47 replies to this topic

[The Admiral]

Unfortunately, the CBn forums were hacked today because of an Invision Board security hole. The malicious user appears to have hacked into one of our templates so that people accessing the forums will be made vulnerable to a trojan virus.

We're not totally sure how the trojan would infect a PC, but if you were using any browser and accepted a file transfer on Windows at the time of the attack, it is highly recommended that you run an anti-virus scan and install any Microsoft Windows updates.

The forums have now been upgraded to the latest version of Invision Board. We're sorry for the delay in getting the site back online, but we thought it best to run a complete system backup earlier than scheduled.

[killkenny kid]

Thanks, will do.

[Simon]

Hi,

Thanks for this - I was indeed one of those to suffer, although Norton picked it up and deleted it.

I was sent an email saying I'd received a card from some Hotmail address. I had accepted it (it was my birthday recently!) but saw that the file extension had a strange ending and deleted it - but not before Norton clobbered it.

I can no longer see Today's Posts though - is this a side effect?

Best.

[The Admiral]

Hi,

Thanks for this - I was indeed one of those to suffer, although Norton picked it up and deleted it.

I was sent an email saying I'd received a card from some Hotmail address. I had accepted it (it was my birthday recently!) but saw that the file extension had a strange ending and deleted it - but not before Norton clobbered it.

I can no longer see Today's Posts though - is this a side effect?

Best.

Yes - an email was sent out as well earlier.

I just sent an email informing members of this.

Norton sounds as though it did it's job well.

Today's Posts just needs to be added again - it was lost when we did the upgrade.

[Bondian]

Hi Gang.

I was silly enough to open up the file and have been infected with a Trojan and spyware.

I'm in the process if removing them, but Norton cannot removed the files, so will try another anti-virus.

Thank you Dave for letting us know.

There's some real losers out there.

Cheers,


Ian

[Joyce Carrington]

Thanks for making sure the website is safe again, Dave.

Norton contained any damage.

[Bondian]

If anyone had any problems with their anti-virus not being able to remove the virus, please try AVG anti-virus.

Looks like this virus hijacks your browser (in IE) and installs some software called 'paytime.exe'.

[The Admiral]

Be sure to download and install Firefox

http://getfirefox.com

[Bondian]

Thanks, Dave. Good advice my friend.

Luckily I was working on Carol's machine when this happened. LOL

[The Admiral]

So long as it was, Carol's and not yours - that's fine

http://movies.apple....ses_480x376.mov

[Johnboy007]

I had wondered why my AntiVirus was going nuts when I signed on this morning. There were about ten attempts to infect my computer, but fortunately my VirusScan is brand new and blocked all of them. Add another one whose Norton swatted it down.

Strange morning.

[Bondian]

So long as it was, Carol's and not yours - that's fine

http://movies.apple....ses_480x376.mov

LOL. I just got a "bitch slap" for that. LOL

Okay. Norton couldn't remove the files, but AVG did. However, there's three files that have to be removed manually and in 'safe mode'.

If anyone is having a problem, please try the following. In fact even if your anti-virus has removed the virus, this would still be worthwhile doing.

You will also need to restore your homepage.

Open up your browser, and do the following.

Tools -> Internet Options ->. In the 'Homepage' section, please type in your regular homepage, and click on 'ok'.

1). Removal of 'secure32' browser hijack.

Start -> Search -> For Files and Folder. Click on 'all files and folders', and type in 'secure32'. Once the search had found this file please delete it.

2). Removal of 0mcamcap.exe. (please note it's a zero not an oh).

Start -> Search -> For Files and Folder. Click on 'all files and folders', and type in '0mcamcap.exe'. Once the search had found this file please delete it.

3). Removal of paytime.exe.

Start -> Search -> For Files and Folder. Click on 'all files and folders', and type in 'patyime.exe'. Once the search had found this file please delete it.

That should be all you need to do.

Cheers,


Ian

[jl151080]

I'm another who was affected.

I'm a little worried, as when I clicked on the link a message from Norton said there was a trojan and something about a file being unrepairable.

I immediatly switched the power to my computer off, which I know your not supposed to do, but I wanted to prevent any more damage being done.

