Thread: What is Logon Process Name:DCOMSCM
View Single Post
  #4  
Old February 25th 06, 12:50 AM posted to microsoft.public.windowsxp.security_admin
Juan
external usenet poster
  
Posts: n/a
Default What is Logon Process Name:DCOMSCM
Prescott, unfortunately I am totally illiterate when it comes to SQL Server,
but I've found Tons of info regarding the subject, you can look in the
following link which I thought as relevant to your case, but you can google
search for different combinarions of a SQL Server search, no doubt you
will find lots of information.

Welcome to SQLSecurity.com
http://www.sqlsecurity.com/DesktopDefault.aspx

http://www.google.com.mx/search?hl=e...+commands+i n
+SQL+Server%3F&btnG=B%C3%BAsqueda+en+Google&meta=

Administering SQL Server Overview
http://msdn.microsoft.com/library/de...us/adminsql/ad
_adminovw_7f3m.asp

regards.

--------------------------------------
"Prescott" escribió en el mensaje
...


"Juan" wrote:

DCOMSCM - The COM-component, is used to manage / administer an SQL
Server
instance and its services state checking. dcomscm - The dcomscm utility
is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn
directory
by default.

http://www.databasejournal.com/featu...0894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)

http://msdn.microsoft.com/library/de...us/architec/8_
ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html

---------------------------------------------------------------

"Prescott" escribió en el mensaje
...
After a finding out that my system was compromised throgh DCOM I
disabled
it
both through the registry and downloaded the decombulate tool to
verify I
had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first
clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my
event
log I
found this DCOMSCM, only had arrive into my services (despite my
attempts
to
disble DCOM) this appeared as being a neccsary service, I changed that
and
disabled it.

Being beyond paranoid at this point I need to clarify that this was
not
part
of one of updates I have installed in the last day.



Thankyou for your answer. For the time being
disabling the SQL server and removing a new and unaccounted for .dll
has appeared to resolve my problem..for know.

I wish I could be more confident that, my problems
are over. But,every time I feel I've licked this
intruder, they manage to find a new way in because
I am technically challenged. I think the only way
I will ever be free of this worry is to find out
whose doing this.

I have read in my research that commands can be stored in
the SQL server. Is there any way to read those commands?
Is it possible that those commands might hold information
that might help me identify whose doing this?
Ads