Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SalesLogix Service not working after running ComboFix


  • Please log in to reply
No replies to this topic

#1 pjames

pjames

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 22 April 2010 - 12:45 PM

Hi all,

Hopefully, this is an appropriate forum for this topic... I have a few users who had malware on their PC's. Our Helpdesk used ComboFix to correct the problems. I have been able to duplicate the malware (installed it on another PC), and with the malware the SalesLogix service still functions. However, after running ComboFix, although the service is still running, it no longer does what it should.

The service is called SLXSystem. It is a blackbox, so I don't know exactly how it functions, but the functionality is this:

1. When a user is using SalesLogix, changes they make to the database are also written to text files called queue files.
2. The queue files are stored in C:\Docs and Settings\All users\Application Data\SalesLogix\Sync|QUEUEFiles.
3. The SLXSystem service scans that directory for files that have the appropriate name:
xxxxx-xxxxxxxxxx.qts_<servername>_<listeningPort>
I.E.- 100421-212847289.qts_ALA-SLX-003_1706
4. It then tries to find the server, ALA-SLX-003, and connects to the port, 1706, and copies the file there.
5. It then deletes the file from the source directory.

What happens now is ..... nothing. The files just sit there. They are not copied to the server, nor removed. I have tried "Repairing" the network connections, run winsockxpfix.exe, run the reg fixes recommended for the malware, un-installed/ reinstalled SalesLogix, run some TCP/IP fix routines, run the Windows command line system file checker (sfc.exe), and nothing has helped.

Also, I can ping the server and also connect using telnet to the port.

Kind of at the end of the rope here. Any ideas?

Thanks

Edited by pjames, 22 April 2010 - 12:47 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users