Lufty Report post Posted May 22, 2006 Dear All I am really sorry and indeed sad to inform you all that this forum was hacked into last night and a trojan program maliciously installed on the site. At approximately 21:20 on Sunday 21st May 2006 we became aware of the problem and I immediately took steps to shut the forum down to prevent any further damage to the site and to forum members own computers. Most antivirus software will have detected and dealt with the trojan however now is a good time to run a complete virus scan on your computer and also ensure your antivirus and antispyware software is up to date and functioning correctly !!! At first glance it looks to be the work of a Russian hacker however it was more important to preserve the integrity of the site and the forum members own computers than preserve the evidence of the hack. In restoring the site I have taken the opportunity to install the latest version of the forum software along with a security patch which might prevent further hacking. Please immediately notify the moderators on this site if you notice anything suspicious. You can contact all moderators by sending an email to moderators@asd-forum.org.uk. Kind regards Lufty Quote Share this post Link to post Share on other sites
phasmid Report post Posted May 22, 2006 (edited) Hi Lufty, I have just clocked the time you made the posting. That's dedication! Edited May 22, 2006 by phasmid Quote Share this post Link to post Share on other sites
Elefan Report post Posted May 22, 2006 Thank you!! I know how very, very hard you worked on this. Love Elefan xxxx Quote Share this post Link to post Share on other sites
lindy-lou Report post Posted May 22, 2006 That is just dreadful,what sad people,what would they gain from that? Thankyou Lufty Quote Share this post Link to post Share on other sites
mel Report post Posted May 22, 2006 There are some really sad people out there! thank you lufty <'> Quote Share this post Link to post Share on other sites
mossgrove Report post Posted May 22, 2006 Many thanks for sorting that out. Simon Quote Share this post Link to post Share on other sites
annie Report post Posted May 22, 2006 Thank you for getting things sorted out Annie xx Quote Share this post Link to post Share on other sites
nellie Report post Posted May 22, 2006 Lufty/Kris, Thank you so much for your hard work and dedication. Nellie xx Quote Share this post Link to post Share on other sites
redberry Report post Posted May 22, 2006 Thank you Lufty. redberry Quote Share this post Link to post Share on other sites
Elefan Report post Posted May 22, 2006 Nels, Kris would have loved to have helped, but after his own computer crashed because of the hacker, it was over to Lufty!! LOL,,,if it can happen to an IT genius, it can happen to anyone, I suppose! Kris' computer is well now though, too! Don't know how you both manage this IT malarky!! Waaaaaaaaaayyy beyond me!! Love Elefan xx Quote Share this post Link to post Share on other sites
call me jaded Report post Posted May 22, 2006 Well done!. Some cyber-###### with too much time on their hands and no friends. It wasn't me, I promise. Quote Share this post Link to post Share on other sites
Brook Report post Posted May 22, 2006 Thanks My anti virus picked it up, all of a sudden I heard this siren, and thought what the hell is that Had to get hubby on the case as I'm not too hot with comps . Thanks Lufty, this forum is very important to alot of people . Brook Quote Share this post Link to post Share on other sites
smiley Report post Posted May 22, 2006 <'> Thank you for sorting it out Quote Share this post Link to post Share on other sites
barefoot wend Report post Posted May 22, 2006 Phew! Well done, Lufty. But where were our batcave heroes and heroines? Barefoot Quote Share this post Link to post Share on other sites
lisann Report post Posted May 22, 2006 Hi Thanks for sorting it was getting worried can't live without this site it's my safety blanket.My anti virus alerted me to the trojen twice hell it was scarry there are some people out there who should go bug someone else and leave us be on the site. Lisa Quote Share this post Link to post Share on other sites
baddad Report post Posted May 22, 2006 Hi all - well done lufty... Unfortunately I got bitten too, but i THINK I'm ok now FWIW : AVG found 2 instances of a trojan 'Downloader agent 13.A1 2 " of virus Exploit cve-2005-1790 and about 6 or 7 'bits' of 'Java Byte Verify Exploit'... I guess the number of 'instances' depends on how quickly you got offline when it hit? So maybe others will have more/less(?) The 'java bite verify' exploit is a bit more complicated, as AVG couldn't delete them as 'embedded files'... If anyone else is still struggling, the AVG website has details for deleteing the exploit through the Java Control centre 'cache' (if you have it) or manually deleting... I'm still nervous that 'bits' might still be floating about - so anyone with more info might want to post here... L&P BD and thanks again 'techies' Quote Share this post Link to post Share on other sites
