Not sure what these files are

Discussion in 'Malware Help (A Specialist Will Reply)' started by Raimy, Feb 25, 2007.

  1. Raimy

    Raimy Private E-2

    I really hope someone can give me some information about this. I run a ecommerce site and recently found a strange directory in my images folder. It's called File and it contained 2 files. I've attached them here in a zip file.

    And yes, I've already gone the the ecomm software people with this and all they are willing to do is help with the cart itself. I need to know more though, like if this is something malicious and what it was exactly designed to do.

    Please if someone can, give me infomation about this. If it is a hack of some sort I need to know so I can further batten down my hatches.

    Thanks
     
    Last edited: Feb 25, 2007
    Raimy, Feb 25, 2007
    #1
  2. Raimy

    Raimy Private E-2

    I've gone ahead and removed the files to prevent public access since I've gotten confirmation that this is a hack and I don't want to further promote it's use.

    If you are someone in charge here and would like a copy of them for review please let me know and I'll send them to you. I really would like to know more about this to keep it from happening again.

    Thanks
     
    Raimy, Feb 25, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Since the files are no longer attached, we cannot offer any opinions. What is the name of the software program you installed that caused your problems? And what were your problems? What were the names of the files?
     
    chaslang, Mar 1, 2007
    #3
  4. Raimy

    Raimy Private E-2

    Wow you edited. I like this reply much better, it's nicer. :)

    I did state in my second post to contact me for copies if you were someone serious in helping. Doesn't matter anymore anyway, between someone at another forum and my host we figured it out and now all is well.

    But the rundown is that I had an images folder inadvertently set at 777 and someone got in and added that "File" directory. One file was cpanel.pl and I don't remember the other one now (I've deleted them). But fortunately my host as some security measures in place and the exploit was unable to run so no harm was done. I believe it was some sort of mailer exploit or something. Sorry I'm so fuzzy on the details now.
     
    Raimy, Mar 1, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem as long as everything is okay now! ;)

    Have you scanned your PC for other traces of malware?
     
    chaslang, Mar 1, 2007
    #5
  6. Raimy

    Raimy Private E-2

    Absolutely! My personal PC's are armed to the teeth with protection and fully patched and updated, so I wasn't too worried about that. Especially since it wasn't on MY pc. I just didn't like the fact that they got in my stuff on my shared hosting account. I'd be pissed if someone else's lax security screwed up my site, and I didn't want to be the axxhole that messed things up for everyone else. You know how it goes. :)
     
    Last edited by a moderator: Mar 1, 2007
    Raimy, Mar 1, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well I'm happy to hear your problems are resolved then.
     
    chaslang, Mar 1, 2007
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds