Happy birthday to me!
Infection: Trojan win32.adddrop - apache on windows
folder where i've find out a strange apache conf file, containing values that i of course never had set:
ON F:\Temp\Apache24\conf
the conf contain:
ScriptAlias /cgi-bin/ "c:/Apache24/cgi-bin/"
ServerRoot "c:/Apache24"
Infected files: all apache files on C:
there is no "c:/Apache24" on my drive ... i think so, it is used as alias folder, or something else i have not sufficient knowledge about. But for the little i know, there is really something going wrong here.
For what i remember last night, a server request has been done, the firewall alerted me: i've take a look to the address of the request, but i've fail to understand. The request i suspect now, was not from phpbb.com, one of the php script i have installed for coding reasons on localhost. Infact today, while a normal scan, the analysis reveal me a connection to a specific ip by my apache server: i've look to this ip address,apparently it was phpbb.com ... but it was not in reality. I need to reinstall and reconfigure apache... All done yesterday, in half hour.
Fuck You Asshole!
Infection: Trojan win32.adddrop - apache on windows
folder where i've find out a strange apache conf file, containing values that i of course never had set:
ON F:\Temp\Apache24\conf
the conf contain:
ScriptAlias /cgi-bin/ "c:/Apache24/cgi-bin/"
ServerRoot "c:/Apache24"
Infected files: all apache files on C:
there is no "c:/Apache24" on my drive ... i think so, it is used as alias folder, or something else i have not sufficient knowledge about. But for the little i know, there is really something going wrong here.
For what i remember last night, a server request has been done, the firewall alerted me: i've take a look to the address of the request, but i've fail to understand. The request i suspect now, was not from phpbb.com, one of the php script i have installed for coding reasons on localhost. Infact today, while a normal scan, the analysis reveal me a connection to a specific ip by my apache server: i've look to this ip address,apparently it was phpbb.com ... but it was not in reality. I need to reinstall and reconfigure apache... All done yesterday, in half hour.
Fuck You Asshole!