I then restarted the computer and ran a full Norton anti virus scan. I bought norton literally a couple of days ago, but nothing was picked up from the scan

I've also done a scan at symantec online, but nothing was picked up there either

Edited by jl151080, 13 May 2006 - 04:46 PM.

[The Admiral]

AVG is free, and seems to have done a better job for Bondian.

http://free.grisoft....2/lng/us/tpl/v5

[marktmurphy]

Hmm- use Firefox and was a bit confused as to why it was crashing out everytime I came to CBN this morning. My Norton says there no problem but perhaps I'll try this AVG too.

[Bryce (003)]

Well done Admiral - Oddly, I had just changed my password in the last 24 hours and my Norton system does a full auto scan on Mondays and Fridays. I've suffered no ill effects, but my sympathy to any here at CBn who have.

One of these days, one of these "super hackers" is going to be executed on live TV worldwide. It'll send a message.

Hopefully, I'll get to be one of the trigger men. Anyone care to join me? I'll pay for your ammo and the pints afterwards.

Again, well done Admiral.

[marktmurphy]

One of these days, one of these "super hackers" is going to be executed on live TV worldwide. It'll send a message.

*edges quietly away*

[Athena007]

This is horrible. My computer is safe, but still... EVIL!

As for virus protection. I used to use Norton (had major problems w/ it), and then AVG (wasn't catching everything).

But now I used AVAST, which I would highly recommend: http://www.avast.com --- they have a free home edition.

[Thom Paine]

I run Linux 99% of the time and never worry about stuff like this.

Thanks for the notice though.

[TortillaFactory]

Firefox caught it, as did Norton - can't recommend the former enough. Norton, however, is largely useless. Luckily it worked for this. Thanks for the notfication.

Is the little gun icon coming back, or are we stuck with a generic blue V in our Firefox tabs?

[B. Brown]

Luckily, I didn't receive this virus.

Thanks a lot for sending the email to me, letting me know.

Without the email, I would have never realized the virus was sent, and if I got it, I'd be in a pile of **** right now.

Thanks again.

Hopefully those sons of b****es rot in hell.

[Double-0-Seven]

I didn't receive the e-mail nor have I been on the forum all day so I shouldn't be affected by it right? I might run a virus check after just to be on the safe side.

[Qwerty]

What [censored]s. Useless, pathetic internet trolls.

Glad to see everything is pretty much back to normal.

[The Admiral]

Only around half of our members received the email.

[Carver]

I only got the email tonight telling me the site had been hacked. I didn't get the card email, but I'm running an AVG scan just in case. Pathetic bastards, do they not have anything better to do with their lives? I gotta say though, hats off to Dave for informing us all about it so to avoid any of us getting viruses, and I'm glad things are getting back to normal.

[darkpath]

I've also done a scan at symantec online, but nothing was picked up there either

By default, Symantec Antivirus does not look for so-called expanded threats. There is an option that can be selected when preparing to run a scan of the hard drive. Also, by default, Symantec Antivirus only flags such expanded threats; but, the default behavior can be changed to delete such threats.

On note of caution: if the threat is running as a service or has somehow managed to acquire sufficiently high permissions, then the threat may not be deleted. For this reason, it's best to run such a scan for expanded threats in safe mode.

If I may be of service to anyone having trouble sorting out my description, please let me know and I will do my best to unmuddle my description.

Cheers!

[Lady Templar]

Aw, my computer was infected by a Trojan worm as soon as I looged on CBn. But it has been - let's hope it was ! - removed by the Norton anti-virus. I firstly thought there was something wrong with CBn.

[The Admiral]

Aw, my computer was infected by a Trojan worm as soon as I looged on CBn. But it has been - let's hope it was ! - removed by the Norton anti-virus. I firstly thought there was something wrong with CBn.

Try running a scan with AVG just to be safe.

[TGO]

I did suspect the e-mail had a virus. But, having a Mac...my computer laughs at such nonsense...like Windows viruses, for example.

[Lady Templar]

The e-mail reached me unfortunatelly too late. But thanks Dave and all the CBn team for your help and explanations about what happened.

Just a question: I'm using Norton. Can I download AVG without problem ?