localhost not working after malware (Vista) 1.7.7 [SOLVED]

Problems with the Windows version of XAMPP, questions, comments, and anything related.

localhost not working after malware (Vista) 1.7.7 [SOLVED]

Postby spiderm81 » 07. December 2011 13:10

I had a browser redirector malware and used malwarebytes to remove it.

I somehow lost my localhost functionality.

portcheck has:
Apache (HTTP) 80 SYSTEM
Apache (HTTPS) 443 free
MySQL 3306 SYSTEM

The control panel say both apache and mysql are running but hitting admin just hangs.

In both IE and firefox it just hangs when I try to go to http://localhost/

I have ODBC links to some mySQL databases in msaccess and they work.

I don't know what I should do.

Thank you in advance.

Gary :)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby Sharley » 07. December 2011 13:53

Which Control Panel are you using?

If the older 2.5 then in the xampp folder is the newer version 3 panel:
xampp-control-3-beta.exe
This has more features and a Netstat button that may have more info about the ports.

First Exit the old panel before using XCPv3 and the latest version can be found by clicking on the link in my signature.

It also has a better log window that is also more informative and creates a log file in the xampp folder.

SYSTEM using the port may mean that the Apache Windows Service is in use.

If when you start the XCPv3 there is a green tick in the service module column then try clicking on it to remove the green tick, you will need to agree to remove the service which is what you want to do.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 07. December 2011 17:43

Sharley,

Thank you so much for the response.

I had recently downloaded, and installed, Version 3, beta of the control panel.

So, as you suggested, I ran it, stopped both mysql and apache services, and then was able to click on the tick.

I uninstalled it and then clicked again.

I then rebooted and the localhost is still just "connecting" for both mysql and apache from the new control panel.

I've included the log info from the control panel. What do you think would be a good next step?

11:31:25 AM [main] Initializing Control Panel
11:31:25 AM [main] Windows Version: Windows Vista Home Premium SP2 32-bit
11:31:25 AM [main] XAMPP Version: 1.7.1
11:31:25 AM [main] Control Panel Version: 3.0.10 [ Compiled: December 3rd 2011 ]
11:31:25 AM [main] Running with Administrator rights - good!
11:31:25 AM [main] XAMPP Installation Directory: "c:\xampp\"
11:31:25 AM [main] Initializing Modules
11:31:25 AM [apache] XAMPP Apache Service is already running on port 80
11:31:25 AM [apache] XAMPP Apache Service is already running on port 443
11:31:25 AM [mysql] XAMPP MySQL Service is already running on port 3306
11:31:26 AM [tomcat] Possible problem detected: Tomcat Not Found!
11:31:26 AM [tomcat] Run this program from your XAMPP root directory!
11:31:26 AM [tomcat] Possible problem detected!
11:31:26 AM [tomcat] Port 8080 in use by "system"!
11:31:26 AM [main] Enabling autostart for module "apache"
11:31:26 AM [main] Enabling autostart for module "mysql"
11:31:26 AM [main] Starting Check-Timer
11:31:26 AM [main] Control Panel Ready
11:31:26 AM [apache] Autostart active: module is already running - aborted
11:31:26 AM [mysql] Autostart active: module is already running - aborted

Thank you,
Gary :)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby Sharley » 07. December 2011 22:38

Everything appears to be already running which usually means these are left over from a previous installation or from when you used the old control panel without stopping everything and uninstalling the services (removing the tick from the Svc check boxes).

The SYSTEM 8080 issue may be an installed Tomcat Windows service from your previous installation attempts or before you had the malware attack, that may be removed by clicking on the XAMPP-Shell button in XCPv3 and typing C:\xampp\tomcat\tomcat_service_uninstall.bat before following the uninstall/install instructions below and see if it has cleared the 8080 port in use issue.
Test by Quitting the XCPv3 and then start it again and look at the log window.

May I suggest that you uninstall/install XAMPP again by using the zip or 7zip version which has often helped clear things up
(don't use the freeware 7zip program to unpack the 7zip archive as it has a bug that does not extract zero length files which will cause serious issues, use WinRAR or a free zip extract program).

Try and follow these uninstall/install instruction to make sure that no residue Windows services are still installed:
viewtopic.php?p=179699#p179699

It has been known that the installer.exe version can couse issues in some Operating Systems and using the archive version instead has been know to solve these issues.

Good luck. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 08. December 2011 13:27

Thanks again Sharley.

I've done as you instructed. There is still a problem.
When I entered "http://localhost/" in my browser(s) I am not getting any response back:
IE 9 has "localhost" in the tab name with the spinning icon.
Firefox 8 has "Connecting" in the tab name with the reverse spinning icon.

After installing the xampp you said to type in "http://localhost/" I did that and it has never come back from those above prompts (no question about language).

It looks like we are close but I'm not sure how to finish for the localhost to work.

Gary :)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 08. December 2011 13:41

And one more thing...
As I said earlier, my ODBC connection to mysql in MS Access was still working so that I could look at the mysql tables from MS Access.
That is now not working after the install. When I attempt to view one of the tables I am prompted for the login creds from MySQL Connector/ODBC with the TCP/IP Server being localhost on port 3306.
I can't run the phymyadmin without the local host to deal with the user.
Thanks
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 08. December 2011 13:56

I want to make sure I'm giving enough info (hope it isn't too much). :)
I'm including the control panel log, the apache error log and the mysql error log.
Thanks
Gary :)

Control Panel Log
7:06:39 AM [main] Initializing main
7:06:39 AM [main] Windows version: 6.0 (build 6002) - Service Pack 2
7:06:39 AM [main] Xampp version: 1.7.7
7:06:39 AM [main] Control center version: 3.0.2 [ Compiled: Jul 21th 2011 - build #1 ]
7:06:39 AM [main] Running as admin - good!
7:06:39 AM [main] Working with basedir: "c:\xampp\"
7:06:39 AM [main] Initializing moduls
7:06:39 AM [main] Starting check-timer
7:06:43 AM [apache] Starting apache app...
7:06:44 AM [apache] Status change detected: running
7:07:10 AM [mysql] Starting mysql app...
7:07:11 AM [mysql] Status change detected: running
7:49:22 AM [apache] Stopping apache (PID: 7520)
7:49:22 AM [apache] Stopping apache (PID: 8152)
7:49:22 AM [apache] Status change detected: stopped
7:49:24 AM [mysql] Stopping mysql (PID: 6360)
7:49:24 AM [mysql] Status change detected: stopped
7:49:30 AM [apache] Starting apache app...
7:49:30 AM [apache] Status change detected: running
7:50:34 AM [mysql] Starting mysql app...
7:50:34 AM [mysql] Status change detected: running

Apache Error Log
[Thu Dec 08 06:21:59 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 06:21:59 2011] [notice] Digest: done
[Thu Dec 08 06:22:05 2011] [notice] Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Thu Dec 08 06:22:05 2011] [notice] Server built: Sep 10 2011 11:34:11
[Thu Dec 08 06:22:05 2011] [notice] Parent: Created child process 6996
[Thu Dec 08 06:22:10 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 06:22:10 2011] [notice] Digest: done
[Thu Dec 08 06:22:14 2011] [notice] Child 6996: Child process is running
[Thu Dec 08 06:22:14 2011] [notice] Child 6996: Acquired the start mutex.
[Thu Dec 08 06:22:14 2011] [notice] Child 6996: Starting 150 worker threads.
[Thu Dec 08 06:22:14 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 06:22:14 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 06:22:14 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 06:22:14 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 06:40:26 2011] [notice] Parent: child process exited with status 1073807364 -- Restarting.
Apache server shutdown initiated...
[Thu Dec 08 07:06:53 2011] [warn] pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Dec 08 07:06:53 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 07:06:53 2011] [notice] Digest: done
[Thu Dec 08 07:06:57 2011] [notice] Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Thu Dec 08 07:06:57 2011] [notice] Server built: Sep 10 2011 11:34:11
[Thu Dec 08 07:06:57 2011] [notice] Parent: Created child process 8152
[Thu Dec 08 07:06:58 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 07:06:58 2011] [notice] Digest: done
[Thu Dec 08 07:06:59 2011] [notice] Child 8152: Child process is running
[Thu Dec 08 07:06:59 2011] [notice] Child 8152: Acquired the start mutex.
[Thu Dec 08 07:06:59 2011] [notice] Child 8152: Starting 150 worker threads.
[Thu Dec 08 07:06:59 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:06:59 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:06:59 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:06:59 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:49:34 2011] [warn] pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Dec 08 07:49:34 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 07:49:34 2011] [notice] Digest: done
[Thu Dec 08 07:49:35 2011] [notice] Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Thu Dec 08 07:49:35 2011] [notice] Server built: Sep 10 2011 11:34:11
[Thu Dec 08 07:49:35 2011] [notice] Parent: Created child process 6176
[Thu Dec 08 07:49:37 2011] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 08 07:49:37 2011] [notice] Digest: done
[Thu Dec 08 07:49:38 2011] [notice] Child 6176: Child process is running
[Thu Dec 08 07:49:38 2011] [notice] Child 6176: Acquired the start mutex.
[Thu Dec 08 07:49:38 2011] [notice] Child 6176: Starting 150 worker threads.
[Thu Dec 08 07:49:38 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:49:38 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:49:38 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?
[Thu Dec 08 07:49:38 2011] [error] (OS 10038)An operation was attempted on something that is not a socket. : winnt_accept: getsockname error on listening socket, is IPv6 available?

