Jump to content

Help pdm:trojan.win32.genautorunmssqlservercommandrun.a

Recommended Posts

  • 2 months later...

How we can solve it?


Event: Blocked
Application: SQL Server Windows NT - 64 Bit
User type: System user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Trojan.Win32.GenAutorunMsSqlServerCommandRun.a
Threat level: High
Object type: Process
Object path: C:\Program Files\Microsoft SQL Server\MSSQL10_50.ERBILNEW\MSSQL\Binn
Object name: sqlservr.exe
Databases release date: 27-07-2023 6:20:00 PM
MD5: 7396087F9212009B1B8FAC28C0B7B728

Link to comment
Share on other sites

This could be a false positive, since sqlservr.exe seems a legit Microsoft file, but that detection is by behavior, so maybe was something it was executed by that app, I would contact directly to K. Support, They better will collect traces on Your case and identify better the possible threat.

  • Like 1
Link to comment
Share on other sites

Also, the root folder name created can trigger this. It may have gotten this description because different version and customized names behave like malicious and run from suspicious folder in execution.

In addition, a version that has received an update but has not been committed to the Kaspersky database may have similar false alarms.
If the software you are running does not want an old MSSQL version, be careful to install the current version as much as possible.

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...