Sqlserver.exe - it’s not always a virus!

November 19, 2007

A few days ago I was looking through my processes window here at work on the Windows machine I use. It runs Windows XP Pro, for what that’s worth. I saw this…

Since I was dealing with a slightly sluggish system of late, I decided to Google this process to find out what the heck it was.

Do the search yourself and see what you think.

Do you think what I thought? A trojan! I was worried about this because I am super careful and consider myself darn savvy about where to click and where not to. I immediately ran my Trend Micro OfficeScan client as well as Windows Defender. Didn’t pick up a thing.

According to one link, the trojan is totally memory resident so scans won’t detect it. Uh, ok.

I found a removal tool, which crashed each time I ran it. Did I really have it and the trojan was knocking out the removal tool? Yikes!

I managed to find the log file generated by the removal tool and it said my ssnetlib.dll was not vulnerable. It shouldn’t be, I am up to date with all my Microsoft Updates.

So what’s the problem, then? I’ve got a process taking up 50 megs (sometimes way more) and I don’t know why. As a side note, I am familiar with the plain jane SQL Server and I have not ever installed it here. I don’t have any reason to.

After a few hours of quitting it and having it restart itself (the process, that is) I happened on a link that mentioned Pinnacle. Well, after seeing Dean Shareski’s green screen presentation for the Flat Classroom Project, I grabbed a copy of Pinnacle Studio 10 with the green screen (couldn’t find v. 11 locally) and installed it.

On a whim, I checked the Add/Remove Programs section and lo and behold…

I promptly removed it and went on about my day with a speedier system. This post is intended to hit the search results rankings so that others can see the sqlserver.exe is not always a trojan.

Posted in General, my life / my world