• It's time once again to ferret out those murderous vampires in a new VAU - Vampires Amongst Us. A cross between Cluedo and a roleplay, sometimes gory and often hilarious! Find out more and sign-up! here.
Status
Not open for further replies.

Disciple of Nagash

Oldblood
Staff member
Feb 12, 2008
27,732
As some of you know Carpe Noctem was subject to a malicious attack by hackers.

They injected various codes and malware into the site. Upon talking elsewhere this seems to be a number of attacks against various forums, we were not alone in this.

Our files have now been cleaned, security upgraded etc, however I am very upset and angry to find out that the code also had a side effect - it is also possible it infected users computers.

Therefore all users should do the following immediately:

Go Computer > (whichever is your operating system hard drive, normally c: ) > Users > (the user you have been logged in under) > AppData* > Local > and then delete any of the following files:

Lgodapupikepe.dmg
IconCache.cmd
Gjegifukinemero.dat

or similar, like it may say IronCache.dat.

*AppData is only visible if you have the Hidden Folder options ticked to show hidden folders. This can be done in the Control Panel.

Once you have deleted those folders I highly recommend you run a deep scan you with antivirus and antimalware. For reference I have Kapersky installed as my AV, the following antispyware programs are also very good and I recommend having them both installed as between them they pick up most of the malwares:

http://downloads.cnet.co.uk/view/security-software/malwarebytes-anti-malware-39282203/
http://downloads.cnet.co.uk/view/security-software/superantispyware-free-edition-39187157/

You should then be ok.

Please be reassured that CN is now clean and safe to browse, though of course if anything else is noted please please tell me asap.

Finally, even though it was not CN at fault as many forums were attacked, I would like to sincerely apologise to all my members for this. I do not like thinking people were infected by visiting this site and I assure you all measures will be taken to ensure this does not happen again.

If anyone needs any help with this, any queries please post them here and I will do my best to help.

Cheers

Disciple of Nagash


P.S: At least the smilies are working again ;)
 

Mioum

Crypt Horror
Jul 3, 2010
572
Thanks for the warning.

I've looked around and I haven't found any of those file, the AppData folder only contain folder but none of them are named "local", and none of the other have those files so I hope it's good.

But I will run AVG, Ad-Aware and Spybot, and I might try those you linked.


****

Just as I was looking again during my post, I've found that Local Setting (hidden folder after User) is where it is for me.

So for me it's : User > Local setting (hidden folder) > App data > here is a IronCache file.

Weird as it said created in 2008, modified in 2009, and accessed today.

There's two ".dat" files there too but not of the name you give:

GDIFONTCACHEV1.dat
prvlcl.dat

I have no idea if those are good or not though.
 

Bravo_10

Dark Lord of Eternal Sorrow
True Blood
Jul 26, 2010
1,285
Atlanta, Georgia, USA
Is this problematic for Macs too?

It's a bit trickier to see Hidden Folders on MacOS, so I'm going to have to trust my virus software for now.
 

Bishop

Master Necromancer
True Blood
Feb 5, 2009
2,683
Toronto, Ontario
Thankfully, I didn't find anything.

DON - Do you have an actual security/threat report/link (like from a AV/security type site)? - for those of us that are more technical :D

Also, I would like to recommend the following:

Avast (Anti-virus software)
Ad-Aware (anti-malware software)

and PSI Secunia is a REALLY handy utility (it reports known software/security issues and in many cases simplifies the "fix"ing process)
 

Gnorg

Zombie
Jul 2, 2010
48
Hmm, wonderd why my AVG popped when enterd erlier. Well, i'ma uppdate and scan asap, some might gotten throu.
 

Yanda

Black Knight
Mar 7, 2010
376
Calgary, AB
AVG antivirus was popping me for me earlier while I was viewing the site, I just assumed it was from one of the 20 torrents ive downloaded in the last day or two because my favorite steaming website got taken down :(
 

The Wife

Ghoul
Aug 15, 2010
116
Casper WY
I can so sympathise....when James and I were running the poet's library, he got hacked and had the same thing happen. Talk about a disaster.
Both our computers are clean, though. Thank goodness!
 

Malek

Zombie
Aug 17, 2010
4
dam it! i only just signed up last night!
thanks for the head up DON, have located and destroyed files

hows that for a first post :S
 

Count Darvaleth

I <3 marmite
True Blood
Apr 26, 2010
3,407
Mioum said:
Thanks for the warning.

I've looked around and I haven't found any of those file, the AppData folder only contain folder but none of them are named "local", and none of the other have those files so I hope it's good.

They're still there! They're inside local! That's where I found them! Inside local, hidden! Naughty viruses!!!!

And DoN, I had the same problem trying to load CN again today... but I think it might just be stupid Google Chrome.

And yes... smileys! :tongue:xD:grave::thumbsup::vampire3::perv:
 

artisturn

Grave Guard
Jun 30, 2009
232
well that explains why Java kept trying to update when I visited the forum.

Ran AVG and it found and solved the problems.
 

TMS

Moderator
Staff member
True Blood
Nov 26, 2008
4,662
Sweden
Have the appearance of CN changed for you guys as it has for me? I'm talking mostly about a few of the site's icons, they seem to have reverted back to their former un-stylized selves. I did remove a file named IconCache.db (too close for comfort), might this have brought about the change to CN on my part? Did I chuck out a database here? -_-
 

Count Darvaleth

I <3 marmite
True Blood
Apr 26, 2010
3,407
MasterSpark said:
Have the appearance of CN changed for you guys as it has for me? I'm talking mostly about a few of the site's icons, they seem to have reverted back to their former un-stylized selves. I did remove a file named IconCache.db (too close to what DoN described for comfort), might this have brought about the change to CN on my part?

Were there two other funny files next to it? They were bad as well. Check their time of modification (just press delete and read the are u sure? bit) and they all came onto your computer around the same time. Kill them all!

And yes, also changed appearances.
 

TMS

Moderator
Staff member
True Blood
Nov 26, 2008
4,662
Sweden
I actually didn't catch the latest modification date on the file, but of all those that are still there, the most recent one dates back to August 4th.

Oh well, running my scanners and stuff all the same~
 

ChaosJedi666

Black Knight
Feb 9, 2010
340
Bay of Plenty, New Zealand
Well, I'm relieved a bit, checked and haven't found any of those folders. Running AVG now though, just to be safe. Don't know if it'll do much good, but have upped my Firewall security aswel. What do these codings do? Are they just there to unleash havoc on my system, or intended to get my online banking details etc?

Edit - Thanks for the warning DoN. To follow suit, Bullguard seems to be doing really well. I think it is 10x better than anything else I've used in the past. Has found things Norton didn't, and is very easy to use. Has anyone had any bad experiences with Bullguard?
Virus scan came up clear. Will recheck it over the next couple of days though, just to be sure. Better safe than sorry
 

Danceman

The Devil in Pale Moonlight
True Blood
Aug 19, 2007
3,472
I appear to be unaffected. None of the files mentioned above.

I also would like to give a plug to Avira Antivir. Served me well in the past and its scans are very thourough(ie, found and removed things that ad-ware couldn't).

Thanks for the heads up, DoN.
 

Maelstrom

Skeleton
Sep 12, 2009
77
Wolverhampton
Cheers for the heads up DoN, Norton popped up with a intrusion blockage warning when I came on here the other day. Since then i haven't been able to get onto the Site in either Firefox or IE.

Today I managed to use the old AOL browser I've got to get on here and read this, wiped my browsing history out in firefox and now the site works fine on it :)

Think I've been lucky and Norton stopped it before the files were planted as i Can't find any trace of them
 

Stacius

Ghoul
Jul 27, 2010
109
A big thank you as I found them lurking away like some Wretched Witchhunter. They were quickly extinguished and, hopefully, those responsible will have various debilitating thing's occur.
 

Disciple of Nagash

Oldblood
Staff member
Feb 12, 2008
27,732
To be honest I don't know. It is not very likely due to the different operating systems and file structures to be honest, most bugs (but not all) affect one or the other.

if you have any antivirus or antimalware in the meantime I would run it, however I will see if I can find anything out.
 
Status
Not open for further replies.

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu