Was the index.html file modified in anyway? Did it call the executable? Any rewrites or any other files added to the path index.html resided?
Sent from my iPhone > On Jan 4, 2016, at 8:21 PM, Michael D. Berger <m.d.ber...@ieee.org> wrote: > > It was not overwritten. If you looked on the server, it was just fine. > But an executable was delivered instead. In any case, it is gone > with the wind -- DBAN is now running on the server. Hopefully, > the reinstallation will work better. > > Mike. > > -- > Michael D. Berger > m.d.ber...@ieee.org > http://www.rosemike.net/ > > > > From: Dino B. [mailto:mypascal2...@gmail.com] > Sent: Monday, January 04, 2016 19:36 > To: users@httpd.apache.org > Subject: RE: [users@httpd] Possible virus via httpd server > > Hmmm, index. Html is just default page??? Strange that that it got > overwritten by some executable > > -- > Dino Buljubasic > > -- > Dino Buljubasic > Cell 604 441 3560 > > Please pardon my brevity - sent from my mobile device. Please excuse any > typos. > >> On Jan 4, 2016 12:38, "Michael D. Berger" <m.d.ber...@ieee.org> wrote: >> Following your suggestion, I made use of my daily backups to install >> the httpd.conf from two days ago, when all was well. The problem was >> the same. I tried sublitting a file to sophos, but I would have to >> join, and I am not ready for that. See also my next email. >> >> Still heading toward DBAN. >> >> Thanks, >> Mike. >> >> -- >> Michael D. Berger >> m.d.ber...@ieee.org >> http://www.rosemike.net/ >> >> >> > -----Original Message----- >> > From: Keith Roberts [mailto:keith.robe...@ecric.nhs.uk] >> > Sent: Monday, January 04, 2016 11:25 >> > To: users@httpd.apache.org >> > Subject: Re: [users@httpd] Possible virus via httpd server >> > >> > Hi Mike. >> > >> > You might like to send this to sophos for analysis: >> > >> > https://www.sophos.com/en-us/support/knowledgebase/11490.aspx >> > >> > As index.html is the default page if nothing else is >> > configured, has your httpd.conf file been modified to server >> > this binary file instead of index.html? >> > >> > HTH, >> > >> > Keith Roberts >> > >> > On 4 Jan 2016, at 16:18, Michael D. Berger >> > <m.d.ber...@ieee.org> wrote: >> > >> > > Warning: This message contains unverified links which may >> > not be safe. You should only click links if you are sure >> > they are from a trusted source. >> > > Examining with Lemmy (A Windows version of VI), it looks >> > like a binary file. >> > > Size is 181.4 KB. >> > > I am considering my favorite virus remover: DBAN, but it would take >> > > several days work to recover from that. >> > > >> > > Mike. >> > > -- >> > > Michael D. Berger >> > > m.d.ber...@ieee.org >> > > http://www.rosemike.net/ >> > > >> > > >> > >> -----Original Message----- >> > >> From: Daniel Beardsmore [mailto:dan...@trustnetworks.co.uk] >> > >> Sent: Monday, January 04, 2016 05:03 >> > >> To: users@httpd.apache.org >> > >> Subject: RE: [users@httpd] Possible virus via httpd server >> > >> >> > >> Well, what do you see if you examine the file in a text editor? >> > >> >> > >>> -----Original Message----- >> > >>> From: Michael D. Berger [mailto:m.d.ber...@ieee.org] >> > >>> Sent: 04 January 2016 05:03 >> > >>> To: Apache-Users >> > >>> Subject: [users@httpd] Possible virus via httpd server >> > >>> >> > >>> Using my WinXP Firefox client to access my previously >> > working httpd >> > >>> 2.4 server on Fedora 23 gets a file named 1OfvyQ5L instead of my >> > >>> index.html . Do you think I have a virus on my Linux box? I did >> > >>> notice that my iptables is not as tight as it should be. >> > >>> >> > >>> -- >> > >>> Michael D. Berger >> > >>> m.d.ber...@ieee.org >> > >>> http://www.rosemike.net/ >> > >>> >> > >>> >> > >>> >> > >>> >> > >> >> > --------------------------------------------------------------------- >> > >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > >>> For additional commands, e-mail: users-h...@httpd.apache.org >> > >>> >> > >>> >> > >> >> > --------------------------------------------------------------------- >> > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > >> For additional commands, e-mail: users-h...@httpd.apache.org >> > >> >> > > >> > > >> > > >> > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > > For additional commands, e-mail: users-h...@httpd.apache.org >> > > >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > For additional commands, e-mail: users-h...@httpd.apache.org >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org
