Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...

Hello Experts:

One of my servers starting acting up, I noticed in task manager that the processes were high...

I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)

So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)

So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!

some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --

"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to

http://www.17guagua.com/

which appears to be a teenage music site, but in chinese... can I translate it somehow?

my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?

Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...

Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en/hitmanpro
Random Solutions  
 
programming4us programming4us