if PLESK has updated the install package. The version we had definatly wasn't patched when installed with plesk. I still recommend people run Microsoft BaseLine to double check everything is fine.

AdamF
 
You must log in or register to reply here.

Similar threads

J
Question Curl failed: error setting certificate verify locations
Replies
1
Views
2K
UFHH01
U
J
Question Curl failed: error setting certificate verify locations
Replies
0
Views
2K
Jawad
J
Peter Kleemann
Resolved .php4 Extension gets download php-file not executed by apache
Replies
1
Views
1K
Peter Kleemann
Peter Kleemann
V
Google PageSpeed Insights – How to optimize your site to rank higher
Replies
1
Views
4K
Andrew Roy
Andrew Roy
A
Resolved Suddenly started with odd behavior and 401 errors last week
Replies
19
Views
3K
UFHH01
U
Back
Top