Jump to content

tommalia

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you for your assistance. Just to make sure I've done this correct, to exclude httpd.exe from ransomware detection, do I use the "Exclude an Application that Connects to the Internet" option? That's the option I tried last night... thought it seems to have killed the process on me anyway.
  2. I took the chance and unquarentined it last night. Interesting to note that I have the directory the file is in under version control (Subversion working directory) since I first installed Apache there several years ago and Subversion is reporting that the httpd.exe file is unchanged from the copy that was originally installed. So, I'm pretty confident that the httpd.exe file didn't get malissiously swapped out or edited in some way since it was downloaded from Apache website. I als added the exe to the list of programs to be excluded from scanning last night. However, when I checked this morning, my website was down again and MWB had a report (I'll past it below) that it found another Malware.Ransom.Agent and it was this httpd.exe program again... interstingly, this time it didn't quarentine the file, but apparently it did, somehow, shut it down because httpd.exe is not running and the server reverted to IIS7 as the listener on port 80. Fortunately my particular business is not that dependent on my website being up 24/7 but it's still pretty frustrating that MWB is messing with such an industry standard program as Apache HTTP.... Also seems odd that when I google the combination, I don't see ANY other posts anyway about problems with MWB playing nice with Apache. I would have thought more people would have experienced similar problems. I'm attaching the requested zipped copy of the httpd.exe program for your inspection. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/18/17 Protection Event Time: 5:24 PM Log File: c7ce31c9-9cb7-11e7-9e53-0025903439ed.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2836 License: Trial -System Information- OS: Windows Server 2008 R2 Service Pack 1 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, D:\ProgramFiles\Apache\Apache24\bin\httpd.exe, Quarantined, [0], [392685],0.0.0 (end) httpd.zip
  3. Running MWB on server that runs Apache 2.4 . It quarentined the httpd.exe program on me say it was a ransom agent. Is this likely just a false positive? Or did Malware Bytes actually find a bad httpd.exe file? How can I tell?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.