POSSIBLE SITE HACK

spool32 · Post by **spool32** » Sun Jun 07, 2009 11:50 pm

Folks, there's some chance our site has been hacked!
Details below:

You should be browsing with Firefox, with Adblock turned on... if you're not, you may end up with malicious code on your PC after logging in. We're working fast to find and remove the malicious code. Even if you are, you may still have been compromised.

If you think you've been infected, go here, download this, and run it:

http://www.malwarebytes.org/

Updates to follow...

-spool32

Melakin Skywieder · Post by **Melakin Skywieder** » Mon Jun 08, 2009 12:10 am

Seems more than likely

I got hit with some kind of Trojan when I logged in and Avlis was asking me to turn off pop up blockers which never has happened before. It appear that Mcphee caught and delete the offending program before it got in...least I hope so

Li'll Divvil · Post by **Li'll Divvil** » Mon Jun 08, 2009 12:17 am

Just ran the scan and found 2 trojans (or more likely same trojan 2x) and 3 adware thingies

Code: Select all

Files Infected:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Me is paranoid now

Krator · Post by **Krator** » Mon Jun 08, 2009 12:27 am

Chrome said it was it was "go00ogle.net" - so I added it to my hosts file.

S?retur · Post by **S?retur** » Mon Jun 08, 2009 1:20 am

Given the premise of a hacked site - how do we know that "Spool32" is in fact the one we naturally assume to be, giving some useful information, as opposed to the hacker giving a link to some program which appears to remove said offending object but which may very well be the very trojan we're supposed to avoid?

/paranoia

The World of Avlis

POSSIBLE SITE HACK

POSSIBLE SITE HACK

Re: POSSIBLE SITE HACK

Re: POSSIBLE SITE HACK

Re: POSSIBLE SITE HACK

Re: POSSIBLE SITE HACK