Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VEX30D9.Webshell


  • Please log in to reply
14 replies to this topic

#1 qwerty104

qwerty104

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 November 2014 - 05:11 PM

I have this in one of my files and I was just wondering what this is:

 

https://www.virustotal.com/en/file/58b131618ac4fb9438c27c7506296d14e133c4adf9ff2f171591cca09716dc94/analysis/1416089068/

 

Anyone knows?



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 15 November 2014 - 06:10 PM

G'day qwerty104, and Welcome to BC.

 

A file has been submitted to VirusTotal to determine if it is malicious etc

 

The result shows that only 1 out of 53 Anti Virus vendors found it to be objectionable

 

If that were on my PC, i would delete it/ignore it.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 qwerty104

qwerty104
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 November 2014 - 06:37 PM

G'day qwerty104, and Welcome to BC.

 

A file has been submitted to VirusTotal to determine if it is malicious etc

 

The result shows that only 1 out of 53 Anti Virus vendors found it to be objectionable

 

If that were on my PC, i would delete it/ignore it.

Thanks for the reply.

 

Do you mean to delete the Webshell, or the file itself?



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 15 November 2014 - 06:44 PM

What exactly is the "webshell".....sorry if i am missing the obvious here....

 

How did you come across this....?


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 AM

Posted 15 November 2014 - 06:49 PM

What exactly is the "webshell".....sorry if i am missing the obvious here....

 

How did you come across this....?

 

 

Because Bkav antivirus engine said "webshell" etc.


Edited by Alex&Vanko, 15 November 2014 - 07:22 PM.


#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:07:42 PM

Posted 15 November 2014 - 07:19 PM

Because Bkav said so.


Please expand a bit more on this, because it really doesn't make any sense.

#7 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:42 AM

Posted 15 November 2014 - 07:23 PM

I have edited. Sorry Queen-Evie



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 15 November 2014 - 07:33 PM

Apparently the "webshell" (whatever that is !!) is in a .rar file, which in its compressed state is approx 1.8mb......but when uncompressed is approx 39mb.

 

Personally, I would delete the entire thing, and attempt to download whatever it is you are trying to download from a trusted source.

 

Better safe than sorry.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:07:42 PM

Posted 15 November 2014 - 07:42 PM

Thank you, Alex. I was wondering what you meant. And if I was wondering about it, I'm sure others were also.

#10 qwerty104

qwerty104
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 November 2014 - 08:43 PM

Thanks for the response guys. I would delete it, but I'm still curious what this is though.

The only thing I found is that it could be a PHP backdoor. This is related to hacking...right?



#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 15 November 2014 - 08:46 PM

What were you trying to download?.....which site did you download from?

 

 

....and yes...i read the backdoor bit too......however.....none of the more reputable AV vendors called it a backdoor...so...

 

 

A little bit of history would go a long way here....


Edited by Condobloke, 15 November 2014 - 08:54 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#12 qwerty104

qwerty104
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 November 2014 - 05:34 PM

What were you trying to download?.....which site did you download from?

 

 

....and yes...i read the backdoor bit too......however.....none of the more reputable AV vendors called it a backdoor...so...

 

 

A little bit of history would go a long way here....

 

It's a framework for WordPress. It came from the site itself so that's why I'm curious. I also downloaded it from other sources to test it (from the latest version to the lowest) but it always seems to have this Webshell thingy.



#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 16 November 2014 - 06:10 PM

Not sure how pertinent these are.....but have a read anyway..

 

 

 

 

http://getbutterfly.com/wordpress-wso-web-shell-hack/

 

https://www.daniweb.com/software-development/shell-scripting/threads/406575/php-webshell-e2-still-very-dangerous

 

 

The search phrase i used in Google was :    WordPress framework webshell

 

(a bit beyond my paygrade !)


Edited by Condobloke, 16 November 2014 - 06:14 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 qwerty104

qwerty104
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 November 2014 - 09:33 PM

Not sure how pertinent these are.....but have a read anyway..

 

 

 

 

http://getbutterfly.com/wordpress-wso-web-shell-hack/

 

https://www.daniweb.com/software-development/shell-scripting/threads/406575/php-webshell-e2-still-very-dangerous

 

 

The search phrase i used in Google was :    WordPress framework webshell

 

(a bit beyond my paygrade !)

Thanks a lot for your help sir. I guess I just have to contact the one who created this.

 

For the meantime I don't think I'll be using this.



#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 AM

Posted 16 November 2014 - 10:51 PM

Sensible course of action.

 

 

Good Luck


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users