• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Looks like I'm hacked.. Suggestions please..

L

LithiuM

Guest
Hello Today I noticed a vbs file at my c: directory it seems like its downloading a file lsasvc.exe from a website.

When I search lsasvc.exe at server I found 2 files.One of them is under system32 and the other one of them is under a user accounts> documents and settings>desktop directory which I beleive belong to a hacker.

I googled but could not find anything about lsasvc.exe.
If someone help I'll be appreciated.
 
They are two ways:
install latest anti virus software like Norton anti virus,
or terminate all running lsasvc.exe, erase lsasvc.exe from disks and all records from registry
 
Thank you for your reply.

But after I posted here, I found a directory under system32 folder which contains netcat and some other stuff.
Also netcat is currently running on my box.:(

I am now trying to find an expert to determine and secure the box before I delete them cause if directly delete them I think he can upload and run them again same way.
 
You probably suffered from the unpatch sql server that plesk installs. You should patch that up. To be safe you should also reinstall the whole box and start again. You have no idea what has been installed and where.

Adam F
 
Is there any more info on this? Will Windows Update patch that? Fixed in 6.5.1??
 
Do a search I have posted about this before. Windows Update doesn't patch it. You need to run a sql server patch. I would advise using microsoft baseline util.
 
Just heard SP2 Is out today to resolve this, we're patching now.
 
Will do, Datacentre is actually doing it, I felt better leaving it with the Plesk guru there, I'll let you know how we make out.
 
I can't see details of the patch in the readme file so I would recommend that you still check using m$ baseline.

AdamF
 
The patch does not install the SQL server fix, but at the last step is does suggest that this should be installed if it is needed, along with a URL to the download.
 
TRy running the patch on the SQL server. The MSDE version of SQL installed actually is patched.

I verified this by version and attempting to install three different patches which stated they were already there. That was from a fresh install and update of 6.5.1

I haven't checked on 6.5 and don't plan to.
 
Hey Larry,

I wonder if PLESK has updated the install package. The version we had definatly wasn't patched when installed with plesk. I still recommend people run Microsoft BaseLine to double check everything is fine.

AdamF
 
You must log in or register to reply here.

Similar threads

G
Question archiving logs via a scheduled task
Replies
0
Views
2K
greybeard
G
S
Issue Slow client download speeds for large files
Replies
19
Views
3K
NbzSys
N
learning_curve
Resolved Permissions on some of the files packaged by Plesk are incorrect[ERROR] - Post 18.0.69 Upgrade
Replies
19
Views
1K
learning_curve
learning_curve
K
Question Error message during Plesk Updates “Warning: install PAM module not successed” (PAMConfig.confset.PAMServiceError: system-auth)
Replies
2
Views
2K
johnrdorazio
J
J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
3K
Peter Debik
P
Back
Top