SDS Posted May 13, 2006 Posted May 13, 2006 If our friend used an older known exploit, then those holes have been closed. I will forward the necessary lines of the log files to IPS to analyze and determine the nature of the exploit. I'm assuming this was an older exploit. I apologize for any trouble this may cause your machines. If we can get an identification of the nasties they tried to spread, we will post the steps necessary to check your machines and clean them.
meazza Posted May 13, 2006 Posted May 13, 2006 I am using Win 2k server. I installed ad-aware and it seems to be fine.
SDS Posted May 13, 2006 Author Posted May 13, 2006 Apparently, the Trojan was: Trojan.Byte Verify http://www.symantec.com/avcenter/venc/data...byteverify.html
Chilly Posted May 13, 2006 Posted May 13, 2006 http://www.eset.sk/en/company/NOD32-users-...-Windows-system
jarthur31 Posted May 15, 2006 Posted May 15, 2006 how do i get rid of them 691275[/snapback] Wow. Read that Symantec link up above.
SDS Posted May 15, 2006 Author Posted May 15, 2006 FWIW, there are a ton of IPB forums that have been hacked from ".ru" in the past week...
udonkey Posted May 15, 2006 Posted May 15, 2006 Anyone not running anti-virus software can get a good for FREE at: http://free.grisoft.com/doc/1 Its what I use and recommend to those who are a bit thrifty
stuckincincy Posted May 15, 2006 Posted May 15, 2006 Anyone not running anti-virus software can get a good for FREE at: http://free.grisoft.com/doc/1 Its what I use and recommend to those who are a bit thrifty 691457[/snapback] I've used Grisoft's free AVG product for some time. I recommend it, too. Also, Spybot and Ad-Aware SE.
SDS Posted May 15, 2006 Author Posted May 15, 2006 Anyone not running anti-virus software can get a good for FREE at: http://free.grisoft.com/doc/1 Its what I use and recommend to those who are a bit thrifty 691457[/snapback] FWIW, the hack isn't necessarily trojan related. The dude could have just wiped the board clean if he wanted to. The security updates that were performed were done to prevent malicious changes/exploitation in code on the server. His preference was just to try and make people download a file or two, but other sites have been affected in different ways.
Crap Throwing Monkey Posted May 15, 2006 Posted May 15, 2006 FWIW, the hack isn't necessarily trojan related. The dude could have just wiped the board clean if he wanted to. 691472[/snapback] But instead, he decided to be malicious and make us sit though our daily "SOMEONE PLEASE TELL ME MCGAHEE'S FORTY TIME!!!" thread...?
SDS Posted May 15, 2006 Author Posted May 15, 2006 But instead, he decided to be malicious and make us sit though our daily "SOMEONE PLEASE TELL ME MCGAHEE'S FORTY TIME!!!" thread...? 691545[/snapback]
Orton's Arm Posted May 16, 2006 Posted May 16, 2006 But instead, he decided to be malicious and make us sit though our daily "SOMEONE PLEASE TELL ME MCGAHEE'S FORTY TIME!!!" thread...? 691545[/snapback] C'mon Tom. I know you have McGahee's post-injury 40 time. You're holding out on us! Maybe another 20 or 30 threads on the subject will get you to open up.
Recommended Posts