• PATRONS: Did you know we've a chat function for you now? Look to the bottom of the screen, you can chat, set up rooms, talk to each other individually or in groups! Click 'Chat' at the right side of the chat window to open the chat up.
  • Love Gotmead and want to see it grow? Then consider supporting the site and becoming a Patron! If you're logged in, click on your username to the right of the menu to see how as little as $30/year can get you access to the patron areas and the patron Facebook group and to support Gotmead!
  • We now have a Patron-exclusive Facebook group! Patrons my join at The Gotmead Patron Group. You MUST answer the questions, providing your Patron membership, when you request to join so I can verify your Patron membership. If the questions aren't answered, the request will be turned down.

VIRUS ON GOTMEAD - CHECK YOUR SYSTEM - INSTRUCTIONS HERE!!!!!!

Barrel Char Wood Products

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Gotmead has been infected with a virus. We are taking the site down while we find and eliminate this threat. We apologize for the inconvenience.

Please follow these instructions to check your system to ensure that your computer has not been infected, or to clean it if it has:

Print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop. http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Use Windows Explorer to open the SDFix folder and double click RunThis.cmd to start the script.

* Type Y to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

You can get SDFix here: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
 

JephSullivan

NewBee
Registered Member
Feb 22, 2006
106
0
0
45
home.comcast.net
Hi Vicky. Thanks for all your hard work in keeping this site going! We're sorry to hear about the problems you're experiencing. :(

Just as an extra layer of protection, I'd personally like to check that it's actually you, since you're asking me to download a program I haven't heard of and run it in safe mode. Here's the Is-This-Actually-Vicky?-Check. Please answer these questions:
  • What is Omphacomel?
  • Does Mr. Bekulić boil his must?
  • When you were a guest on a brewing-related internet radio show, name two of the other guests and the companies they work for.

Thanks!
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Yeah, its me.

1. Honey with verjuice (yuk)
2. You spelt his name wrong, and no, he doesn't boil. Nevernevernever.
3. Julia Herz - Honeywine.com and Mike Faul - Rabbits Foot Meadery

I researched those instructions and got them from a tech support guru.
 

DaysOfOld

NewBee
Registered Member
Jul 17, 2007
65
0
0
44
Hello Vicky,

THe link on the main page that says "To use the forum go here: http://www.gotmead.com/smf/index.php" seems to loop back to the same front page about the virus. Not sure if its happening for everyone else, just thought I would let you know thats whats happening for me incase there is a loop.

I appreciate all the work you've put into this site :)
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Weird. I see what you mean. Joomla must be interpreting the URL. Anyway, typing it into a browser window works fine....

I'm working on the problem, but to effectively search the thousands of files on the site, I have to make a full backup. This is going on now, so hopefully I will have a solution soon...
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Just so everyone feels ok with the solution I posted: Oskaar used this to disinfect the system he used to detect the virus, and it worked ok.
 

akueck

Certified Mead Mentor
Certified Mead Mentor
Jun 26, 2006
4,958
11
0
Ithaca, NY
JephSullivan said:
I intentionally misspelled Oskaar's name so it wouldn't turn up in a forum search.

:laughing4: Tricky!

I must admit I was also skeptical of the "please run this software" instructions. No offense Vicky! But I am trojan-free. Weird, I got the worm messages at work, but not at home. Must be IE vs Mozilla?
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Nope, I think its differences in firewalls. Let me guess, they run either Norton or McAfee?

Halfway through replacing all files and the database for the main site.......
 

Dan McFeeley

Lifetime Patron
Lifetime GotMead Patron
Oct 10, 2003
1,899
7
38
68
Illinois
Oh, was the main site down? Sorry, I hadn't noticed. ;D ;D ;D

Thanks Vicky and Oskaar for everything you guys do here. It was kind of a surprise, going to the main web site (my standard practice now for logging into the forums -- I've found that this eliminates any potential problems, rather than going straight to the forums) and seeing the announcement. I followed the instructions to the letter, ran the program and fortunately nothing was found.

