Malicious Scripts found in asp.net solution explorer at Runtime
https://stackoverflow.com/questions/10970743
-
13-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have found some unknown .php files in Soultion Explorer of asp.net website while running locally.
When ever i navigate between pages it dynamically created two files in the name of 1. eval code and 2. jsc3.js.php
i understood this is malicious intrusion in my system and i need to over come this.
please help me.
Thanks in advance.
Solution
The above is a Internet Explorer Add-On was downloaded and installed automatically from a malicious website.
Add-On Name - PeteBH Class (related DLL - yayWmKee.dll in c:\windows\system32)
For Complete information about this threat please refer - http://www.threatexpert.com/report.aspx?md5=da146c6c26ac0ef5d26dbe571e32008a
How to remove : 1. Disable this add-on in Internet explorer Manage -addons option. 2. Remove the registry entries specified in the bove link (carefully and on your own risk). 3. Log in as Administrator in Safe Mode and delete the yayWmKee.dll from "C:\Windows\System32".
Always be sure about the pages visited and things downloaded.
Thanks for all the replies.
