A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

What is Logon Process Name:DCOMSCM



 
 
Thread Tools Display Modes
  #1  
Old February 19th 06, 08:55 PM posted to microsoft.public.windowsxp.security_admin
external usenet poster
 
Posts: n/a
Default What is Logon Process Name:DCOMSCM

After a finding out that my system was compromised throgh DCOM I disabled it
both through the registry and downloaded the decombulate tool to verify I had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my event log I
found this DCOMSCM, only had arrive into my services (despite my attempts to
disble DCOM) this appeared as being a neccsary service, I changed that and
disabled it.

Being beyond paranoid at this point I need to clarify that this was not part
of one of updates I have installed in the last day.

Ads
  #2  
Old February 23rd 06, 07:45 AM posted to microsoft.public.windowsxp.security_admin
external usenet poster
 
Posts: n/a
Default What is Logon Process Name:DCOMSCM

DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory
by default.
http://www.databasejournal.com/featu...0894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)
http://msdn.microsoft.com/library/de...ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html

---------------------------------------------------------------

"Prescott" escribió en el mensaje
...
After a finding out that my system was compromised throgh DCOM I disabled

it
both through the registry and downloaded the decombulate tool to verify I

had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first

clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my event

log I
found this DCOMSCM, only had arrive into my services (despite my attempts

to
disble DCOM) this appeared as being a neccsary service, I changed that and
disabled it.

Being beyond paranoid at this point I need to clarify that this was not

part
of one of updates I have installed in the last day.







  #3  
Old February 24th 06, 10:45 PM posted to microsoft.public.windowsxp.security_admin
external usenet poster
 
Posts: n/a
Default What is Logon Process Name:DCOMSCM



"Juan" wrote:

DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory
by default.
http://www.databasejournal.com/featu...0894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)
http://msdn.microsoft.com/library/de...ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html

---------------------------------------------------------------

"Prescott" escribió en el mensaje
...
After a finding out that my system was compromised throgh DCOM I disabled

it
both through the registry and downloaded the decombulate tool to verify I

had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first

clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my event

log I
found this DCOMSCM, only had arrive into my services (despite my attempts

to
disble DCOM) this appeared as being a neccsary service, I changed that and
disabled it.

Being beyond paranoid at this point I need to clarify that this was not

part
of one of updates I have installed in the last day.



Thankyou for your answer. For the time being

disabling the SQL server and removing a new and unaccounted for .dll
has appeared to resolve my problem..for know.

I wish I could be more confident that, my problems
are over. But,every time I feel I've licked this
intruder, they manage to find a new way in because
I am technically challenged. I think the only way
I will ever be free of this worry is to find out
whose doing this.

I have read in my research that commands can be stored in
the SQL server. Is there any way to read those commands?
Is it possible that those commands might hold information
that might help me identify whose doing this?







  #4  
Old February 25th 06, 01:50 AM posted to microsoft.public.windowsxp.security_admin
external usenet poster
 
Posts: n/a
Default What is Logon Process Name:DCOMSCM

Prescott, unfortunately I am totally illiterate when it comes to SQL Server,
but I've found Tons of info regarding the subject, you can look in the
following link which I thought as relevant to your case, but you can google
search for different combinarions of a SQL Server search, no doubt you
will find lots of information.

Welcome to SQLSecurity.com
http://www.sqlsecurity.com/DesktopDefault.aspx

http://www.google.com.mx/search?hl=e...+commands+i n
+SQL+Server%3F&btnG=B%C3%BAsqueda+en+Google&meta=

Administering SQL Server Overview
http://msdn.microsoft.com/library/de...us/adminsql/ad
_adminovw_7f3m.asp

regards.

--------------------------------------
"Prescott" escribió en el mensaje
...


"Juan" wrote:

DCOMSCM - The COM-component, is used to manage / administer an SQL

Server
instance and its services state checking. dcomscm - The dcomscm utility

is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn

directory
by default.

http://www.databasejournal.com/featu...0894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)

http://msdn.microsoft.com/library/de...us/architec/8_
ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html

---------------------------------------------------------------

"Prescott" escribió en el mensaje
...
After a finding out that my system was compromised throgh DCOM I

disabled
it
both through the registry and downloaded the decombulate tool to

verify I
had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first

clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my

event
log I
found this DCOMSCM, only had arrive into my services (despite my

attempts
to
disble DCOM) this appeared as being a neccsary service, I changed that

and
disabled it.

Being beyond paranoid at this point I need to clarify that this was

not
part
of one of updates I have installed in the last day.



Thankyou for your answer. For the time being

disabling the SQL server and removing a new and unaccounted for .dll
has appeared to resolve my problem..for know.

I wish I could be more confident that, my problems
are over. But,every time I feel I've licked this
intruder, they manage to find a new way in because
I am technically challenged. I think the only way
I will ever be free of this worry is to find out
whose doing this.

I have read in my research that commands can be stored in
the SQL server. Is there any way to read those commands?
Is it possible that those commands might hold information
that might help me identify whose doing this?











  #5  
Old January 11th 08, 11:26 PM posted to microsoft.public.windowsxp.security_admin
sintakta
external usenet poster
 
Posts: 1
Default What is Logon Process Name:DCOMSCM


Well, in my Linux box I noticed I had that type of attack...I checked
and That come fron D.O.D. Department of Defence, Orlando, U.S.A.
I am afraid the only good thing you can do to yourself and that little
of freedom you might want to get back in Your country is to get Windows
off your sistem. It' s like to have a spy at home. I noticed, when I was
still a spied windows user, that not only I was always full of viruses
but even that my system was directly connecting to the Department of
defence of U.S.A. which is for mr a foreign country as I am European.
Next day I formatted and passed to Linux. Now Linux is as user friendly
as Windows. Yet it can keep those liberty takers away from my computer.
Now, You Free Americans, please, help your selves and the world, taking
those murderers of your own blood away from you , us and the Galaxy.
Windows works for the nazi secret gov. Wanna have your ass spied? Just
lough and keep on using it. Probably there must have been people
laughing and thinking Awshwitz wasn't true if they ever heard of it
...not too long ago. You MUST understand you are not leaving in a free
country NOW. Me neither, (Italy) no metter if Right or left goes
on...The OWNERS are yet the same. Using Windows though you make damn
easy though...c'mon wake up! Knoledge will set you free!


--
sintakta
------------------------------------------------------------------------
sintakta's Profile: http://forums.techarena.in/member.php?userid=39411
View this thread: http://forums.techarena.in/showthread.php?t=463830

http://forums.techarena.in

 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
STOP C000021 - Windows Logon System Process terminated unexpectedly KJS Windows XP Help and Support 1 January 31st 06 08:27 AM
How do you change the logon background in Windows XP (once a user timB Customizing Windows XP 3 January 27th 06 07:51 PM
Logon process slow Emyeu General XP issues or comments 1 October 21st 05 01:24 PM
Logon process Emyeu General XP issues or comments 0 October 20th 05 04:55 PM
explorer only works if I rename it Dave Sell General XP issues or comments 7 June 3rd 05 01:33 PM






All times are GMT +1. The time now is 06:25 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.