Microsoft
Software
Hardware
Network
Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Hello Experts:
One of my servers starting acting up, I noticed in task manager that the processes were high...
I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)
So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)
So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!
some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --
"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to
http://www.17guagua.com/
which appears to be a teenage music site, but in chinese... can I translate it somehow?
my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?
Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en
/hitmanpro
Random Solutions
New mail user not showing up in GAL.
syslink Router
Terminal server 2008 R2 Pinned Taskbar Links
cisco softphone registration
GridView update is not grabbing the new data when Updating
How to set the backcolor of the entire gridview rows quickly +vb.net 2005
get latest file in the directory in unix
Can I copy a SQL agent job (2008) from one server to another?
Coookie not storing information
implementing aixpert on aix