• Roll-up! Roll-up! Come one and all the fantastic Turning the World to Darkness painting competition. Welcome to any skill level, you can find out more here.
  • It's time once again to ferret out those murderous vampires in a new VAU - Vampires Amongst Us. A cross between Cluedo and a roleplay, sometimes gory and often hilarious! Find out more here.

Important Virus Warning!! Please Read

Status
Not open for further replies.

Disciple of Nagash

The Perverted One
Staff member
Joined
Feb 12, 2008
Messages
27,916
#1
As some of you know Carpe Noctem was subject to a malicious attack by hackers.

They injected various codes and malware into the site. Upon talking elsewhere this seems to be a number of attacks against various forums, we were not alone in this.

Our files have now been cleaned, security upgraded etc, however I am very upset and angry to find out that the code also had a side effect - it is also possible it infected users computers.

Therefore all users should do the following immediately:

Go Computer > (whichever is your operating system hard drive, normally c: ) > Users > (the user you have been logged in under) > AppData* > Local > and then delete any of the following files:

Lgodapupikepe.dmg
IconCache.cmd
Gjegifukinemero.dat

or similar, like it may say IronCache.dat.

*AppData is only visible if you have the Hidden Folder options ticked to show hidden folders. This can be done in the Control Panel.

Once you have deleted those folders I highly recommend you run a deep scan you with antivirus and antimalware. For reference I have Kapersky installed as my AV, the following antispyware programs are also very good and I recommend having them both installed as between them they pick up most of the malwares:

http://downloads.cnet.co.uk/view/security-software/malwarebytes-anti-malware-39282203/
http://downloads.cnet.co.uk/view/security-software/superantispyware-free-edition-39187157/

You should then be ok.

Please be reassured that CN is now clean and safe to browse, though of course if anything else is noted please please tell me asap.

Finally, even though it was not CN at fault as many forums were attacked, I would like to sincerely apologise to all my members for this. I do not like thinking people were infected by visiting this site and I assure you all measures will be taken to ensure this does not happen again.

If anyone needs any help with this, any queries please post them here and I will do my best to help.

Cheers

Disciple of Nagash


P.S: At least the smilies are working again ;)
 

Mioum

Crypt Horror
Joined
Jul 3, 2010
Messages
577
#2
Thanks for the warning.

I've looked around and I haven't found any of those file, the AppData folder only contain folder but none of them are named "local", and none of the other have those files so I hope it's good.

But I will run AVG, Ad-Aware and Spybot, and I might try those you linked.


****

Just as I was looking again during my post, I've found that Local Setting (hidden folder after User) is where it is for me.

So for me it's : User > Local setting (hidden folder) > App data > here is a IronCache file.

Weird as it said created in 2008, modified in 2009, and accessed today.

There's two ".dat" files there too but not of the name you give:

GDIFONTCACHEV1.dat
prvlcl.dat

I have no idea if those are good or not though.
 

Bravo_10

Dark Lord of Eternal Sorrow
True Blood
Joined
Jul 26, 2010
Messages
1,300
#3
Is this problematic for Macs too?

It's a bit trickier to see Hidden Folders on MacOS, so I'm going to have to trust my virus software for now.
 

Bishop

Master Necromancer
True Blood
Joined
Feb 5, 2009
Messages
2,887
#4
Thankfully, I didn't find anything.

DON - Do you have an actual security/threat report/link (like from a AV/security type site)? - for those of us that are more technical :D

Also, I would like to recommend the following:

Avast (Anti-virus software)
Ad-Aware (anti-malware software)

and PSI Secunia is a REALLY handy utility (it reports known software/security issues and in many cases simplifies the "fix"ing process)
 
Joined
Jul 2, 2010
Messages
48
#5
Hmm, wonderd why my AVG popped when enterd erlier. Well, i'ma uppdate and scan asap, some might gotten throu.
 

Yanda

Black Knight
Joined
Mar 7, 2010
Messages
376
#8
AVG antivirus was popping me for me earlier while I was viewing the site, I just assumed it was from one of the 20 torrents ive downloaded in the last day or two because my favorite steaming website got taken down :(
 
Joined
Aug 15, 2010
Messages
116
#9
I can so sympathise....when James and I were running the poet's library, he got hacked and had the same thing happen. Talk about a disaster.
Both our computers are clean, though. Thank goodness!
 
