Search the Community
Showing results for tags 'php'.
Hello everyone, I'm looking for some help. My computer is infected with some sort of extremely stubborn malware. I have used Malwarebytes and upon the first run it detected 160 threats which I deleted, but the problem persisted. After much digging around on the internet I then went on to download several other malware cleaners (HitmanPro, Zemana, tdsskiller and Rkill) as well as AVG in an attempt to get rid of this malware. They all detected some more threats which I deleted and Rkill stopped one threat on the first run after which all other runs came back clean. The initial problem I had when I first realized my computer was infected was that Chrome kept telling me that my connection wasn't private/secure and wouldn't allow me to access pages, I then downloaded Firefox which would let me access pages but they often weren't secure. After running all of the malware cleaners and the antivirus several times they all now come back clean, and Google Chrome is working perfectly now, so I'm guessing I managed to get rid of something at least. What's worrying me is when I restart my computer there is a PHP program which starts on it's own and keeps listing a directory which was previously removed by AVG. I'm guessing this pop up window is still malware or at least what's left of it (I'm hoping)? I attempted to upload the screenshot of the program on here but it wouldn't let me for some reason so here is what's written in the window which opens (looks like the black command prompt window) with php written in the header with a light purple background. Warning: unlink(C: \Users \Biljana\ AppData\ Roaming\ Oxawog\ ibawi.heq.exe): No such directory in C:\ Users\ Biljana\ AppData\ Roaming\ Uqfie\ aekyme.php on line 1 This message is listed multiple times. Once I close the window it doesn't reappear again, just upon booting of my system. I would greatly appreciate it if someone could help me out, or is my only solution to reinstall my Windows and start from scratch? P.S Malwarebytes alerted me constantly of a blocked threat under the name kparxehisfup.com coming from C:\ Windows\SysWOW64\msiexec.exe THIS NO LONGER HAPPENS. Any advice would be appreciated, Biljana
Hi, We are using trial for antiexploit before we purchase the endpoint version for business, have noticed that cerain php based exploit scripts which were used to infect our websites based on wp and joomla platform were not detected, have tried copying the script manually on different systems but still antiexploit or antmalware dont detect the same, i have forwarded the script to Mr.Ron of your support team to check further. Also we are running SmarterMail Server, do is it required to add mailservice.exe to exclude list to avoid false positive for any inbound or outbound mail traffice, what is the best practise here to get optimum results. If needed let me know and shall happy to share the script or logs. Thanks Hemens