Blaster Worm.... I think

[David Sampson]

for over a year I have been dealing with, what I think, is the Blaster Worm
on my machine.

The symptom I experience is that when ever I activate ms sql server... after
a few minutes sqlserver begins taking over my outbound internet connection.
eventually I can't get anything coming in or out.

When I open up Task Manager I can see sqlmangr.exe taking over my CPU, using
up 100% of my CPU time.

The only way I know of to get out of this state is to reboot and not
activate SQL Server... which makes it impossible to do any development on
this machine.

I have run blasterfix.exe (I think that is what it is called). I have
scanned my machine with the software suggested by microsoft by Symantec and
3 other 3rd parties. One displayed a msg box saying it found the worm and
deleted it. None of the other 3 scan's indicated finding anything. So.... I
rebooted, thinking that it was finally gone, but after starting sqlserver
again the symptoms returned.

I even reinstalled my operating system a few months ago (for a different
reason) and unintalled and reinstalled sql server.... but this symptom
remains.

Any thoughts or suggestions???

David

 

[Dave]

have you scanned only for blaster or do you have an up to date full virus
scanner? have you run scans for adware and spyware? is this machine
exposed to the internet directly or behind a firewall? sqlmangr i don't
think is the sql server itself, it is the interface that allows starting and
stopping the server, but on my older system it is named sqlmgr.exe, now
maybe they have changed the name but it makes me suspicious of it to start
with. and blaster was an rpc exploit, wasn't it 'slammer' that was the sql
worm??

 

[David Sampson]

You are right... Blaster was not the one with which I was dealing.

It turned out to be the slammer... or W32.SQLExp.

I have a full anti virus software running on my machine (but it never found
this one)... although I AM exposed to the internet (not behind a firewall).

After all this time I finally found the problem. All I needed (apparently)
was to install the 3 Service Packs available for SQL Server. After doing
that I have not experienced any of the symptoms from before. I made sure my
Windows 2000 had all of it's service packs... but for some reason I never
thought about the sql server service packs.

Thanks
David

 

[Marina Roos [SBS-MVP]]

Hi David,

Go to www.shavlik.com and get hfnetchk. This will check not only for OS
updates, but also for IIS, Exchange, IE and SQL.