If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
What is Logon Process Name:DCOMSCM
After a finding out that my system was compromised throgh DCOM I disabled it
both through the registry and downloaded the decombulate tool to verify I had done it corrrectly. I also downloaded the beta scanner that microsoft has it was the first clue that despite my efforts whoever is doing this was back it picked up 2 registry entries that it classified as suspicious in checking my event log I found this DCOMSCM, only had arrive into my services (despite my attempts to disble DCOM) this appeared as being a neccsary service, I changed that and disabled it. Being beyond paranoid at this point I need to clarify that this was not part of one of updates I have installed in the last day. |
Ads |
#2
|
|||
|
|||
What is Logon Process Name:DCOMSCM
DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory by default. http://www.databasejournal.com/featu...0894_3313201_2 Administering SQL Server 2000 Desktop Engine (MSDE 2000) http://msdn.microsoft.com/library/de...ar_ts_2jfm.asp A case of hijack; details and preventive measures. http://www.mcse.ms/archive114-2004-6-804487.html --------------------------------------------------------------- "Prescott" escribió en el mensaje ... After a finding out that my system was compromised throgh DCOM I disabled it both through the registry and downloaded the decombulate tool to verify I had done it corrrectly. I also downloaded the beta scanner that microsoft has it was the first clue that despite my efforts whoever is doing this was back it picked up 2 registry entries that it classified as suspicious in checking my event log I found this DCOMSCM, only had arrive into my services (despite my attempts to disble DCOM) this appeared as being a neccsary service, I changed that and disabled it. Being beyond paranoid at this point I need to clarify that this was not part of one of updates I have installed in the last day. |
#3
|
|||
|
|||
What is Logon Process Name:DCOMSCM
"Juan" wrote: DCOMSCM - The COM-component, is used to manage / administer an SQL Server instance and its services state checking. dcomscm - The dcomscm utility is installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory by default. http://www.databasejournal.com/featu...0894_3313201_2 Administering SQL Server 2000 Desktop Engine (MSDE 2000) http://msdn.microsoft.com/library/de...ar_ts_2jfm.asp A case of hijack; details and preventive measures. http://www.mcse.ms/archive114-2004-6-804487.html --------------------------------------------------------------- "Prescott" escribió en el mensaje ... After a finding out that my system was compromised throgh DCOM I disabled it both through the registry and downloaded the decombulate tool to verify I had done it corrrectly. I also downloaded the beta scanner that microsoft has it was the first clue that despite my efforts whoever is doing this was back it picked up 2 registry entries that it classified as suspicious in checking my event log I found this DCOMSCM, only had arrive into my services (despite my attempts to disble DCOM) this appeared as being a neccsary service, I changed that and disabled it. Being beyond paranoid at this point I need to clarify that this was not part of one of updates I have installed in the last day. Thankyou for your answer. For the time being disabling the SQL server and removing a new and unaccounted for .dll has appeared to resolve my problem..for know. I wish I could be more confident that, my problems are over. But,every time I feel I've licked this intruder, they manage to find a new way in because I am technically challenged. I think the only way I will ever be free of this worry is to find out whose doing this. I have read in my research that commands can be stored in the SQL server. Is there any way to read those commands? Is it possible that those commands might hold information that might help me identify whose doing this? |
#4
|
|||
|
|||
What is Logon Process Name:DCOMSCM
Prescott, unfortunately I am totally illiterate when it comes to SQL Server,
but I've found Tons of info regarding the subject, you can look in the following link which I thought as relevant to your case, but you can google search for different combinarions of a SQL Server search, no doubt you will find lots of information. Welcome to SQLSecurity.com http://www.sqlsecurity.com/DesktopDefault.aspx http://www.google.com.mx/search?hl=e...+commands+i n +SQL+Server%3F&btnG=B%C3%BAsqueda+en+Google&meta= Administering SQL Server Overview http://msdn.microsoft.com/library/de...us/adminsql/ad _adminovw_7f3m.asp regards. -------------------------------------- "Prescott" escribió en el mensaje ... "Juan" wrote: DCOMSCM - The COM-component, is used to manage / administer an SQL Server instance and its services state checking. dcomscm - The dcomscm utility is installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory by default. http://www.databasejournal.com/featu...0894_3313201_2 Administering SQL Server 2000 Desktop Engine (MSDE 2000) http://msdn.microsoft.com/library/de...us/architec/8_ ar_ts_2jfm.asp A case of hijack; details and preventive measures. http://www.mcse.ms/archive114-2004-6-804487.html --------------------------------------------------------------- "Prescott" escribió en el mensaje ... After a finding out that my system was compromised throgh DCOM I disabled it both through the registry and downloaded the decombulate tool to verify I had done it corrrectly. I also downloaded the beta scanner that microsoft has it was the first clue that despite my efforts whoever is doing this was back it picked up 2 registry entries that it classified as suspicious in checking my event log I found this DCOMSCM, only had arrive into my services (despite my attempts to disble DCOM) this appeared as being a neccsary service, I changed that and disabled it. Being beyond paranoid at this point I need to clarify that this was not part of one of updates I have installed in the last day. Thankyou for your answer. For the time being disabling the SQL server and removing a new and unaccounted for .dll has appeared to resolve my problem..for know. I wish I could be more confident that, my problems are over. But,every time I feel I've licked this intruder, they manage to find a new way in because I am technically challenged. I think the only way I will ever be free of this worry is to find out whose doing this. I have read in my research that commands can be stored in the SQL server. Is there any way to read those commands? Is it possible that those commands might hold information that might help me identify whose doing this? |
#5
|
|||
|
|||
What is Logon Process Name:DCOMSCM
Well, in my Linux box I noticed I had that type of attack...I checked and That come fron D.O.D. Department of Defence, Orlando, U.S.A. I am afraid the only good thing you can do to yourself and that little of freedom you might want to get back in Your country is to get Windows off your sistem. It' s like to have a spy at home. I noticed, when I was still a spied windows user, that not only I was always full of viruses but even that my system was directly connecting to the Department of defence of U.S.A. which is for mr a foreign country as I am European. Next day I formatted and passed to Linux. Now Linux is as user friendly as Windows. Yet it can keep those liberty takers away from my computer. Now, You Free Americans, please, help your selves and the world, taking those murderers of your own blood away from you , us and the Galaxy. Windows works for the nazi secret gov. Wanna have your ass spied? Just lough and keep on using it. Probably there must have been people laughing and thinking Awshwitz wasn't true if they ever heard of it ...not too long ago. You MUST understand you are not leaving in a free country NOW. Me neither, (Italy) no metter if Right or left goes on...The OWNERS are yet the same. Using Windows though you make damn easy though...c'mon wake up! Knoledge will set you free! -- sintakta ------------------------------------------------------------------------ sintakta's Profile: http://forums.techarena.in/member.php?userid=39411 View this thread: http://forums.techarena.in/showthread.php?t=463830 http://forums.techarena.in |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
STOP C000021 - Windows Logon System Process terminated unexpectedly | KJS | Windows XP Help and Support | 1 | January 31st 06 08:27 AM |
How do you change the logon background in Windows XP (once a user | timB | Customizing Windows XP | 3 | January 27th 06 07:51 PM |
Logon process slow | Emyeu | General XP issues or comments | 1 | October 21st 05 01:24 PM |
Logon process | Emyeu | General XP issues or comments | 0 | October 20th 05 04:55 PM |
explorer only works if I rename it | Dave Sell | General XP issues or comments | 7 | June 3rd 05 01:33 PM |