mySQL, phpMyAdmin, svchost.exe trojan

Problems with the Windows version of XAMPP, questions, comments, and anything related.

mySQL, phpMyAdmin, svchost.exe trojan

Postby HeatherFeuer » 13. September 2009 16:37

I have Xampp 2.7.1 installed on my Windows XP home computer for website development. The installation went flawlessly and I was having no problems. I run Avast! anti-virus and Comodo firewall for protection. I also use DYNDNS to provide access for my clients to the websites I am developing for them.

This morning I found a screaming message from Avast saying it had found Win32:Bifrose-DPA [Trj] in E:\webserver\phpmyadmin\svchost.exe. I took the recommended action of quarantining that file. Now I appear to have lost complete access to phpmyadmin. When I point my browser, I get the following error message:
Error
MySQL said:
#1045 - Access denied for user 'root'@'localhost' (using password: NO)
Connection for controluser as defined in your configuration failed.
phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server.
I then tried to open MySQLAdmin and got an access error for libmysql.dll.

Is svchost.exe required for either of these apps? How can I repair this installation? I've attempted to troubleshoot this problem short of taking svchost.exe out of quarantine. Is it possible that this was a false positive?
Heather Feuerhelm
Never too old to learn
Uniquely Yours Business Services
User avatar
HeatherFeuer
 
Posts: 2
Joined: 13. September 2009 15:59
Location: Maine, USA

Re: mySQL, phpMyAdmin, svchost.exe trojan

Postby Izzy » 14. September 2009 00:19

HeatherFeuer wrote:...This morning I found a screaming message from Avast saying it had found Win32:Bifrose-DPA [Trj] in E:\webserver\phpmyadmin\svchost.exe...
There is no svchost.exe file in the phpmyadmin folder as this file is a Windows system file found in the C:\Windows\system32 folder.

If it was moved there by some malware then yes it should remain in quarantine and perhaps a copy of a clean file replaced in the system32 folder.

A copy is usually found in the C:\Windows\system32\dllcache\folder - check it first.

You need to seriously check out your whole PC for malware and fix the initial problem.

You can download a zip version of XAMPP and check for yourself that this svchost.exe is not included in the releases.
SourceForge Windows Archive

BTW you can check any file on line using a multitude of virus checking software by visiting:
http://www.virustotal.com/
http://virusscan.jotti.org/en


As for your MySQL error message, which may be a separate issue, an Advanced forum search for your error message Connection for controluser as defined in your configuration failed in the XAMPP for Windows forum may give you some answers, which BTW, has had many posts and responses of late.

In the search results click on the Topic title to expand the whole post of any that attract your interest.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: mySQL, phpMyAdmin, svchost.exe trojan

Postby HeatherFeuer » 14. September 2009 00:59

Thank you. I continued to do further checking and reading after I posted this. I have installed WAMP servers in various forms for a number of years now, but this is the first time I have installed XAMPP. I hadn't realized until now how unsecure it can be. I ended up uninstalling the whole thing and downloading the most recent version, which I will be installing shortly. This time I will follow instructions for making the server more secure.

I have spent most of the day investigating and fixing any potential problems -- I did find where someone had managed to inject a user with special permissions for the webserver folder. Thank you for pointing out the potential problem with the svchost.exe file. I'll make sure it's replaced by a clean copy.

Thanks again!
Heather Feuerhelm
Never too old to learn
Uniquely Yours Business Services
User avatar
HeatherFeuer
 
Posts: 2
Joined: 13. September 2009 15:59
Location: Maine, USA


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 105 guests