Knowledgebase

Portal Home > Knowledgebase > Articles Database > Please help me,, I have a problem?


Please help me,, I have a problem?




Posted by dream-date, 11-21-2007, 04:03 PM
hello dream-date.nl/dream/ i Installation SkaDate 6 script and now i have many error only in the *SkaDate Homepage * and all files is work fine help me mariah Last edited by bear; 11-21-2007 at 07:33 PM. Reason: de-linked
Posted by CiscoMike, 11-21-2007, 04:09 PM
DO NOT click on that link. There is a trojan that tries to load (at least according to McAfee, CSA and Trend) Last edited by bear; 11-21-2007 at 07:34 PM. Reason: de-linked
Posted by dream-date, 11-21-2007, 04:55 PM
how can i clean up? i don't see any trojan this error Warning: main(configs.php) [function.main]: failed to open stream: No such file or directory in /home/dreamd42/public_html/dream/index.php on line 15 Fatal error: main() [function.require]: Failed opening required 'configs.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/dreamd42/public_html/dream/index.php on line 15 help me
Posted by pogue, 11-21-2007, 05:38 PM
The source of the page is huge, and about halfway down there is an iframe link that looks highly suspicious. I followed the link to a page that loads an executable file that is encoded in hex which converts to an EXE on the end user's machine. It looks like you are infected with a spambot, Mariah. It could possibly be the Storm worm or Torpig. You need to contact your system administrator and take the website offline immediately because you are going to infect other people who visit that site and you are most likely spewing spam from that machine (although I don't see any now).
Posted by jon-f, 11-21-2007, 06:07 PM
Ive seen a worm called mpack do that before, write to pages and make them parse error on php. I dont know how that works but I think it infects your computer and finds any ftp logins and logs in and writes to the files embedding an executable. I guess that storm worm is doing the same, pretty brutal too. I got a user who has been getting ddos for 3 months now from a storm worm net. They say its absolutely huge. But Id advise checking your local computer for viri, changing your passwords, all that but only after you make sure your computer is clean. Id be interested in anything you find on your local computer, if you are able to get the quarantined viri please pm me.
Posted by CiscoMike, 11-21-2007, 06:17 PM
it's not stormworm, it's an old AOODB exploit for Windows via VB script. 99% of machines should be patched against the issue but there's always those people that never patch, don't run AV/PFW/HIPS. edit: Psyme is it's name
Posted by pogue, 11-21-2007, 06:31 PM
You might be interested in reading this PDF: http://www.cis.uab.edu/forensics/UAB.Bots.pdf It's a presentation on security for end users, but it shows some examples of the Storm worm when it's active and what it can do. Also some good info on Spamtrackers.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How to Create a Rollover (Views: 691)
What is Windows equivalent to Linux CHMOD 666? (Views: 656)
Testing server performance (Views: 703)
exim problem?? (Views: 656)
Windows Syslog? (Views: 688)

Language: