Knowledgebase

Unknown .php file in .NET hosting account

Posted by Tomaszek, 04-07-2010, 05:27 PM
Hi all, I’m hoping to get some help/clarification here as discussion with my hosting provider and my own research renders no results. I’ll try to be as specific and brief as possible and provide enough details. 1. Background I have a shared hosting account with .Net 3.5 (all php, pearl etc support is disabled). I got the email from my hosting provider advising that there were attempts to compromise security on their hosting. The mechanism was that from compromised PCs a FTP password was stolen and then malicious code was uploaded/injected to the sites. They referred to 'Gumblar' and 'Martuz' attacks and provided with the following links. [not able to post] They also changed my FTP password. 2. Sure enough I scanned my PC with ZoneAlarm Security Suite in both deep inspection scan and rootkit scan. Zone Alarm is running on my machine since I can remember. Also my PC is fully updated (I’m running Vista Ultimate). I scanned my PC also with Avast and Malwarebytes which were reported as ones that are able to remove malicious software responsible for this kind of attack. All scans resulted with no infections found whatsoever. 3. Still I found on my account .php file attached. Several emails and calls with my hosting provider helpdesk haven’t shed any light as for origin of the file. They don’t keep the logs for FTP and are not using trip-wire or any similar kind of monitoring app. I found however the info that this kind of script is related to hacker attack. 4. This leaves me at the moment with two options a) File was placed on my account as a result of cross-site attack on my hosting provider (hosting provider overruled this possibility) b) My PC is still infected and I failed to detect not mention remove malicious software from my OS I would greatly appreciated any input on this. Thoughts, guesses possibilities and most importantly advice – what to do next? Many thanx in advance! Attached Files virus.zip (1.8 KB, 41 views)


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Receiving spam from my email address (Views: 577)
127.0.0.1 accessing apache a lot (Views: 603)
please recommend me one of these (Views: 608)
Mail delivery failed: returning message to sender cpanel server (Views: 603)
Looking for brandable hosting. Providing windows and linux platforms (Views: 624)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.