With apologies if this is an old topic revisited:
Last night I wrapped up a painful struggle against a pernicious infection on a SQL Server machine (running Windows 2003 Server and SQL Server 2000).
I'm not ready to declare victory, but the tide has turned and for now at least I'm able to shift some attention away from direct combat and toward understanding causes and effects of my failure.
I have a number of files that were being called to instantiate/re-instantiate the malware.
Some of those files are non-compiled scripts, which I can review pretty easily.
Some of these are compiled .exe files.
Interestingly, none of the tools I used -- including Malwarebytes, Kaspersky and Symantec -- identify these executables as viruses. Since I know these files were being instantiated by the intruders, I find that unsettling. Furthermore, I can see these .exe files reaching out to IP addresses that have nothing to do with the server's purpose.
At any rate, I'm wondering if anyone knows of a service that can analyze compiled executables and determine what they're doing / attempting to do.
If not, I'll try to do something with a virtual machine. But I'm not an expert and ... I guess I'm wondering if such a person/group/service exists either to do the testing or a resource to advise somebody who may want to do such testing.
Edited by smccain, 21 February 2014 - 11:31 AM.