PDA

View Full Version : VIRUS ON GOTMEAD - CHECK YOUR SYSTEM - INSTRUCTIONS HERE!!!!!!



webmaster
02-15-2008, 01:08 PM
Gotmead has been infected with a virus. We are taking the site down while we find and eliminate this threat. We apologize for the inconvenience.

Please follow these instructions to check your system to ensure that your computer has not been infected, or to clean it if it has:

Print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Use Windows Explorer to open the SDFix folder and double click RunThis.cmd to start the script.

* Type Y to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

You can get SDFix here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

JephSullivan
02-15-2008, 03:02 PM
Hi Vicky. Thanks for all your hard work in keeping this site going! We're sorry to hear about the problems you're experiencing. :(

Just as an extra layer of protection, I'd personally like to check that it's actually you, since you're asking me to download a program I haven't heard of and run it in safe mode. Here's the Is-This-Actually-Vicky?-Check. Please answer these questions:

What is Omphacomel?
Does Mr. Bekulić boil his must?
When you were a guest on a brewing-related internet radio show, name two of the other guests and the companies they work for.

Thanks!

webmaster
02-15-2008, 03:17 PM
Yeah, its me.

1. Honey with verjuice (yuk)
2. You spelt his name wrong, and no, he doesn't boil. Nevernevernever.
3. Julia Herz - Honeywine.com and Mike Faul - Rabbits Foot Meadery

I researched those instructions and got them from a tech support guru.

DaysOfOld
02-15-2008, 03:33 PM
Hello Vicky,

THe link on the main page that says "To use the forum go here: http://www.gotmead.com/smf/index.php" seems to loop back to the same front page about the virus. Not sure if its happening for everyone else, just thought I would let you know thats whats happening for me incase there is a loop.

I appreciate all the work you've put into this site :)

webmaster
02-15-2008, 03:53 PM
Weird. I see what you mean. Joomla must be interpreting the URL. Anyway, typing it into a browser window works fine....

I'm working on the problem, but to effectively search the thousands of files on the site, I have to make a full backup. This is going on now, so hopefully I will have a solution soon...

JephSullivan
02-15-2008, 03:55 PM
Thanks Vicky! :) You get extra credit. I intentionally misspelled Oskaar's name so it wouldn't turn up in a forum search. I will run the program.

webmaster
02-15-2008, 04:02 PM
Just so everyone feels ok with the solution I posted: Oskaar used this to disinfect the system he used to detect the virus, and it worked ok.

wayneb
02-15-2008, 07:13 PM
To further give everyone a warm fuzzy, I just ran it on my office machine, and all is well. (No virus or trojan detected, but the tool didn't crash or corrupt my system either.)

akueck
02-16-2008, 01:59 AM
I intentionally misspelled Oskaar's name so it wouldn't turn up in a forum search.


:laughing4: Tricky!

I must admit I was also skeptical of the "please run this software" instructions. No offense Vicky! But I am trojan-free. Weird, I got the worm messages at work, but not at home. Must be IE vs Mozilla?

webmaster
02-16-2008, 02:42 AM
Nope, I think its differences in firewalls. Let me guess, they run either Norton or McAfee?

Halfway through replacing all files and the database for the main site.......

Dan McFeeley
02-16-2008, 11:51 AM
Oh, was the main site down? Sorry, I hadn't noticed. ;D ;D ;D

Thanks Vicky and Oskaar for everything you guys do here. It was kind of a surprise, going to the main web site (my standard practice now for logging into the forums -- I've found that this eliminates any potential problems, rather than going straight to the forums) and seeing the announcement. I followed the instructions to the letter, ran the program and fortunately nothing was found.

This looks like a good program -- thanks for the tip! I'll be running it from time to time along with the standard virus scan.

beninak
02-16-2008, 12:46 PM
Ack! I guess my mistake was that I left my IE browser open all night and logged into the GotMead site. :evil3:

Sure enough, I ran the program listed and it found and deleted (hopefully) a file that it identified as a Trojan. It also found three files that it identified as having "hidden attributes", what does that mean? As far as I can tell they weren't deleted.

sandman
02-16-2008, 01:18 PM
Well, I ran my virus protection and come up with nothing. Then I downloaded the file you suggested and ran it as well just as you said to. I was still clean, but I'm glad I did it both ways just to make sure. Thanks for the heads up Vicky.
:cheers:

akueck
02-17-2008, 12:15 AM
Nope, I think its differences in firewalls. Let me guess, they run either Norton or McAfee?

Halfway through replacing all files and the database for the main site.......


I have the same antivirus (Norton Corporate Edition) as the lab (employees get it free for their home computers, yay!). But my router has an extra firewall on it, so maybe that is the difference. 3 firewalls, ain't nothin' getting through! :violent5:

BTW the main site looks to be working again. Thanks Vicky!

webmaster
02-17-2008, 12:47 AM
Yep, we're back! And it turns out you were right, it was IE that caught it, not Firefox. There was an activex control in there somewhere. However, I noticed that my firewall (I use Zone Alarm Pro) caught it and was able to remove it. Love my Zone Alarm!

sandman
02-17-2008, 01:25 AM
I'm just using my Norton virus protection and my Windows firewall here at home. I'm running IE7 though. Maybe I just got lucky but the only thing that turned up on my scans was a tracking cookie and those are pretty normal.

butterlily5
02-17-2008, 01:27 AM
Thanks, Vicky, for all the help. I ran it just like you laid out, and my computer was thankfully clean. I run Firefox, but I've also got Norton's, and it was actively blocking the trojan, thankfully. :usa2:

webmaster
02-17-2008, 01:44 AM
You're welcome. I only had to replace 24,000 files (literally) after checking all of them for weirdness, then re-upload backup copies of the datbase for the main site. Thank goodness the forum wasn't affected. That would kept me up all night tonight too.........

Vicky - hanging up the keyboard to do something *else* for a bit........at least until tomorrow....

Teufelhund
02-17-2008, 11:40 AM
Vicki,

thanks for all your hard work and persistance through this! One really has to wonder what kind of sorry-assed piece of sh*t is soooooooooo bored that they have to bug folks who make mead. Why not harass the morons who are sending me porno ads everyday or the idiots sending out Obama, McCain and Clinton emails? Sheeesh! Some little cyber eunuch needs to get out of mommys basement and get a friggin' life!
At any rate, here's a few hints and other sources for excellent virus and trojan protection :

1) GET A ROUTER! A router is an almost 100% way to prevent even Trojans, wermz, key loggers, etc, from hitting the hard drive. I use Linksys. $60 gets you set up and I have ONLY had ONE trojan EVER get by this in 5 years( it was actually a brilliant program, but that's beside the point )!

2) Get either Norton or Macafee. They are the top 2 for virus protection and the average moronic little sh*t trying to hack your emails.

3) Download at least one of these ( I use all 3) and keep the links for future reference:

SPYBOT- http://spybot.com/index2.html This is another great program that does very thorough registry files searches and changes to your system.

SPYSWEEPER -http://www.webroot.com/En_US/consumer-products-spysweeper.html GREAT for getting rid of spywarez and cookies! Great for nailing trojans and wermz!!! Caught BOTH trojans in this case.

SUPERANTISPYWARE http://superantispyware.com/ Does complete system check.

ZONE ALARM- http://www.zonealarm.com/store/content/home.jsp Makes your computer invisible as it hides all your ports from wardialers, sniffers, sniphers, phishers and such. Does great virus protection as well.

ALL of these are FREEEEEEEEEEEEE!!!!!! And seeing as I didn't get the bug bomb, well worth the time to download! :icon_thumright: If you don'[t want to keep them on the computer, just download them, run them in 'safe mode' and then remove them after the computer is scrubbed.
Just my .02 worth volks!! And again, :notworthy: and :cheers: to our fearless leaders who keep us up and running!!!!

:cheers:

DD

wolf_tracker
02-17-2008, 12:58 PM
:wave:

Found this today and thought I would share it....

http://www.download.com/8301-2007_4-9871881-12.html?tag=bubbl_3

:cheers:
wolf

Oskaar
02-17-2008, 01:39 PM
I use specific tools for specific jobs on my network at home.

Firewall: Zone Alarm Pro
Anti-Virus: Bit Defender Anti-virus 2008
Spyware: Spyware Doctor 5.5

My feeling on suites like Symantec (Norton), Network Associates (McAfee), System Suite (V-tech) is that they all have their good points, but, the problem is that as catch-all programs they fall woefully short of the mark. Norton is so ubiquitous in it's installation that it steps on other programs and causes mayhem in other areas. The interface is grotesque, the suite itself can slow your computer to a crawl, its feature set doesn't integrate well, and Symantec is once again offering fee-based services under the guise of technical support. McAfee has a smaller footprint but is still lacking in several areas Internet Security 2008 offers security updates only once a day, independent test scores (catching new viruses in the wild) could be higher, no tutorial or manual, and they charge for telephone tech support.

Anyhow, as stated above I use a set of different apps aimed at specific duties and they work very well. I had to strip down a laptop to get the stinking bug on our main page to drop onto it. When it did my apps running in passive mode went after it like rabid piranhas.

YMMV,

Cheers,

Oskaar

webmaster
02-18-2008, 02:32 PM
I'm here to tell you that McAfee sucks. Not once, but *twice* in the last 60 days McAfee has decided that programs two of my clients have been running for *years*, just fine under McAfee, were no longer allowed to run. Calls to McAfee tech support yielded no help, they just spout canned stuff at you, while charging you for the opportunity. So having McAfee installed according to the instructions, running all the same software, not only randomly started blocking that software, but cost them hundreds of dollars of lost time, a fee to have me come in and fix it, and a fee to talk to McAfee, plus another fee to purchase Zone Alarm Pro. Definitely not worth it.

This after a recent McAfee automatic update. Both customers had to have McAfee completely removed by me, and new firewall software installed before their legit software would run again.

McAfee won't let you turn it off, and resists being uninstalled. Nasty program. I warn all my clients against it. And if they let me, I take them off of it and switch them to Zone Alarm Pro, which is better anyway.

I haven't had a single complaint from folks I've switched to Zone Alarm......

butterlily5
02-18-2008, 02:52 PM
Hey, Vicky!
The only problem I've had with Zone Alarm is that it slows me *way* down, and *continually* signs me off/on any IM program I'm signed into, both very frustrating problems. :angry3: (But I really like the e-mail filter.) Do you have any advice for the technically challenged such as myself? Is it set up wrong? ???

webmaster
02-18-2008, 03:36 PM
Zonealarm doesn't give me any problem with IM. You probably clicked a 'deny' at some point. Open up Zonealarm (double-click on the icon in the menu bar at the bottom), click 'IM Security' in the left hand menu bar in Zonealarm, and see what your IM security is set to. Mine is set to off, because I don't use it enough to need it. I would make sure it is no higher than 'medium'.