We had a trojan downloader infect our network and in the process of
look at the network traffic I discovered that I was getting many
syntax errors where the asp/web front end was making a call to a 2005
back end database and it would chop part of the next query or shorten
the current query. What is really weird is that the .net client seems
to be compensating for this and re-issueing the query another way so
the app (app is .net 2.0 with sp2) continues to function with no
visible errors.

I have checked the database compatiblity layer which is 90 or 2005 on
the database that we are running the queries to. Also it is 2005
server. The asp server has sql express 2005 on it and it looks like it
might need a service pack because its build # is smaller than that on
my 2005 standard server.

I am not sure if this problem preexisted the virus but the system is
now running a bit sluggishly also other departments are reporting the
back end sql server is now running slow. I am now running benchmarks
with perfmon to get some ideas and I think i have some old perfmon
results to compare with on the back end sql server.

I have done numerous searches but most incorrect syntax errors are
because of programming mistakes. That is not the case here. The
problem is across multiple sql requests from different components and
it appears to be working in the app.

firebalrog (barrettpaulj (AT) gmail (DOT) com) writes:
Exactly how do you see this error, and exactly what errors do you see?

I have a theory, but I would need some more information before I am
prepared to present it.


--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinf...ons/books.mspx

Maybe you are (or more exactly, your network is) victim of SQL-Injection
attack.

--
Sylvain Lafontaine, ing.
MVP - Windows Live Platform
Email: sylvain2009 sylvainlafontaine com (fill the blanks, no spam please)
Independent consultant and remote programming for Access and SQL-Server
(French)


"firebalrog" <barrettpaulj (AT) gmail (DOT) com> wrote