Backdoor:PHP/Shell.A

Detected by Microsoft Defender Antivirus

Aliases: HTML/Iframe (AhnLab) PHP/BackDoor (AVG) Trojan.PHPInfo.A (Avira) PHP.BackDoor.9 (BitDefender) HTML/Iframe.B.Gen (ESET) Backdoor.PHP.Agent.hc (Kaspersky) Backdoor.Script.PHP.fr (Rising AV) Mal/PHPInfo-A (Sophos) PHP.Backdoor.Trojan (Symantec)

Summary

Backdoor:PHP/Shell.A is a Hypertext Preprocessor (.PHP) script that is used to compromise a server running a vulnerable PHP application. Once compromised, information is returned to a remote attacker via the script execution request.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Maintain installed PHP applications and apply software updates when available to help mitigate attacks.

Backdoor:PHP/Shell.A

Summary

What to do now

Technical information

Threat behavior

Installation

Payload

Prevention

Symptoms