What is Logon Process Name:DCOMSCM

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

After a finding out that my system was compromised throgh DCOM I disabled it
both through the registry and downloaded the decombulate tool to verify I had
done it corrrectly.
I also downloaded the beta scanner that microsoft has it was the first clue
that despite my efforts whoever is doing this was back it picked up 2
registry entries that it classified as suspicious in checking my event log I
found this DCOMSCM, only had arrive into my services (despite my attempts to
disble DCOM) this appeared as being a neccsary service, I changed that and
disabled it.

Being beyond paranoid at this point I need to clarify that this was not part
of one of updates I have installed in the last day.
 
DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory
by default.
http://www.databasejournal.com/features/mssql/article.php/10894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html
 
Juan said:
DCOMSCM - The COM-component, is used to manage / administer an SQL Server
instance and its services state checking. dcomscm - The dcomscm utility is
installed to the \Program Files\Microsoft SQL Server\80\Tools\Binn directory
by default.
http://www.databasejournal.com/features/mssql/article.php/10894_3313201_2

Administering SQL Server 2000 Desktop Engine (MSDE 2000)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/architec/8_ar_ts_2jfm.asp

A case of hijack; details and preventive measures.
http://www.mcse.ms/archive114-2004-6-804487.html

---------------------------------------------------------------




Thankyou for your answer. For the time being
Click to expand...
disabling the SQL server and removing a new and unaccounted for .dll
has appeared to resolve my problem..for know.

I wish I could be more confident that, my problems
are over. But,every time I feel I've licked this
intruder, they manage to find a new way in because
I am technically challenged. I think the only way
I will ever be free of this worry is to find out
whose doing this.

I have read in my research that commands can be stored in
the SQL server. Is there any way to read those commands?
Is it possible that those commands might hold information
that might help me identify whose doing this?
 
Prescott, unfortunately I am totally illiterate when it comes to SQL Server,
but I've found Tons of info regarding the subject, you can look in the
following link which I thought as relevant to your case, but you can google
search for different combinarions of a SQL Server search, no doubt you
will find lots of information.

Welcome to SQLSecurity.com
http://www.sqlsecurity.com/DesktopDefault.aspx

http://www.google.com.mx/search?hl=es&q=Is+there+any+way+to+read+commands+in
+SQL+Server%3F&btnG=B%C3%BAsqueda+en+Google&meta=

Administering SQL Server Overview
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad
_adminovw_7f3m.asp

regards.

--------------------------------------
 
Back
Top