Bagpuss Report post Posted May 22, 2006 Thanks Lufty for responding to my email.......I left sensory questionnaire and bedlam broke out, got access denied.....and thought I'd done "something" to crash the site....was worried for hours.......thinking oh no, I've been banned......... Quote Share this post Link to post Share on other sites
baddad Report post Posted May 22, 2006 a TECHIE question... I'm probably just paranoid, but being a bear of very little brain when it comes to the whole buggy/internetty thing... When I came online AFTER clearing the horrid little virussy things from my pc (?), the little yellow 'shield' logo appeared in my tray saying updates are ready for your computer... it APPEARS to be the genuine Microsoft update, and APPEARS to be pointing to a genuine update of the XP verification wotsit, but the timing makes me nervous I've been to the update site directly (not through the tray icon) and the verification thingy IS listed as a valid update for my system - but i don't want the ###### thing on principal! Anyone else get this icon pop up this morning? Anyone heard of any spyware/malaware stuff using this icon for phishing etc?? Am I CLEAN???????????????????? L&P a worried BD Quote Share this post Link to post Share on other sites
baddad Report post Posted May 22, 2006 Thanks Lufty for responding to my email.......I left sensory questionnaire and bedlam broke out, got access denied.....and thought I'd done "something" to crash the site....was worried for hours.......thinking oh no, I've been banned......... So it was YOU who broke our website was it???? Off you go to the naughty chair!!! seriously, hope the virus missed you.... L&P BD Quote Share this post Link to post Share on other sites
Kris Report post Posted May 22, 2006 As Elefan has pointed out, the credit for this one is all down to Lufty as my laptop was out of action due to the virus and I was desperately trying to fix it before jumping on a plane this morning (currently in sunny Vienna) Thanks Lufty. Kris Quote Share this post Link to post Share on other sites
nellie Report post Posted May 22, 2006 Help!!! Trojan horse downloader agent 13Al & Exploit CVE-2005-1790 are both in the VIRUS vault. What now, should we empty the vault????????? Scary things computers. Nellie xx Quote Share this post Link to post Share on other sites
nellie Report post Posted May 22, 2006 Kris, I did notice you were last on line in the middle of the night and assumed you had been up all night working on the forum. No laptop, brilliant excuse. You just had to mention you are in sunny Vienna! Nellie xx Quote Share this post Link to post Share on other sites
Lufty Report post Posted May 22, 2006 Help!!! Trojan horse downloader agent 13Al & Exploit CVE-2005-1790 are both in the VIRUS vault. What now, should we empty the vault????????? Scary things computers. Nellie xx Hi Nellie Yes empty the vault which is like deleting the virus infected files from a quarantine folder. Kind regards Lufty Quote Share this post Link to post Share on other sites
nellie Report post Posted May 22, 2006 Thank you Lufty. Nellie xx Quote Share this post Link to post Share on other sites
Lufty Report post Posted May 22, 2006 a TECHIE question... I'm probably just paranoid, but being a bear of very little brain when it comes to the whole buggy/internetty thing... When I came online AFTER clearing the horrid little virussy things from my pc (?), the little yellow 'shield' logo appeared in my tray saying updates are ready for your computer... it APPEARS to be the genuine Microsoft update, and APPEARS to be pointing to a genuine update of the XP verification wotsit, but the timing makes me nervous I've been to the update site directly (not through the tray icon) and the verification thingy IS listed as a valid update for my system - but i don't want the ###### thing on principal! Anyone else get this icon pop up this morning? Anyone heard of any spyware/malaware stuff using this icon for phishing etc?? Am I CLEAN???????????????????? L&P a worried BD Hi Baddad This update came out a couple of days ago and is safe to download. There have been many attempts at simulating the Windows Update Software so you did exactly the right thing and ran it from the Windows Update site. Regards Lufty Quote Share this post Link to post Share on other sites
Lufty Report post Posted May 22, 2006 Thank you Lufty. Nellie xx Hi Nellie Just to add you can generally configure antivirus software to either delete or "Quarantine" a virus or trojan infected file. When you "Quarantine" the file it puts it in a special directory so you can not run the infected file by accident. Kind regards Lufty Quote Share this post Link to post Share on other sites
smiley Report post Posted May 22, 2006 When I came online AFTER clearing the horrid little virussy things from my pc (?), the little yellow 'shield' logo appeared in my tray saying updates are ready for your computer... it APPEARS to be the genuine Microsoft update, and APPEARS to be pointing to a genuine update of the XP verification wotsit, but the timing makes me nervous Yup, me too. Just as everything was going pear shaped.... I clicked 'Cancel', turned off 'puter and ran and hid under the sofa...... Not very brave.. Should i go through my anti-virus software?? What am i supposed to check??? 'Puter's fine now - i think You lot have got me worried! Quote Share this post Link to post Share on other sites