MySQL error log
111208 6:22:02 [Note] Plugin 'FEDERATED' is disabled.
111208 6:22:02 InnoDB: The InnoDB memory heap is disabled
111208 6:22:02 InnoDB: Mutexes and rw_locks use Windows interlocked functions
111208 6:22:02 InnoDB: Compressed tables use zlib 1.2.3
111208 6:22:02 InnoDB: Initializing buffer pool, size = 16.0M
111208 6:22:02 InnoDB: Completed initialization of buffer pool
InnoDB: The first specified data file C:\xampp\mysql\data\ibdata1 did not exist:
InnoDB: a new database to be created!
111208 6:22:02 InnoDB: Setting file C:\xampp\mysql\data\ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
111208 6:22:04 InnoDB: Log file C:\xampp\mysql\data\ib_logfile0 did not exist: new to be created
InnoDB: Setting log file C:\xampp\mysql\data\ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
111208 6:22:04 InnoDB: Log file C:\xampp\mysql\data\ib_logfile1 did not exist: new to be created
InnoDB: Setting log file C:\xampp\mysql\data\ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: 127 rollback segment(s) active.
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
111208 6:22:06 InnoDB: Waiting for the background threads to start
111208 6:22:07 InnoDB: 1.1.8 started; log sequence number 0
111208 6:22:08 [Note] Event Scheduler: Loaded 0 events
111208 6:22:08 [Note] c:\xampp\mysql\bin\mysqld.exe: ready for connections.
Version: '5.5.16' socket: '' port: 3306 MySQL Community Server (GPL)
111208 7:07:11 [Note] Plugin 'FEDERATED' is disabled.
111208 7:07:12 InnoDB: The InnoDB memory heap is disabled
111208 7:07:12 InnoDB: Mutexes and rw_locks use Windows interlocked functions
111208 7:07:12 InnoDB: Compressed tables use zlib 1.2.3
111208 7:07:12 InnoDB: Initializing buffer pool, size = 16.0M
111208 7:07:12 InnoDB: Completed initialization of buffer pool
111208 7:07:12 InnoDB: highest supported file format is Barracuda.
InnoDB: The log sequence number in ibdata files does not match
InnoDB: the log sequence number in the ib_logfiles!
111208 7:07:12 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
111208 7:07:12 InnoDB: Waiting for the background threads to start
111208 7:07:13 InnoDB: 1.1.8 started; log sequence number 1595675
111208 7:07:15 [Note] Event Scheduler: Loaded 0 events
111208 7:07:15 [Note] c:\xampp\mysql\bin\mysqld.exe: ready for connections.
Version: '5.5.16' socket: '' port: 3306 MySQL Community Server (GPL)
111208 7:50:34 [Note] Plugin 'FEDERATED' is disabled.
111208 7:50:34 InnoDB: The InnoDB memory heap is disabled
111208 7:50:34 InnoDB: Mutexes and rw_locks use Windows interlocked functions
111208 7:50:34 InnoDB: Compressed tables use zlib 1.2.3
111208 7:50:34 InnoDB: Initializing buffer pool, size = 16.0M
111208 7:50:34 InnoDB: Completed initialization of buffer pool
111208 7:50:34 InnoDB: highest supported file format is Barracuda.
InnoDB: The log sequence number in ibdata files does not match
InnoDB: the log sequence number in the ib_logfiles!
111208 7:50:34 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
111208 7:50:34 InnoDB: Waiting for the background threads to start
111208 7:50:35 InnoDB: 1.1.8 started; log sequence number 1595675
111208 7:50:35 [Note] Event Scheduler: Loaded 0 events
111208 7:50:35 [Note] c:\xampp\mysql\bin\mysqld.exe: ready for connections.
Version: '5.5.16' socket: '' port: 3306 MySQL Community Server (GPL)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 09. December 2011 07:52

