This problem happened to my machine a few days ago! It was a headache! Using several antivirus software such as NOD32, Rising, Mcafee, etc. is useless! Only Mcafee found two files eq and tt found under system32, but after clearing it, it will be automatically generated after a while! Always completely cleared without any hair!
Later, I used * to kill the guest v5.31 to check the network status and found that 1433 has a very large number of visits! Is 1433 not the default port of SQL Server? It means that someone is connecting to my database (slqserver2000 is installed on the machine for temporary testing), and also found that the process is accessing the port of a remote computer, and I don’t know what to download! It probably isn't a good thing! It seems that my machine is being monitored by someone! what to do? After shutting down and two processes! It was automatically turned on soon! But I found that the time to be opened was irregular! Sometimes it is opened and called quickly, and sometimes it will appear again for a long time! It seems that it was manually executed by someone else! Think carefully! It seems that the problem is on SQLServer. I checked the relevant information online and finally noticed that xp_cmdshell is on this stored procedure. The online information explains:
xp_cmdshell operating system command shell. This procedure is an extended stored procedure that executes a specified command string and returns any output as a text line.
Generally speaking, xp_cmdshell is also unnecessary for administrators. The elimination of xp_cmdshell will not cause any consequences to the Server.
Any impact.
xp_cmdshell can be eliminated:
Use Master
Exec sp_dropextendedproc N'xp_cmdshell'
Go
If necessary, you can restore xp_cmdshell back:
Use Master
Exec sp_addextendedproc N'xp_cmdshell', N''
Go
[experience]
It is best to eliminate the server's xp_cmdShell storage process.
So I closed it! hehe. . . . Then use the * horse to kill guests to check the network status! ha. . The 1433 port is also relatively normal, and the 1433 has never appeared again! It seems that the problem lies in the security settings! I posted this experience, and I hope that friends who encounter the same problem can have a reference!
Later, I used * to kill the guest v5.31 to check the network status and found that 1433 has a very large number of visits! Is 1433 not the default port of SQL Server? It means that someone is connecting to my database (slqserver2000 is installed on the machine for temporary testing), and also found that the process is accessing the port of a remote computer, and I don’t know what to download! It probably isn't a good thing! It seems that my machine is being monitored by someone! what to do? After shutting down and two processes! It was automatically turned on soon! But I found that the time to be opened was irregular! Sometimes it is opened and called quickly, and sometimes it will appear again for a long time! It seems that it was manually executed by someone else! Think carefully! It seems that the problem is on SQLServer. I checked the relevant information online and finally noticed that xp_cmdshell is on this stored procedure. The online information explains:
xp_cmdshell operating system command shell. This procedure is an extended stored procedure that executes a specified command string and returns any output as a text line.
Generally speaking, xp_cmdshell is also unnecessary for administrators. The elimination of xp_cmdshell will not cause any consequences to the Server.
Any impact.
xp_cmdshell can be eliminated:
Use Master
Exec sp_dropextendedproc N'xp_cmdshell'
Go
If necessary, you can restore xp_cmdshell back:
Use Master
Exec sp_addextendedproc N'xp_cmdshell', N''
Go
[experience]
It is best to eliminate the server's xp_cmdShell storage process.
So I closed it! hehe. . . . Then use the * horse to kill guests to check the network status! ha. . The 1433 port is also relatively normal, and the 1433 has never appeared again! It seems that the problem lies in the security settings! I posted this experience, and I hope that friends who encounter the same problem can have a reference!