nellie Report post Posted May 22, 2006 Thanks for the explanation Lufty. Nellie xx Quote Share this post Link to post Share on other sites
baddad Report post Posted May 22, 2006 Hi Baddad This update came out a couple of days ago and is safe to download. There have been many attempts at simulating the Windows Update Software so you did exactly the right thing and ran it from the Windows Update site. Regards Lufty Hi lufty... I haven't downloaded it, 'cos i sort of object to 'Big Bill's' validation system even though my o/s is pukka... I tried 'declining' the update, but it still leaves the shield icon in the tray... I guess i could disable 'auto update' and check manually from time to time, but i DO want to get OTHER updates when they come out - especially the security ones Anyway of telling the icon 'look. I'd rather not have THIS update but go away now and come back if any more new ones appear?' You can tell, I'd be great at writing computer code, huh?? BD Quote Share this post Link to post Share on other sites
Flora Report post Posted May 22, 2006 That was horrible!!! I infected ALL 3 of our pc's because I foolishly ran from one to the other to see if it was just mine Why the heck do people do these things? Are they pschopaths? What pathetic little lives they must live if they have to get their kicks from doing stuff like that. Glad it's all over!! Lauren Quote Share this post Link to post Share on other sites
forbsay Report post Posted May 22, 2006 Hi I also noticed something strange last night when i logged in........... In the user names there was one in bold red - no name but just a serious of x's. I have never seen this before.............. Usually, the moderators have a user name. Don't know if it is anything or not but just thought I' d say. Forbsay Quote Share this post Link to post Share on other sites
Canopus Report post Posted May 22, 2006 It could be the government using the services of a foreign hacker desperate for a bit of hard cash. A certain political site was hacked from China and the owners of the site are convinced that either the British government or the EU were behind it all. Quote Share this post Link to post Share on other sites
bid Report post Posted May 22, 2006 Thank You and Well Done for sorting things out so promptly, Lufty!! Bid Quote Share this post Link to post Share on other sites
Suze Report post Posted May 22, 2006 you lot are super-heroes ..........LUFTY.............THE KING ............you mentioned to let you know of anything strange on the forum.........what exactly???.............ALSO...........I did,nt have any problem logging on or with the puter...........is this o.k. ............I,m a complete idiot when it comes to techie stuff Quote Share this post Link to post Share on other sites
Bagpuss Report post Posted May 22, 2006 I also noticed the series of red crosses??? How would I know if I've got a virus????? Where do I look????? I just about know how to turn computer on and email PS Can I come off the naughty step now please???? Quote Share this post Link to post Share on other sites
Lufty Report post Posted May 22, 2006 you lot are super-heroes ..........LUFTY.............THE KING ............you mentioned to let you know of anything strange on the forum.........what exactly???.............ALSO...........I did,nt have any problem logging on or with the puter...........is this o.k. ............I,m a complete idiot when it comes to techie stuff Hi Suze I am glad you could log on successfully to the site with your computer. A good example of something strange would be an admin (name in red) other than Kris, Elefan or Lufty for example as was noticed last night by another member. An strange error message when accessing the site would be another example. Kind regards Lufty Quote Share this post Link to post Share on other sites
Flora Report post Posted May 22, 2006 I noticed the red crossess and was about to ask what they were when all the virus alerts started popping up. Lauren Quote Share this post Link to post Share on other sites
curra Report post Posted May 22, 2006 I also got infected with the Trojan bug. My anti virus programme suddenly flashed a warning that there was a Trojan in a file and I was able to destroy ( = delete) it on time. A complete virus scan was required too and now things look OK in my puter. Glad that you have sorted it out! Curra Quote Share this post Link to post Share on other sites
Canopus Report post Posted May 22, 2006 Linux and Unix servers are almost immune to viruses and difficult to hack into. Windows is a security hole. Quote Share this post Link to post Share on other sites
Zemanski Report post Posted May 22, 2006 Macs are secure too - Nemo wasn't affected but I was. Fortunately AVG is free and very good. Thanks Lufty Zemanski Quote Share this post Link to post Share on other sites