Jump to content

SQLServer / Injector.VGR


Recommended Posts

"A threat (MSIL / Injector.VGR) was found in a file that the SQL Server Windows NT - 64 Bit application tried to access. The file was deleted".
I get this alert everytime. I scanned the system could not find any virus. What should I do?

Eset.jpg

Link to comment
Share on other sites

 


I updated the SQL to version CU 17 and changed the SA password, but the warnings still persist. For the warning to appear, I just restart the service.

Link to comment
Share on other sites

  • 4 weeks later...

Refer to this forum thread: https://forum.eset.com/topic/28522-dotnet-msil-injectorvgr/ . Looks like you have already reviewed it. As I posted there, note the following:

Quote

However, I would check the below  locations for presence of the files listed;

%SystemDrive% \ USERS \ xxxxx \ APPDATA \ ROAMING \ MICROSOFT \ WINDOWS \ START MENU \ PROGRAMS \ STARTUP \ MICROSOFT NET_FRAMEWORK.BAT
%SystemDrive% \ USERS \ xxxxx \ APPDATA \ ROAMING \ MICROSOFT \ GOOGLE \ CHROMEEXTENSIONS \ ADS \ HONEYADS \ EXUPD.EXE

First, make sure that LiveGrid protection is enabled. If this is the same malware, Eset should be able to detect and remove it.

It is possible this is a new variant and Eset's existing sig. is not detecting it. Also, the other instance of this was not specifically related to SQL Serrver Win NT.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Since the threat was created by sqlservr.exe, it's likely that there's a malicoous procedure stored in a database. I'd recommend dumping stored procedures and check if there is a suspicious one.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...