This looks like a good program -- thanks for the tip! I'll be running it from time to time along with the standard virus scan.
 

beninak

NewBee
Registered Member
Mar 22, 2007
385
1
0
Anchorage, AK
Ack! I guess my mistake was that I left my IE browser open all night and logged into the GotMead site. :evil3:

Sure enough, I ran the program listed and it found and deleted (hopefully) a file that it identified as a Trojan. It also found three files that it identified as having "hidden attributes", what does that mean? As far as I can tell they weren't deleted.
 

sandman

Premium Patron
Premium Patron
Feb 5, 2007
804
2
18
60
Hartford, Huntingdon, United Kingdom
Well, I ran my virus protection and come up with nothing. Then I downloaded the file you suggested and ran it as well just as you said to. I was still clean, but I'm glad I did it both ways just to make sure. Thanks for the heads up Vicky.
:cheers:
 

akueck

Certified Mead Mentor
Certified Mead Mentor
Jun 26, 2006
4,958
11
0
Ithaca, NY
Vicky - GM Founder said:
Nope, I think its differences in firewalls. Let me guess, they run either Norton or McAfee?

Halfway through replacing all files and the database for the main site.......

I have the same antivirus (Norton Corporate Edition) as the lab (employees get it free for their home computers, yay!). But my router has an extra firewall on it, so maybe that is the difference. 3 firewalls, ain't nothin' getting through! :violent5:

BTW the main site looks to be working again. Thanks Vicky!
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
Yep, we're back! And it turns out you were right, it was IE that caught it, not Firefox. There was an activex control in there somewhere. However, I noticed that my firewall (I use Zone Alarm Pro) caught it and was able to remove it. Love my Zone Alarm!
 

sandman

Premium Patron
Premium Patron
Feb 5, 2007
804
2
18
60
Hartford, Huntingdon, United Kingdom
I'm just using my Norton virus protection and my Windows firewall here at home. I'm running IE7 though. Maybe I just got lucky but the only thing that turned up on my scans was a tracking cookie and those are pretty normal.
 

butterlily5

NewBee
Registered Member
Jan 23, 2008
122
0
0
50
Somewhere in Sacramento...
Thanks, Vicky, for all the help. I ran it just like you laid out, and my computer was thankfully clean. I run Firefox, but I've also got Norton's, and it was actively blocking the trojan, thankfully. :usa2:
 

pain

GotMead Owner
Staff member
Administrator
Moderator
Apr 5, 1996
1,698
18
38
North Carolina
gotmead.com
You're welcome. I only had to replace 24,000 files (literally) after checking all of them for weirdness, then re-upload backup copies of the datbase for the main site. Thank goodness the forum wasn't affected. That would kept me up all night tonight too.........

Vicky - hanging up the keyboard to do something *else* for a bit........at least until tomorrow....
 

Teufelhund

Banned
Oct 17, 2007
304
0
0
60
POX 181 Covington, OH 45318
Free downloads spywarez/virus protection

Vicki,

thanks for all your hard work and persistance through this! One really has to wonder what kind of sorry-assed piece of sh*t is soooooooooo bored that they have to bug folks who make mead. Why not harass the morons who are sending me porno ads everyday or the idiots sending out Obama, McCain and Clinton emails? Sheeesh! Some little cyber eunuch needs to get out of mommys basement and get a friggin' life!
At any rate, here's a few hints and other sources for excellent virus and trojan protection :

1) GET A ROUTER! A router is an almost 100% way to prevent even Trojans, wermz, key loggers, etc, from hitting the hard drive. I use Linksys. $60 gets you set up and I have ONLY had ONE trojan EVER get by this in 5 years( it was actually a brilliant program, but that's beside the point )!

2) Get either Norton or Macafee. They are the top 2 for virus protection and the average moronic little sh*t trying to hack your emails.

3) Download at least one of these ( I use all 3) and keep the links for future reference:

SPYBOT- http://spybot.com/index2.html This is another great program that does very thorough registry files searches and changes to your system.

SPYSWEEPER -http://www.webroot.com/En_US/consumer-products-spysweeper.html GREAT for getting rid of spywarez and cookies! Great for nailing trojans and wermz!!! Caught BOTH trojans in this case.

SUPERANTISPYWARE http://superantispyware.com/ Does complete system check.

ZONE ALARM- http://www.zonealarm.com/store/content/home.jsp Makes your computer invisible as it hides all your ports from wardialers, sniffers, sniphers, phishers and such. Does great virus protection as well.

ALL of these are FREEEEEEEEEEEEE!!!!!! And seeing as I didn't get the bug bomb, well worth the time to download! :icon_thumright: If you don'[t want to keep them on the computer, just download them, run them in 'safe mode' and then remove them after the computer is scrubbed.
Just my .02 worth volks!! And again, :notworthy: and :cheers: to our fearless leaders who keep us up and running!!!!

:cheers:

DD
 
Barrel Char Wood Products

Viking Brew Vessels - Authentic Drinking Horns