Jump to content

SQLServer / Injector.VGR


Recommended Posts

"A threat (MSIL / Injector.VGR) was found in a file that the SQL Server Windows NT - 64 Bit application tried to access. The file was deleted".
I get this alert everytime. I scanned the system could not find any virus. What should I do?

Eset.jpg

Link to comment
Share on other sites

 


I updated the SQL to version CU 17 and changed the SA password, but the warnings still persist. For the warning to appear, I just restart the service.

Link to comment
Share on other sites

  • 4 weeks later...

Refer to this forum thread: https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/ . Looks like you have already reviewed it. As I posted there, note the following:

Quote

However, I would check the below  locations for presence of the files listed;

%SystemDrive% \ USERS \ xxxxx \ APPDATA \ ROAMING \ MICROSOFT \ WINDOWS \ START MENU \ PROGRAMS \ STARTUP \ MICROSOFT NET_FRAMEWORK.BAT
%SystemDrive% \ USERS \ xxxxx \ APPDATA \ ROAMING \ MICROSOFT \ GOOGLE \ CHROMEEXTENSIONS \ ADS \ HONEYADS \ EXUPD.EXE

First, make sure that LiveGrid protection is enabled. If this is the same malware, Eset should be able to detect and remove it.

It is possible this is a new variant and Eset's existing sig. is not detecting it. Also, the other instance of this was not specifically related to SQL Serrver Win NT.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Since the threat was created by sqlservr.exe, it's likely that there's a malicoous procedure stored in a database. I'd recommend dumping stored procedures and check if there is a suspicious one.

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...