Backdoor:php/c99shell.g Did i get it here?

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

Backdoor:php/c99shell.g Did i get it here?

Post by TheBot0nist on Wed Jan 12, 2011 3:13 pm
([msg=52053]see Backdoor:php/c99shell.g Did i get it here?[/msg])

Hello, I'm not sure if this belongs in this forum but I was just reading on the forums and i clicked a link (I don't remember which one) and immediately my AV (Micr. Sec. Essentials) popped up an alert saying it detected Backdoor:php/c99shell.g in this path \Application Data\Mozilla\Firefox\Profiles\586z8zex.default\Cache\D9E0A3ADd01.

I really don't use this computer for anything like downloads or the like, so I was wondering if I was attacked from HTS. Has anyone else had this issue?
#include <commonsense>

using namespace isnt;

int main(common);
User avatar
TheBot0nist
New User
New User
 
Posts: 11
Joined: Tue Jan 11, 2011 5:23 pm
Location: On top of a building.
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by Goatboy on Wed Jan 12, 2011 3:16 pm
([msg=52054]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

It's entirely possible. You wouldn't have gotten it directly from HTS, but any links here should be treated with a grain of skepticism. It would help if you posted the link here so we can check it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2806
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by Defience on Wed Jan 12, 2011 3:22 pm
([msg=52055]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

Yeah, let us know if you can recall where in the forums this link was located. It could be a user trying to install a trojan.
User avatar
Defience
Addict
Addict
 
Posts: 1280
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by TheBot0nist on Wed Jan 12, 2011 3:28 pm
([msg=52056]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

I didn't think HTS was responsible ( I trust y'all ;0). I can remember the exact link but I think it was to supposed to send me to a page on this site. I wish I could remember. I think it may have been in the thread about forum registration issues (the one where there were complaints about no user name box or something and fashizzlepop got pissed about rudeness) or the one titled 'HTS needs to stop sucking'. I could be wrong though so I guess I'll never know.

Thank you for the reply though.
#include <commonsense>

using namespace isnt;

int main(common);
User avatar
TheBot0nist
New User
New User
 
Posts: 11
Joined: Tue Jan 11, 2011 5:23 pm
Location: On top of a building.
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by fashizzlepop on Wed Jan 12, 2011 4:22 pm
([msg=52059]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

TheBot0nist wrote:I didn't think HTS was responsible ( I trust y'all ;0). I can remember the exact link but I think it was to supposed to send me to a page on this site. I wish I could remember. I think it may have been in the thread about forum registration issues (the one where there were complaints about no user name box or something and fashizzlepop got pissed about rudeness) or the one titled 'HTS needs to stop sucking'. I could be wrong though so I guess I'll never know.

Thank you for the reply though.

Lol, I dun remember nothin'. And there aren't any links in the HTS Sucking thread.

c99 shell is a PHP script that functions as a backdoor. Chances are you found a link and started downloading it. AV doesn't like it as they believe someone else might be trying to upload it to you. Chances are it was just you downloading it from that link. Probably shouldn't worry too much.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by TheBot0nist on Wed Jan 12, 2011 9:44 pm
([msg=52070]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

A couple days ago I was installing various password recovery tools for one of the missions with a MD4 hash. I tried a few before settling on C&A. Maybe I allowed it to install without knowing. It may have been in one of the 'corrupt download/installs I had, and the AV just happened to catch it while I was browsing the forum.

I don't really know though. I'm sure its obvious that I don't know what I'm talking about.

Anyways, I'm glad it caught it, and thanks for the explanation.
#include <commonsense>

using namespace isnt;

int main(common);
User avatar
TheBot0nist
New User
New User
 
Posts: 11
Joined: Tue Jan 11, 2011 5:23 pm
Location: On top of a building.
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by fashizzlepop on Thu Jan 13, 2011 12:38 am
([msg=52086]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

C&A usually triggers AV programs as a false positive. Same with JTR. That's probably what it was.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by TheBot0nist on Thu Jan 13, 2011 1:17 am
([msg=52088]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

Thank you.

-- Thu Jan 13, 2011 1:12 pm --

The bad link is the link to the forum FAQ. faq.php

I tried it three time. Every time the same threat was detected and removed.

-- Thu Jan 13, 2011 1:17 pm --

Sorry, I tried to make a new post. Bump
#include <commonsense>

using namespace isnt;

int main(common);
User avatar
TheBot0nist
New User
New User
 
Posts: 11
Joined: Tue Jan 11, 2011 5:23 pm
Location: On top of a building.
Blog: View Blog (0)


Re: Backdoor:php/c99shell.g Did i get it here?

Post by Defience on Thu Jan 13, 2011 8:49 pm
([msg=52123]see Re: Backdoor:php/c99shell.g Did i get it here?[/msg])

:shock:
User avatar
Defience
Addict
Addict
 
Posts: 1280
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests