Microsoft
Software
Hardware
Network
Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Hello Experts:
One of my servers starting acting up, I noticed in task manager that the processes were high...
I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)
So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)
So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!
some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --
"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to
http://www.17guagua.com/
which appears to be a teenage music site, but in chinese... can I translate it somehow?
my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?
Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en
/hitmanpro
Random Solutions
GETDATE and GETUTCDATE does not exist in MySQL
Convert XenServer xva to VMware Server.
How do create a Windows batch script to start a service and set to automatic
My Computer/ Explorer Not responding Windows XP
Why do I have Duplicate Folders in Outlook 2007 using Exchange Server?
Crosstab Query To Excel - Number Format
Is this html markup flexible enough to accomodate various designs?
Windows 7 with 2000 Domain
VPN between SSG 20 and RVO42 does not come up. "ERROR: Peer did not send a proxy id"
navigation bumps down in ie