Microsoft
Software
Hardware
Network
Question : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Hello Experts:
One of my servers starting acting up, I noticed in task manager that the processes were high...
I run malwarebytes and see things like "backdoor.bot" and "termservhack.dll" !!! (approx 15 items)
So I immediately look at "remote" on advanced properties of machine and both remotes are checked, (they were not before)
So I then open up users.... and discover I have approx 15 new loacl admins on my sql server !!!
some were named "123$" or "admin123$" , some were "xiaotian" or "yang$" !!! , I immediately resolve these issues, and while I'm runnin malwarebytes on a full scan I notice --
"C:\Program Files\Badu" -- I go to that folder and see an internet shortcut to
http://www.17guagua.com/
which appears to be a teenage music site, but in chinese... can I translate it somehow?
my question is this -- What is Badu and what were these (kids) doing? Did they turn my server into some kind of music relay?
Answer : Ive been hacked, want to know why Badu, 17guagua.com on my server...
Could be deeper stuff there.
Run Hitmanpro as well
http://www.surfright.nl/en
/hitmanpro
Random Solutions
Port Forwarding over Draytek VPN - help needed
Microsoft Access: Creating a payment system.
select where last digits
SQL in C# code .. Reading Output Parameters.
Is this BIOS-setting correct?
Outlook in "safe mode"
excel vba to save worksheet as mht file
Identifying SqlServer file
PHP form -- thank you message display on same page
Silently remove registry key value at logon