How to scan and remove virus in SQL Tables

  • morten-908506

    Mr or Mrs. 500

    Points: 506

    Hi.

    I have a website on my server that is infected with virus. If the users goes in it download virus to visitors PC.

    I think it has got there in the first place because of some bad programming in our CMS system (that i know little about)

    My question is: Does anyone know a good tool to scan SQL databases for viruses? I have tried Norton and Mcaffe but cant see if it actually check inside the tables of SQL.

    CAn anyone recoment a good one that we could use. If no free versions available we are happy for a comersial version that is not to expensive 🙂

    Kind Regards

    Morten

  • jason_brown

    SSC Enthusiast

    Points: 158

    As far as I'm aware this cannot be done with any AV scanner

    - what type/name of virus are you trying to remove?

  • DNA_DBA

    SSCertifiable

    Points: 7833

    Where are you seeing the virus? Is it when they access the website or when they download something that is stored in the database? Can you extract the documents from the database to scan them?

  • morten-908506

    Mr or Mrs. 500

    Points: 506

    Hi

    You see the virus when you enter the website. You dont even have to download.

    I open the site and i get virus warning on my PC and the PC can not remove it.

    There are 2 viruses

    JS/Fox.A

    Trojan-Downloader.JS.Iframe.wh

    I just have no idea how to get it out as it seems to be stored in SQL or that a line has been added somewhere to a link that download the viruses.

    So I am a little stuck on where to look

    Any help would be appreciated

    Kind Regards

    Morten

  • hilld

    SSC Enthusiast

    Points: 123

    I had to fix one of these for a client. The virus got in via SQL injection from the website. The only artifact in the SQL database was HTML code in a text field. The HTML code contained a script call to a URL to the virus code on a computer with a .cn address. Check the column values to see if any HTML is in columns where it should not be.

  • morten-908506

    Mr or Mrs. 500

    Points: 506

    Hi

    Thanks. I will have a look at that.

    Does that mean that we have a potential bad code in our CMS to allow sql injections? or would it more be settings on the Server/rights etc..

    Running IIS5 and Win2000

    Kind Regards

    Morten

  • steveb.

    SSC-Forever

    Points: 46733

    morten (10/15/2008)


    Hi

    Thanks. I will have a look at that.

    Does that mean that we have a potential bad code in our CMS to allow sql injections? or would it more be settings on the Server/rights etc..

    Running IIS5 and Win2000

    Kind Regards

    Morten

    This would definitely mean that you have bad code in the website, I am guessing that you are using dynamic SQL to access the database. This should be changed as soon as possible to use stored procedures or paramatized queries.

  • Bijal Parekh

    Mr or Mrs. 500

    Points: 575

    Hi,

    There is also a software called DotDefender which can be used as well

    http://applicure.com/?page=dotDefender

  • morten-908506

    Mr or Mrs. 500

    Points: 506

    Hi Grasshopper.

    Thanks 🙂

    That was just what I was looking for.

    Of course I still need to find the hole but this will help me I think to deal with the situation and prevent it in the future.

    Thanks alot

    Regards

    Morten

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply