Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows2003 Root-kited i suspect

  • Please log in to reply
No replies to this topic

#1 David Keymel

David Keymel

  • Members
  • 4 posts
  • Local time:12:38 AM

Posted 15 June 2010 - 11:03 AM

Hello. I have a 2003 webserver running an ASP classic website. I believe this server has been compromised by a rootkit or other baddie. I do not know the best way to detect and remove this issue. I know that MBAM does not detect it. I am not sure what to do at this point, but i know customer data is at risk and this could be a very big problem.

The reason for the suspect is that in the database for the website we found a record modified to the following: "dkm may tin tao xoa hei" This translates to: "I believe he may remove dkm" according to google. We have been working to fight some strange behavior in the database since the weekend.

Thanks for any advice.

Edited by David Keymel, 15 June 2010 - 11:10 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users