1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Looks like I'm hacked.. Suggestions please..

Discussion in 'Plesk for Windows - 8.x and Older' started by LithiuM, Mar 1, 2004.

  1. LithiuM

    LithiuM Guest

    0
     
    Hello Today I noticed a vbs file at my c: directory it seems like its downloading a file lsasvc.exe from a website.

    When I search lsasvc.exe at server I found 2 files.One of them is under system32 and the other one of them is under a user accounts> documents and settings>desktop directory which I beleive belong to a hacker.

    I googled but could not find anything about lsasvc.exe.
    If someone help I'll be appreciated.
     
  2. lawyer@

    lawyer@ Guest

    0
     
    They are two ways:
    install latest anti virus software like Norton anti virus,
    or terminate all running lsasvc.exe, erase lsasvc.exe from disks and all records from registry
     
  3. LithiuM

    LithiuM Guest

    0
     
    Thank you for your reply.

    But after I posted here, I found a directory under system32 folder which contains netcat and some other stuff.
    Also netcat is currently running on my box.:(

    I am now trying to find an expert to determine and secure the box before I delete them cause if directly delete them I think he can upload and run them again same way.
     
  4. AdamF

    AdamF Guest

    0
     
    You probably suffered from the unpatch sql server that plesk installs. You should patch that up. To be safe you should also reinstall the whole box and start again. You have no idea what has been installed and where.

    Adam F
     
  5. MattR@

    MattR@ Guest

    0
     
    Is there any more info on this? Will Windows Update patch that? Fixed in 6.5.1??
     
  6. AdamF

    AdamF Guest

    0
     
    Do a search I have posted about this before. Windows Update doesn't patch it. You need to run a sql server patch. I would advise using microsoft baseline util.
     
  7. MattR@

    MattR@ Guest

    0
     
    Just heard SP2 Is out today to resolve this, we're patching now.
     
  8. AdamF

    AdamF Guest

    0
     
    SP2 for Plesk? If so tell me how you get on.
     
  9. MattR@

    MattR@ Guest

    0
     
    Will do, Datacentre is actually doing it, I felt better leaving it with the Plesk guru there, I'll let you know how we make out.
     
  10. AdamF

    AdamF Guest

    0
     
    I can't see details of the patch in the readme file so I would recommend that you still check using m$ baseline.

    AdamF
     
  11. PaulC

    PaulC Regular Pleskian

    24
    57%
    Joined:
    Aug 5, 2001
    Messages:
    192
    Likes Received:
    0
    The patch does not install the SQL server fix, but at the last step is does suggest that this should be installed if it is needed, along with a URL to the download.
     
  12. siren@

    siren@ Guest

    0
     
    TRy running the patch on the SQL server. The MSDE version of SQL installed actually is patched.

    I verified this by version and attempting to install three different patches which stated they were already there. That was from a fresh install and update of 6.5.1

    I haven't checked on 6.5 and don't plan to.
     
  13. AdamF

    AdamF Guest

    0
     
    Hey Larry,

    I wonder if PLESK has updated the install package. The version we had definatly wasn't patched when installed with plesk. I still recommend people run Microsoft BaseLine to double check everything is fine.

    AdamF
     
Loading...