Skip to main content
C
CFBarbarian
Inspiring
April 8, 2014
Question

ColdFusion 9: What exe files are supposed to be in the CFIDE folder?

  • April 8, 2014
  • 3 replies
  • 1188 views

My server was recently hacked and I'm looking for malicious code the hacker may have left behind.  I see a number of exe files in the CFIDE folder that were created during the period the server was exposed.  Can you help me know which ones I should quarantine by giving me a list of the one that are supposed to be in that folder?  I'm using ColdFusion 9.  Thanks.

This topic has been closed for replies.

3 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
April 8, 2014

CFBarbarian wrote:

ColdFusion 9: What exe files are supposed to be in the CFIDE folder? 

... Can you help me know which ones I should quarantine by giving me a list of the one that are supposed to be in that folder? 

Just a remark for anyone else in a similar situation. The CFIDE folder is exposed to the web, by design. Therefore bells should ring if you see any EXE, DLL or OCX files in it.

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
April 8, 2014

I am on ColdFusion 10. I, too, could find no EXEs or DLLs in my CFIDE folder. You seem to have been the victim of the m32.exe and m64.exe exploits discussed here some weeks ago.

Anit_Kumar
Anit_Kumar
Inspiring
April 8, 2014

The CFIDE folder doesn't contains any exe files. you should quarantine all. I would suggest using http://hackmycf.com/ to scan your server. In case you find any vulnerability, please report it to

Adobe Product Security Incident Response Team (psirt@adobe.com) immediatly.

Regards,

Anit Kumar

C
carl type3
Legend
April 8, 2014

I do not have any EXE or DLL files in my CF9 CFIDE folders. HTH, Carl.

C
CFBarbarianAuthor
Inspiring
April 8, 2014

Carl, thanks for the quick feedback.  My virus scanner was in the process of scanning the whole server, and had not got to these files yet.  Once I got your response, I renamed the files removing the exe extension.  When my virus scanner finally got to them, it confirmed that they were all malicious.

T
tribule
Legend
April 8, 2014

Format and start again is my advice. The malware could write all over the file system. We had a WordPress install hacked that did this and it put files all over, and not just in CFIDE. Unless you wipe and reinstall you'll be forever worrying...

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices