Posted May 7, 201410 yr Happens on a windows server 2012 with IIS 8 and 5.3 installed. Any clue that it is actually detected and removed ? or dissapear before security essential do anything on it. Below appears on the Security Essentials History. The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. Category: Backdoor Description: This program provides remote access to the computer it is installed on. Recommended action: Remove this software immediately. Items: containerfile:C:\Windows\Temp\php80BE.tmp file:C:\Windows\Temp\php80BE.tmp-> [left]While on event log i got below.[/left] 1. warning Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/SimpleShell.A&threatid=2147684280 Name: Backdoor:PHP/SimpleShell.A ID: 2147684280 Severity: Severe Category: Backdoor Path: file:_C:\Windows\Temp\php80BE.tmp->[php] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ************** Process Name: C:\PHP\default\php-cgi.exe Signature Version: AV: 1.173.1228.0, AS: 1.173.1228.0, NIS: 111.6.0.0 Engine Version: AM: 1.1.10502.0, NIS: 2.1.10502.0 [left]2.warning[/left] [left] [/left] Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/SimpleShell.A&threatid=2147684280 Name: Backdoor:PHP/SimpleShell.A ID: 2147684280 Severity: Severe Category: Backdoor Path: containerfile:_C:\Windows\Temp\php80BE.tmp;file:_C:\Windows\Temp\php80BE.tmp->[php] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: ***************** Process Name: C:\PHP\default\php-cgi.exe Signature Version: AV: 1.173.1228.0, AS: 1.173.1228.0, NIS: 111.6.0.0 Engine Version: AM: 1.1.10502.0, NIS: 2.1.10502.0 [left]3. Information[/left] [left] [/left] Microsoft Antimalware has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/SimpleShell.A&threatid=2147684280 Name: Backdoor:PHP/SimpleShell.A ID: 2147684280 Severity: Severe Category: Backdoor Path: containerfile:_C:\Windows\Temp\php80BE.tmp;file:_C:\Windows\Temp\php80BE.tmp->[php] Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\PHP\default\php-cgi.exe Action: Quarantine Action Status: No additional actions required [b]Error Code: 0x80508023[/b] [b]Error description: The program could not find the malware and other potentially unwanted software on this computer.[/b] Signature Version: AV: 1.173.1228.0, AS: 1.173.1228.0, NIS: 111.6.0.0 Engine Version: AM: 1.1.10502.0, NIS: 2.1.10502.0 Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.