"Juan" wrote:
DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory
by default.
http://www.databasejournal.com/featu...0894_3313201_2
Administering SQL Server 2000 Desktop Engine (MSDE 2000)
http://msdn.microsoft.com/library/de...ar_ts_2jfm.asp
A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html
---------------------------------------------------------------
"Prescott" escribió en el mensaje
...
After a finding out that my system was compromised throgh DCOM I disabled
it
both through the registry and downloaded the decombulate tool to verify I
had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first
clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my event
log I
found this DCOMSCM, only had arrive into my services (despite my attempts
to
disble DCOM) this appeared as being a neccsary service, I changed that and
disabled it.
Being beyond paranoid at this point I need to clarify that this was not
part
of one of updates I have installed in the last day.
Thankyou for your answer. For the time being
disabling the SQL server and removing a new and unaccounted for .dll
has appeared to resolve my problem..for know.
I wish I could be more confident that, my problems
are over. But,every time I feel I've licked this
intruder, they manage to find a new way in because
I am technically challenged. I think the only way
I will ever be free of this worry is to find out
whose doing this.
I have read in my research that commands can be stored in
the SQL server. Is there any way to read those commands?
Is it possible that those commands might hold information
that might help me identify whose doing this?