cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Remote Agent Service keeps stopping

Mike_Rebich
Level 3

‎08-02-2005 10:56 AM

We have had backups work successfully for several months now, but in the last month or so, the Remote Agent service keeps stopping for some reason. In doing some research we found that a trojan or virus has somehow infected that server and is using port 10,000, which is the port that the Remote Agent uses. Since the Remote Agent Service was running how could another process stop the RA service from listening on that port and take it over, unless it came in through the RA service and infected the system that way? We found several other ports listening that also indicate a trojan. The ports are: 22,222 and 55,555. Services that we found to be running that should not be are tlntsvc.exe (telnet service) and msmsgs.exe (messenger service) both of which we have disabled. Please provide me with the necessary information to clean this system of these trojans to allow the Remote Agent service to continue running and resolve the issue once and for all.
Thanks,
Mike Rebich mrebich@nanocom.com
Windows Systems Administrator
nanoCom Corporation
0 Kudos
4 REPLIES 4

patrickkuah
Level 6

‎08-02-2005 11:25 PM

i suugest you to reinstall the server, it much cleaner and safer...

patrick
0 Kudos

Deepali_Badave
Level 6
Employee

‎08-03-2005 02:04 AM

Hello,

As you have mentioned here that port 10,000 is used by some another application, make sure that this port will be free cause beremote.exe uses this port.


NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.
0 Kudos

Mike_Rebich
Level 3

‎08-03-2005 10:04 AM

It appeared that it was a trojan that was using port 10,000. I was able to clean off that malware, but fear that it will just come right back. My question is how did that trojan stop the BE Remote Agent from listening on that port and take it over? Is there a patch or update for backup exec or the Remote agent that will keep this from happening again? This is not the first time this has happened on this server.
0 Kudos

Renuka_-
Level 6
Employee

‎08-04-2005 06:27 AM

Hello ,

If you are using the revision 5484 of V10.0 backup exec please download and install the revision 5520, to avoid this happening.For more details on whether this could be related to backup exec please refer to :
http://support.veritas.com/docs/277429

For the 5520 download please refer to:
http://support.veritas.com/docs/277181


Additional Information :
For information on the recent VERITAS Backup Exec security vulnerabilities, including links to the downloads for the necessary hotfixes, please refer to the following document:
Patch summary for Security Advisories VX05-001, VX05-002, VX05-003, VX05-005, VX05-006, VX05-007

http://seer.support.veritas.com/docs/277429.htm

NOTE : If we do not receive your reply within two business days, this post would be marked assumed answeredand would be moved toanswered questions pool.
0 Kudos