Microsoft
Software
Hardware
Network
Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Hello Experts:
One of my servers starting acting up, I noticed in task manager that the processes were high...
I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)
So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)
So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!
some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --
"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to
http://www.17guagua.com/
which appears to be a teenage music site, but in chinese... can I translate it somehow?
my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?
Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en
/hitmanpro
Random Solutions
what does this javascript code do?
Email address policy exchange 2010
Listen to calls on Asterisk
Cisco QOS to prioritize voice
Problem with Silverlight Animation -- cannot resolve targetname
How to retrieve and Entities Form or View Metadata
Windows XP "Stored User Names and Passwords" disappear after restart
SQL mdf file attach error
BlazeDS RDS Setup Issues
Exchange 2010 Remote Connectivity, SMTP