ColdFusion 9: What exe files are supposed to be in the CFIDE folder?

Carl, thanks for the quick feedback.  My virus scanner was in the process of scanning the whole server, and had not got to these files yet.  Once I got your response, I renamed the files removing the exe extension.  When my virus scanner finally got to them, it confirmed that they were all malicious.

Format and start again is my advice. The malware could write all over the file system. We had a WordPress install hacked that did this and it put files all over, and not just in CFIDE. Unless you wipe and reinstall you'll be forever worrying...

tribule wrote: Format and start again is my advice.

Sound advice. However, by 'format' I take it you mean reinstall.

No. I mean format the disk and reinstall everything.

If you just reinstall Windows, say, it will not always remove any malicious files that are already there and which are not part of the OS (unless you do a low-level fdisk etc). Malware can write all manner of strange files and files with strange permissions to the disk. If you are running a server that is running critical processes, e.g. e-commerce or customer data, then a format and reinstall is what I would personally recommend. It's a bummer, but at least then you know you started clean. Malware doesn't just infect CFIDE, it will drop DLLs/EXEs etc all over.

Also, never install something like WordPress (PHP) on the same CF server. WordPress is always being patched and it is a common entrance vector for malware. Keep all such things off-site is very advisable.

The CFIDE folder doesn't contains any exe files. you should quarantine all. I would suggest using http://hackmycf.com/ to scan your server. In case you find any vulnerability, please report it to

Adobe Product Security Incident Response Team (psirt@adobe.com) immediatly.

Regards,

Anit Kumar