07-05-2005, 12:00 PM
|
|
Newbie
|
|
Join Date: Jun 2005
Posts: 8
|
|
How to remove "hscan.exe"
Hello,
I have a Server with EV1 and yesterday I got one Abuse mail from them that my Server is Compromised.
I have checked the current running programs through Taskmanager and I can find that "Hscan.exe" is running on my Server.
I have stopped it and again it will come. After that EV1 support people remove it from registery.
But now today that hscan.exe is running.
So Please tell me how to remove this "hscan.exe" from my Server??
Expecting everybodys reply.
Anilktm
|
07-05-2005, 12:17 PM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,625
|
|
Sounds like you are running windows and you are hacked. Most likely though an unpatched exploit. My suggestion is getting a reload and securing the server properly the first time.
|
07-05-2005, 12:28 PM
|
|
Newbie
|
|
Join Date: Jun 2005
Posts: 8
|
|
Can anybody help me how to remove this hscan.exe from my Win Server.
Aniktms
|
07-05-2005, 12:34 PM
|
|
Community Liaison 2.0
|
|
Join Date: Nov 2002
Location: WebHostingTalk
Posts: 8,674
|
|
Quote:
Originally posted by anilktm
Can anybody help me how to remove this hscan.exe from my Win Server.
Aniktms
|
You got the best answer you're going to get from thelinuxguy... he knows his stuff.
Sirius
|
07-05-2005, 12:45 PM
|
|
Retired Moderator
|
|
Join Date: Sep 2004
Location: Flint, Michigan
Posts: 5,768
|
|
Quote:
Originally posted by anilktm
Can anybody help me how to remove this hscan.exe from my Win Server.
Aniktms
|
Right click on the file and delete it 
In all seriousness, your server has been compromised, the only way to fix your problem is to have a fresh OS image put on the machine, otherwise you will be back here in another two weeks asking the same question again.
|
07-05-2005, 12:54 PM
|
|
Newbie
|
|
Join Date: Jun 2005
Posts: 8
|
|
Thanks everybodys reply.
I think this is the fault of EV1 right?
If so, then why they are not suggest me to reload with new OS. They asked me to hire a Good Server Admin for trouble shooting this. They are providing only UNmanaged Servers. I think this is some business relation between EV1 & Server Admins...
|
07-05-2005, 12:56 PM
|
|
Retired Moderator
|
|
Join Date: Sep 2004
Location: Flint, Michigan
Posts: 5,768
|
|
This is your fault for not securing your server.
If you don't lock the door to your house at night and a person breaks in, you don't blame the people that built your door do you?
This is no business between EV1 and server admins.
EV1 offers unmanaged servers, meaning security and updates are supposed to be taken care of by you in some way or another. Either you need to be on top of it, or you need to hire somebody else to take care of it. If you want the company you purchase your machine from to do this for you, you should be purchasing a "managed" server which will cost more.
You really should have done more reasearch before purchasing a machine =/
|
07-05-2005, 01:11 PM
|
|
Community Liaison 2.0
|
|
Join Date: Nov 2002
Location: WebHostingTalk
Posts: 8,674
|
|
Quote:
Originally posted by anilktm
Thanks everybodys reply.
I think this is the fault of EV1 right?
If so, then why they are not suggest me to reload with new OS. They asked me to hire a Good Server Admin for trouble shooting this. They are providing only UNmanaged Servers. I think this is some business relation between EV1 & Server Admins...
|
Nada. You're playing with big boy toys now... and with that, comes responsibility.
You are responsible for your data and keeping it secure. EV1 is there to ensure that you server hardware is available and that the network is available. You are responsible for everything else.
Like has been said, get an OS reload and have a professional secure your server.
Sirius
|
07-05-2005, 01:21 PM
|
|
Retired Moderator
|
|
Join Date: Jan 2003
Posts: 9,000
|
|
For Windows, it's actually easier to clean out of trojans than Linux. I have done both and windows is no doubt easier. The fact that Windows is closed sourced is a blessing. It is actually possible to clean out a Windows system from most common trojans.
If you want, i can see if I can remove the backdoor for you. My 4th July good deed : )
|
07-05-2005, 02:06 PM
|
|
Community Liaison 2.0
|
|
Join Date: Nov 2002
Location: WebHostingTalk
Posts: 8,674
|
|
Quote:
Originally posted by sprintserve
If you want, i can see if I can remove the backdoor for you. My 4th July good deed : )
|
Although a good deed, you are leaving the thread starter open to further attacks. By providing a band aid (removing the trojan) the thread starter is likely going to do nothing else and will just be compromised again.
My .02
Sirius
P.S. Never let a good deed go unpunished. 
|
07-05-2005, 02:46 PM
|
|
Aspiring Evangelist
|
|
Join Date: Jun 2004
Posts: 372
|
|
|
07-05-2005, 02:52 PM
|
|
Managed Hosting Expert
|
|
Join Date: Jan 2004
Location: North Yorkshire, UK
Posts: 4,163
|
|
Either get the box completely reloaded, or hire a professional Windows admin to fix the box for you.
I have to second what sprintserve said, it is pretty easy to clear a Windows exploit if you know what you're doing, as there is really nowhere for it to hide...
You should remember though that server security is an ongoing thing, and if you don't know what you're doing yourself, hire someone professional to do it for you - or this will happen again and again...
__________________
█ Dan Kitchen | Technical Director | Razorblue
█ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
█ UK Intensive Managed Hosting, Clusters and Colocation.
█ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).
|
07-06-2005, 04:14 AM
|
|
Web Hosting Guru
|
|
Join Date: Feb 2005
Posts: 334
|
|
depends on the exploit. I've seen some that were a right pain to remove.
|
07-06-2005, 04:36 AM
|
|
Web Hosting Evangelist
|
|
Join Date: Mar 2002
Location: UK
Posts: 458
|
|
Whether it is cheaper for you to have an OS reinstall and re-add all of your data, or to hire a professional experienced in removing Windows "malware", depends on how easy it will be to re-add all your data and how much this costs you in revenue etc.
This chap knows a lot about Win malware removal: www.blong.com (but he operates commercially).
__________________
Chris at TDMWeb.com
Windows & Linux hosting and fully managed dedicated servers with great customer service!
UK-based but serving the world...
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
