Jump to content

Recommended Posts

Hi,

we have a dev web server at work that is infected by a virus. The file name I see is sqler.exe, and it locates itself in the Microsoft SQL Server\110\Shared folder. Even if I delete the folder, it will just comes back 5-10 minutes later. At first I believed it was actually related to SQL, but I noticed that deleting it has 0 impact on our SQL services whatsoever.

The virus seems to be some sort of Cryptocurrency miner as it's consuming a very high % of CPU (75+%) whenever it is running. If I kill it in Task Management, it will start again 5-10 minutes later.

We have run Malwarebytes but it does not detect anything, and I do not know which further step I should take to eliminate the file. Any help would be appreciated.

The server is running on Windows Server 2012 R2

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.