Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: New Apache Virus? |
|
Author |
|
begreen
Joined: 15 Feb 2013 Posts: 1 Location: Colorado
|
Posted: Fri 15 Feb '13 21:55 Post subject: New Apache Virus? |
|
|
Hello,
I am running xampp 1.7.7 (Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1), and I believe I have just acquired some sort of virus/worm.
After many months of reliability, Apache started to drop out pretty regularly (5-10 times per day) requiring a restart each time.
In the error.log file, I found tens of thousands of entries like this:
[Thu Feb 14 15:35:25 2013] [error] [client 5.135.153.51] script 'C:/xampp/htdocs/lol.php' not found or unable to stat
These are coming from two IP addresses(both from an ISP in France) and they have been occurring over the last few days. At certain times of day, these requests are coming in about 10 per second. The error.log file has grown to over 220 Mb, with 99% of that being these types of entries just from the past few days.
I found the following unknown files in the xampp/htdocs/ dir (which I have not put there myself) : lol.php, 121.php, fun.php, in2.php, and Holys.exe
I am not an expert on viruses by any means, but the contents of lol.php appears to be a script that searches out other computers to infect. I can post the files themselves if anyone is interested.
I have removed those files, but I am still receiving thousands of requests to access the lol.php file at several points throughout the day.
I have tried google search, but have uncovered nothing relevant to this problem.
Any help would be greatly appreciated!
Thank you. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Fri 15 Feb '13 22:34 Post subject: |
|
|
Xampp is not for productivity! It is extra open for development. That is not related to apache itself but more to the php scripts or what ever you run on it. |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Fri 15 Feb '13 23:14 Post subject: |
|
|
Removing the files unfortunately doesn't plug the hole that allowed them to get there, so I'm sure they will be back.
I'd be interested VirusTotal's report on the exe.
https://www.virustotal.com |
|
Back to top |
|
|
|
|
|
|