Joined
Aug 17, 2010
Messages
4
#10
dam it! i only just signed up last night!
thanks for the head up DON, have located and destroyed files

hows that for a first post :S
 

Count Darvaleth

I <3 marmite
True Blood
Joined
Apr 26, 2010
Messages
3,534
#11
Mioum said:
Thanks for the warning.

I've looked around and I haven't found any of those file, the AppData folder only contain folder but none of them are named "local", and none of the other have those files so I hope it's good.
They're still there! They're inside local! That's where I found them! Inside local, hidden! Naughty viruses!!!!

And DoN, I had the same problem trying to load CN again today... but I think it might just be stupid Google Chrome.

And yes... smileys! :tongue:xD:grave::thumbsup::vampire3::perv:
 

artisturn

Grave Guard
Joined
Jun 30, 2009
Messages
232
#13
well that explains why Java kept trying to update when I visited the forum.

Ran AVG and it found and solved the problems.
 

MasterSpark

Nostalgian
Staff member
True Blood
Joined
Nov 26, 2008
Messages
4,691
#14
Have the appearance of CN changed for you guys as it has for me? I'm talking mostly about a few of the site's icons, they seem to have reverted back to their former un-stylized selves. I did remove a file named IconCache.db (too close for comfort), might this have brought about the change to CN on my part? Did I chuck out a database here? -_-
 

Count Darvaleth

I <3 marmite
True Blood
Joined
Apr 26, 2010
Messages
3,534
#15
MasterSpark said:
Have the appearance of CN changed for you guys as it has for me? I'm talking mostly about a few of the site's icons, they seem to have reverted back to their former un-stylized selves. I did remove a file named IconCache.db (too close to what DoN described for comfort), might this have brought about the change to CN on my part?
Were there two other funny files next to it? They were bad as well. Check their time of modification (just press delete and read the are u sure? bit) and they all came onto your computer around the same time. Kill them all!

And yes, also changed appearances.
 

MasterSpark

Nostalgian
Staff member
True Blood
Joined
Nov 26, 2008
Messages
4,691
#16
I actually didn't catch the latest modification date on the file, but of all those that are still there, the most recent one dates back to August 4th.

Oh well, running my scanners and stuff all the same~
 

ChaosJedi666

Black Knight
Joined
Feb 9, 2010
Messages
341
#18
Well, I'm relieved a bit, checked and haven't found any of those folders. Running AVG now though, just to be safe. Don't know if it'll do much good, but have upped my Firewall security aswel. What do these codings do? Are they just there to unleash havoc on my system, or intended to get my online banking details etc?

Edit - Thanks for the warning DoN. To follow suit, Bullguard seems to be doing really well. I think it is 10x better than anything else I've used in the past. Has found things Norton didn't, and is very easy to use. Has anyone had any bad experiences with Bullguard?
Virus scan came up clear. Will recheck it over the next couple of days though, just to be sure. Better safe than sorry
 

Danceman

The Devil in Pale Moonlight
True Blood
Joined
Aug 19, 2007
Messages
3,461
#19
I appear to be unaffected. None of the files mentioned above.

I also would like to give a plug to Avira Antivir. Served me well in the past and its scans are very thourough(ie, found and removed things that ad-ware couldn't).

Thanks for the heads up, DoN.
 
Joined
Sep 12, 2009
Messages
77
#20
Cheers for the heads up DoN, Norton popped up with a intrusion blockage warning when I came on here the other day. Since then i haven't been able to get onto the Site in either Firefox or IE.

Today I managed to use the old AOL browser I've got to get on here and read this, wiped my browsing history out in firefox and now the site works fine on it :)

Think I've been lucky and Norton stopped it before the files were planted as i Can't find any trace of them
 
Joined
Jul 27, 2010
Messages
109
#21
A big thank you as I found them lurking away like some Wretched Witchhunter. They were quickly extinguished and, hopefully, those responsible will have various debilitating thing's occur.
 

Disciple of Nagash

The Perverted One
Staff member
Joined
Feb 12, 2008
Messages
27,916
#23
To be honest I don't know. It is not very likely due to the different operating systems and file structures to be honest, most bugs (but not all) affect one or the other.

if you have any antivirus or antimalware in the meantime I would run it, however I will see if I can find anything out.
 
Joined
May 27, 2010
Messages
77
#24
yeah managed to infect my work computer :tongue: which then infected every one else lol, gave me a half day at work. was quite pleased with that
 
Status
Not open for further replies.
Top