OsakaWebbie
Programmer
On a trip where I used a PortableApps-equipped flash drive on hotel computers, I picked up a hitchhiker: a malicious file on my flash drive (no surprise!). But what I can't figure out is how it could have been used by hackers, and whether there is more on my system that I should be looking for.
It was a PHP file nestled in a folder of photos, and avast! identified the malware as "PHP:Shell-DC [Trj]". And yup, it is definitely a file of nefarious-looking PHP code. But since I have no web server or PHP interpreter running on my ordinary Windows XP machine, I don't know how anyone could use the file to their advantage. However, I'm pretty sure that someone was indeed using it, because my internet access was really, really slow ever since I had gotten back from my trip (yes, I use the same flash drive on my home computer) and it recovered as soon as that file was quarantined. I tried looking up the trojan on the web, but I couldn't find much of anything ( and other pages linked therein don't say anything about PHP files used for this trojan). Does anyone know how a PHP file on a non-webserver machine could be accessed from outside? I'm concerned that I need to look for a hidden webserver or something else that avast! didn't spot.
It was a PHP file nestled in a folder of photos, and avast! identified the malware as "PHP:Shell-DC [Trj]". And yup, it is definitely a file of nefarious-looking PHP code. But since I have no web server or PHP interpreter running on my ordinary Windows XP machine, I don't know how anyone could use the file to their advantage. However, I'm pretty sure that someone was indeed using it, because my internet access was really, really slow ever since I had gotten back from my trip (yes, I use the same flash drive on my home computer) and it recovered as soon as that file was quarantined. I tried looking up the trojan on the web, but I couldn't find much of anything ( and other pages linked therein don't say anything about PHP files used for this trojan). Does anyone know how a PHP file on a non-webserver machine could be accessed from outside? I'm concerned that I need to look for a hidden webserver or something else that avast! didn't spot.