Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

WAMP Server hacked

This is a discussion on WAMP Server hacked within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I was running WAMPServer and entering data. Then wamp 'crashed'. The contents of index.php in www folder was replaced by

Closed Thread
Thread Tools Search this Thread
Old 09-18-2016, 03:01 PM   #1
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

I was running WAMPServer and entering data. Then wamp 'crashed'. The contents of index.php in www folder was replaced by some other code by the hacker. There are website address in that file.
I checked one out and it is a French language site. There was also some email addresses. I sent an email to one. I'll see if they reply.

I uninstalled Wamp but the C:\wamp folder is still there. So I tried to delete it.
I got a permission denied error.

Here is the DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16473 BrowserJavaVersion: 11.91.2
Run by worlD123 at 14:41:39 on 2016-09-18
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.771 [GMT -7:00]
============== Running Processes ================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.11.376\McUICnt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-System: EnableLUA = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer =
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer =
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
================= FIREFOX ===================
FF - ProfilePath - c:\users\world123\appdata\roaming\mozilla\firefox\profiles\9ip8nyz8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
============= SERVICES / DRIVERS ===============
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2016-1-1 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2016-1-1 224616]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-3-22 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2016-1-1 735488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-1-1 434144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-1-1 92256]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-8-30 197128]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2016-1-1 184592]
S3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-1-1 34008]
=============== File Associations ===============
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
=============== Created Last 30 ================
2016-09-16 23:14:29 49608 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2016-09-16 23:14:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2016-09-16 23:14:29 19912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2016-09-16 23:14:29 109000 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2016-09-16 23:14:22 170952 ----a-w- c:\program files\mozilla firefox\mozavutil.dll
2016-09-16 23:14:22 1546184 ----a-w- c:\program files\mozilla firefox\mozavcodec.dll
2016-09-16 09:04:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\offreg.976.dll
2016-09-16 08:44:46 9654712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{271e5e7a-4fe8-446a-9ba3-cfb816b81c7e}\mpengine.dll
2016-08-30 11:10:30 53208 ----a-w- c:\windows\avastSS.scr
==================== Find3M ====================
2016-09-13 19:23:21 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-13 19:23:21 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 11:11:19 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-08-30 11:10:40 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-08-30 11:10:40 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-08-30 11:10:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-08-30 11:10:40 224616 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-08-30 11:10:40 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-08-30 11:10:19 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-07-26 21:24:26 406184 ------w- c:\windows\system32\MpSigStub.exe
2016-06-30 09:28:00 921280 ----a-w- c:\windows\ucrtbase.dll
============= FINISH: 14:42:42.86 ===============

The Attach File is attached.
Attached Files
File Type: txt attach.txt (5.5 KB, 30 views)
BrentC is offline  
Sponsored Links
Old 09-27-2016, 03:43 PM   #2
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

I reinstalled Windows and that fixed the problem. But now I need this file: MSVCR110.dll.

Since wamp can be easily hacked, I am not going to deal with it anymore.
BrentC is offline  
Old 10-01-2016, 02:56 PM   #3
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

My problem with wamp is back. Now I cannot get notepad++ to work. What these people are up to, I don't know...
BrentC is offline  
Sponsored Links
Old 10-01-2016, 06:01 PM   #4
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

Ok, to you people behind wamp, yes I used other people's code on my website. For that, I am sorry. I won't do it again. Would you please leave me alone. You showed what you can do.
BrentC is offline  
Old 10-08-2016, 02:54 PM   #5
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

My Hotmail account has changed to a click on Focused
BrentC is offline  
Old 10-26-2016, 10:31 AM   #6
TSF Enthusiast
BrentC's Avatar
Join Date: May 2007
Posts: 1,117
OS: Vista Home Premium

Wamp is not hacked, It's the people behind it. They can monitor everything you do. And they can control what you can and cannot do with wamp. They want money for their services, but they should stipulate that at the beginning of your envolvement with them.
BrentC is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 Error when using ssl
I get an error when trying to get ssl working on my server. Errror: AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information I went through the startssl.com process and got my key and crt. Those appear to be working ok. I am using...
razgriz Web Design & Development 2 08-13-2014 01:25 PM
HACKED 2003 Server
I have an issue, some *** has hacked my 2003 server, and when I go into my hard drive and look at my C:\ in both File Explorer and DOS, I see all files and I mean all of them, hidden system folders and files. I am attaching a pic of the problem.. Please has anyone seen this?
dwhite02 Windows Servers 5 05-21-2014 08:14 AM
Windows Defender Issues
Hi there, Just last night I took the bull by the horns, and uninstalled Norton Internet Security - FINALLY! However I ran into a problem after this. After using the Norton Removal Tool, I restarted my computer as requested by the wizard, and then proceeded to try and re-activate Windows...
HomicidalBunny Windows 8, 8.1 Support 85 08-23-2013 09:27 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ
Powered by vBadvanced CMPS v3.2.3

All times are GMT -7. The time now is 02:41 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts