New Apache Virus?
Posted: 15. February 2013 20:44
Hello,
I am running xampp 1.7.7, and I believe I have just acquired some sort of virus/worm through Apache.
After many months of reliability, Apache started to drop out pretty regularly (5-10 times per day) requiring a restart each time.
In the error.log file, I found tens of thousands of entries like this:
[Thu Feb 14 15:35:25 2013] [error] [client 5.135.153.51] script 'C:/xampp/htdocs/lol.php' not found or unable to stat
These are coming from two IP addresses(both from an ISP in France) and they have been occurring over the last few days. At certain times of day, these requests are coming in about 10 per second. The error.log file has grown to over 220 Mb, with 99% of that being these types of entries just from the past few days.
I found the following unknown files in the xampp/htdocs/ dir (which I have not put there myself) : lol.php, 121.php, fun.php, in2.php, and Holys.exe
I am not an expert on viruses by any means, but the contents of lol.php appears to be a script that searches out other computers to infect. I can post the files themselves if anyone is interested.
I have removed those files, but I am still receiving thousands of requests to access the lol.php file at several points throughout the day.
I have tried google search, but have uncovered nothing relevant to this problem.
Any help would be greatly appreciated!
Thank you.
I am running xampp 1.7.7, and I believe I have just acquired some sort of virus/worm through Apache.
After many months of reliability, Apache started to drop out pretty regularly (5-10 times per day) requiring a restart each time.
In the error.log file, I found tens of thousands of entries like this:
[Thu Feb 14 15:35:25 2013] [error] [client 5.135.153.51] script 'C:/xampp/htdocs/lol.php' not found or unable to stat
These are coming from two IP addresses(both from an ISP in France) and they have been occurring over the last few days. At certain times of day, these requests are coming in about 10 per second. The error.log file has grown to over 220 Mb, with 99% of that being these types of entries just from the past few days.
I found the following unknown files in the xampp/htdocs/ dir (which I have not put there myself) : lol.php, 121.php, fun.php, in2.php, and Holys.exe
I am not an expert on viruses by any means, but the contents of lol.php appears to be a script that searches out other computers to infect. I can post the files themselves if anyone is interested.
I have removed those files, but I am still receiving thousands of requests to access the lol.php file at several points throughout the day.
I have tried google search, but have uncovered nothing relevant to this problem.
Any help would be greatly appreciated!
Thank you.