RE: Possible virus via httpd server

["Dino B." <mypascal2000@xxxxxxxxx>]

Hmmm, index. Html is just default page???  Strange that that it got overwritten by some executable

--
Dino Buljubasic

--
Dino Buljubasic
Cell 604 441 3560

Please pardon my brevity - sent from my mobile device.  Please excuse any typos.

On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.berger@xxxxxxxx> wrote:

Following your suggestion, I made use of my daily backups to install
the httpd.conf from two days ago, when all was well. The problem was
the same.  I tried sublitting a file to sophos, but I would have to
join, and I am not ready for that.  See also my next email.

Still heading toward DBAN.

Thanks,
Mike.

--
Michael D. Berger
m.d.berger@xxxxxxxx
http://www.rosemike.net/


> -----Original Message-----
> From: Keith Roberts [mailto:keith.roberts@xxxxxxxxxxxx]
> Sent: Monday, January 04, 2016 11:25
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: Possible virus via httpd server
>
> Hi Mike.
>
> You might like to send this to sophos for analysis:
>
> https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
>
> As index.html is the default page if nothing else is
> configured, has your httpd.conf file been modified to server
> this binary file instead of index.html?
>
> HTH,
>
> Keith Roberts
>
> On 4 Jan 2016, at 16:18, Michael D. Berger
> <m.d.berger@xxxxxxxx> wrote:
>
> > Warning: This message contains unverified links which may
> not be safe.  You should only click links if you are sure
> they are from a trusted source.
> > Examining with Lemmy (A Windows version of VI), it looks
> like a binary file.
> > Size is 181.4 KB.
> > I am considering my favorite virus remover: DBAN, but it would take
> > several days work to recover from that.
> >
> > Mike.
> > --
> > Michael D. Berger
> > m.d.berger@xxxxxxxx
> > http://www.rosemike.net/
> >
> >
> >> -----Original Message-----
> >> From: Daniel Beardsmore [mailto:daniel@xxxxxxxxxxxxxxxxxxx]
> >> Sent: Monday, January 04, 2016 05:03
> >> To: users@xxxxxxxxxxxxxxxx
> >> Subject: RE: Possible virus via httpd server
> >>
> >> Well, what do you see if you examine the file in a text editor?
> >>
> >>> -----Original Message-----
> >>> From: Michael D. Berger [mailto:m.d.berger@xxxxxxxx]
> >>> Sent: 04 January 2016 05:03
> >>> To: Apache-Users
> >>> Subject: Possible virus via httpd server
> >>>
> >>> Using my WinXP Firefox client to access my previously
> working httpd
> >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my
> >>> index.html .  Do you think I have a virus on my Linux box?  I did
> >>> notice that my iptables is not as tight as it should be.
> >>>
> >>> --
> >>> Michael D. Berger
> >>> m.d.berger@xxxxxxxx
> >>> http://www.rosemike.net/
> >>>
> >>>
> >>>
> >>>
> >>
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>>
> >>>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >>
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx