Last night, our SQL 2000's SQL services were turned off - along with the
Backup Exec Service. This is on a Windows 2000 Server.
It hasn't been patched in about 2 months (there were 3 critical updates that
needed to be installed).
In looking at the Windows Services, I found a very strange service (my
thought is this server was hacked and something got installed):
There is a service running called security manager (Note the letter S and M
are not capitalized).
The description is "Provides Microsoft server security to the complete
system"
It runs the following executable: C:\WINNT\System32\Scmn.exe
I have never seen this service before and do not see it on any of my other
Windows machines (2000, 2003, or XP). I can't find anything from Google or
symantec or mcafee.
I have stopped this service and patched the server - I am curious if anyone
else has had this problem.
Thank you in advance,
TRDon't think it's a normal service. Is the exe in the
location the service points to? Probably not. You can try
using the tlist utility to get more information on the
service. Using process explorer from sysinternals can help
get more information as well. You can download it from:
www.sysinternals.com
You'd also want to check what services are listening on what
ports to check for anything out of the ordinary.
-Sue
On Thu, 14 Oct 2004 17:14:41 -0400, "Timothy Ross"
<ross_timothy@.hotmail.com> wrote:
>Last night, our SQL 2000's SQL services were turned off - along with the
>Backup Exec Service. This is on a Windows 2000 Server.
>It hasn't been patched in about 2 months (there were 3 critical updates that
>needed to be installed).
>In looking at the Windows Services, I found a very strange service (my
>thought is this server was hacked and something got installed):
>There is a service running called security manager (Note the letter S and M
>are not capitalized).
>The description is "Provides Microsoft server security to the complete
>system"
>It runs the following executable: C:\WINNT\System32\Scmn.exe
>I have never seen this service before and do not see it on any of my other
>Windows machines (2000, 2003, or XP). I can't find anything from Google or
>symantec or mcafee.
>I have stopped this service and patched the server - I am curious if anyone
>else has had this problem.
>Thank you in advance,
>TR
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment