Microsoft
Software
Hardware
Network
Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Hello Experts:
One of my servers starting acting up, I noticed in task manager that the processes were high...
I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)
So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)
So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!
some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --
"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to
http://www.17guagua.com/
which appears to be a teenage music site, but in chinese... can I translate it somehow?
my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?
Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en
/hitmanpro
Random Solutions
How do I restore Admin Share (Admin$) to 50 workstations on a Win2003 domain?
Canon T1i and off camera wireless flash
Event ID 12293 Security -SPP Publishing key management service Error#0x8007232D
Error:Arithmetic overflow error converting varchar to data type numeric.
Removing Rootkit.Agent on Windows XP SP3 ComboFix log attached
javax.servlet.jsp.JspExcep
tion: Cannot retrieve definition for form bean null on action
Query not inserting rows into table
Microsoft Information Store stalling issues
setting text of a dynamic dom element using javascript
Major help is needed customizing the Windows 7 default user profile