• Resolved wiredafrican

    (@wiredafrican)


    Hi all,

    WF has uncovered backdoors but I cannot find any information about this backdoor called qd5f27f0. All WF says is “A backdoor known as qd5f27f0”. Really frustrating not knowing what it is and how to get rid of it.

    Any links to where we can find info about these faceless malware intrusions would be appreciated.

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Mo

    (@adminstar-1)

    I face the same problem.
    Would appreciate any help regarding this problem.

    Ilona

    (@filona)

    Yep, same here, still looking for answers.

    Hi @wiredafrican!

    The name qd5f27f0 would be something that was assigned by one of our analysts based on the malware type. Unfortunately knowing the malware type isn’t enough to know how the malware ended up there or how to secure the site.

    The scan result also shows the file in which the backdoor was found so that’s one place to start. Look at the timestamp for when the file was last modified, then you can analyze the raw access logs on the server to see if you can get some clues about how the the site was accessed at the time when the file changed.

    Some infections are tricky and require an expert to clean so you may want to consider going that route as well.

    Best of luck for now!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘qd5f27f0 Backdoor’ is closed to new replies.