I appreciate the help I've gotten here. I've spent much time reading through other threads as well and still can not get the localhost working. I just need to get this problem resolved. I'm open to other suggestions or for someone you can recommend that I can get in touch with and possibly connect remotely if need be.

Thank you again,

Gary :)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby Sharley » 09. December 2011 08:35

Hello Gary,

Open the C:\Windows\system32\drivers\etc\HOSTS file by dragging it into an open text editor window like notepad.

The first line after all the comments should be:
Code: Select all
127.0.0.1 localhost

the next line may be the IPV6 line that needs commenting out so it looks like this
Code: Select all
# ::1 localhost
Save the file and try and start Apache.

If that fails then may I suggest you uninstall and reinstall using a different method ie. zip or 7zip method and here are some instructions to follow that will help make sure that you remove all the possible issues related to your current installation:
viewtopic.php?p=179699#p179699

It is possible that there has been some damage or a bug issue with the current installer version on some Windows Operating Systems.

Good luck and let me know back how it all pans out. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: localhost not working after fix of a redirector malware

Postby Sharley » 09. December 2011 09:07

Before uninstalling try to get rid of this error:
Code: Select all
winnt_accept: getsockname error on listening socket, is IPv6 available?
by following these instruction to reset winsock:

Click on start>run>cmd.exe
Type:
netsh winsock RESET
Click OK

Restart your PC and again try and start Apache.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 09. December 2011 09:39

Sharley,

Thanks, again!!!! Something did it!

Here is what I did.
The hosts file didn't have a reference to localhost...so I put the one in and saved the file.
I stopped the services in the control panel, exited the panel, went back in.
Tried to do admin on both apache and mysql, they were just "waiting for localhost", in Firefox, and never returned.
I shut down the services again and received an error in Firefox
"The connection to the server was reset while the page was loading." - Which is probably normal but seems to indicate that the server is being seen at least.
When I try to load "http://localhost/xampp" I immediately get the error
"Firefox can't establish a connection to the server at localhost." - which I presume is also normal since I have the services stopped.
I reset the winsock and rebooted.
Yeah!
The xampp window displays on firefox. phpmyadmin also shows up.
The only question/problem I now see is that my databases in phpmyadmin are gone. I presume a path thing.
Thank you so much. And any suggestions on how to find the databases would be appreciated and complete this...challenge!
Gary :)
Yesterday I installed the xampp with the zip version. I will try it now again.
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby Sharley » 09. December 2011 09:54

Your databases are stored in the \xampp\mysql\data folder and their folders will be named the same as your databases.

They will be gone unless you did a backup first using phpMyAdmin.

If you kept a copy of your XAMPP installation somewhere then those databases may still be in the folder mentioned above in your XAMPP copy.

I am also pleased that you have it working now. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: localhost not working after fix of a redirector malware

Postby spiderm81 » 09. December 2011 11:15

I've got an online backup, so all is great!

Thank you very much. Hope all goes fantastic for you and yours!!!

Gary :)
spiderm81
 
Posts: 8
Joined: 07. December 2011 12:58
Operating System: Vista

Re: localhost not working after fix of a redirector malware

Postby Sharley » 09. December 2011 11:18

You're welcome Garry and thanks for the feedback. 8)

I will close this topic now and mark it solved.

Best wishes. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 60 guests