Interestinglet us know what you find.
Sent from my iPhone
> On Jan 4, 2016, at 9:06 PM, Michael D. Berger wrote:
>
> I don't think index.html was changed, but I only took a quick look.
> I have it backed up in a tgz file, so when the Linux box comes back up
> (maybe tomorrow), I'll take a c
I don't think index.html was changed, but I only took a quick look.
I have it backed up in a tgz file, so when the Linux box comes back up
(maybe tomorrow), I'll take a closer look
It is also possible that there was something wrong with httpd.config .
It is quite complex, with numerous RewriteRul
Was the index.html file modified in anyway? Did it call the executable? Any
rewrites or any other files added to the path index.html resided?
Sent from my iPhone
> On Jan 4, 2016, at 8:21 PM, Michael D. Berger wrote:
>
> It was not overwritten. If you looked on the server, it was just fine.
It was not overwritten. If you looked on the server, it was just fine.
But an executable was delivered instead. In any case, it is gone
with the wind -- DBAN is now running on the server. Hopefully,
the reinstallation will work better.
Mike.
--
Michael D. Berger
m.d.ber...@ieee.org
http://www
Hmmm, index. Html is just default page??? Strange that that it got
overwritten by some executable
--
Dino Buljubasic
--
Dino Buljubasic
Cell 604 441 3560
Please pardon my brevity - sent from my mobile device. Please excuse any
typos.
On Jan 4, 2016 12:38, "Michael D. Berger" wrote:
> Followi
Stop to send emails in this adress You make an
error!!!
-Mensaje original-
De: Michael D. Berger [mailto:m.d.ber...@ieee.org]
Enviado el: lundi 4 janvier 2016 21:42
Para: users@httpd.apache.org; frazier...@sbcglobal.net
Asunto: RE: [users@httpd] Possible virus
I tried the submission you suggest. It said it is an executable file,
suitable for my Linux box. I don't think I am about to run it. Note that
my ESET NOD32 virus software finds nothing wrong with it.
Thanks,
Mike.
--
Michael D. Berger
m.d.ber...@ieee.org
http://www.rosemike.net/
> -Ori
Following your suggestion, I made use of my daily backups to install
the httpd.conf from two days ago, when all was well. The problem was
the same. I tried sublitting a file to sophos, but I would have to
join, and I am not ready for that. See also my next email.
Still heading toward DBAN.
Than
You might try submitting the file at https://www.virustotal.com
and see what it detects.
On 1/4/16 8:18 AM, Michael D. Berger wrote:
Examining with Lemmy (A Windows version of VI), it looks like a binary file.
Size is 181.4 KB.
I am considering my favorite virus remover: DBAN, but it would take
Hi Mike.
You might like to send this to sophos for analysis:
https://www.sophos.com/en-us/support/knowledgebase/11490.aspx
As index.html is the default page if nothing else is configured, has your
httpd.conf file been modified to server this binary file
instead of index.html?
HTH,
Keith Rober
If the file begins "MZ" (the MS-DOS stub found at the start of Windows
executables) then it's very likely to be a Windows program intended for
execution, which would be bad news.
It's interesting that you say "index.html" -- does this server serve all static
pages, or does index.html reference
Examining with Lemmy (A Windows version of VI), it looks like a binary file.
Size is 181.4 KB.
I am considering my favorite virus remover: DBAN, but it would take several
days work to
recover from that.
Mike.
--
Michael D. Berger
m.d.ber...@ieee.org
http://www.rosemike.net/
> -Original Mes
Well, what do you see if you examine the file in a text editor?
> -Original Message-
> From: Michael D. Berger [mailto:m.d.ber...@ieee.org]
> Sent: 04 January 2016 05:03
> To: Apache-Users
> Subject: [users@httpd] Possible virus via httpd server
>
> Using my WinXP Firefox client to acces
13 matches
Mail list logo
