sqlserver.exe is not being recognized

I recently looked over my processes that were running on my home computer and came across something called “sqlserver.exe”. I did a quick search online for it and was informed that it was a trojan and needed to be removed immediately.

So I ended the process and started up avast to see if it would detect it and remove it. I ran a thorough scan and it didn’t pick it up. Was that because I had ended the process for sqlserver.exe or shouldn’t it have found it anyway?

I always keep my avast up to date. Here’s what I need help with please:

  1. Is sqlserver.exe truly a virus (trojan)?
  2. Why didn’t avast recognize it?
  3. And if this is really a virus, how do I get rid of it?

Your help is very much appreciated! :slight_smile:

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

Adding to the chest is possibly the best option, you will probably have to end the process in task manager. Open the avast chest, add the file to the User Files (File, Add) section of the avast chest and send it from there (right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

I don’t know why it isn’t detected, I’m just an avast user like you, but it may be that as a trojan, it could be Spyware or Adware, whilst avast does detect adware and spyware it doesn’t specialise in that area.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

  1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

http://www.liutilities.com/products/wintaskspro/processlibrary/sqlserver/

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

Hi David, thanks for responding. :slight_smile:

Actually, I did a little more research and noticed that I made a mistake. It’s not “sqlserver.exe” which is what I did a search on. It’s really “sqlservr.exe” which is a Microsoft thing (http://www.auditmypc.com/process/sqlservr.asp).

So, looks like my defenses are doing their job – I just need to work on my typing.

Thanks again!

No problem, at least you have some information should anything like this happen in the future.

If you don’t have one of those programs it will add to your overall protection.