Site compromised

[Propaganda]

We had a site security breech yesterday. It was a hidden redirect to a cgi script for hacktool.rootkit. I suggest anyone who visited the site and got an error and couldn't see the site to disable system restore, restart in safe mode and run a full malware and virus scan.

 

[Hawk-Eye]

for those who didnt get this redirect we're all right?

 

[Propaganda]

It would not have shown a redirect, it would have shown a php sql error and the site would not have been visible.

 

[Propaganda]

I would suggest using MalwareBytes anti-malware. Here's what I did.

Disabled system restore

Restarted in safe mode

Ran a full malware scan and found the files and reg keys that were fucked

These are the infected files:

Files Infected:
C:\WINDOWS\system32\drivers\ati64si.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\i386si.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\netsik.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ws2_32sik.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Ran a full virus scan, it detected 4 downloader files in my temp dir

The downloader files all started with a BN and a temp extensions

BNXXXX.tmp

X being random

Additionally Norton found 2 other files in the drivers directory it labeled as the virus hacktool.rootkit

fips32cup.sys
systemntmi.sys

etc etc

 

[Hawk-Eye]

what if nothing happened and it just as usual?

 

[Low Budget]

Malwarebytes is the shizznat, it's been keeping my PC clean for some time.

 

[Steve]

[quote1242239382=Hawk-Eye]
what if nothing happened and it just as usual?
[/quote1242239382]


You're fucked.

 

[Ba Chicka Wa Wa]

Everyone should know that if you go to a gay porn site the risk of getting a virus goes way up duh!!!!!!!!!!

 

[Propaganda]

[quote1242241511=LoW BuDgEt]
Malwarebytes is the shizznat, it's been keeping my PC clean for some time.
[/quote1242241511]

Malwarebytes works pretty good, in fact it works better as an antivirus than fucking norton does for some stuff. I ran both and each program picked up different things.

If you didn't have a problem with the site then you have no need to be concerned. That being said it doesn't hurt to check your system once in awhile.

 

[Cock]

Nice catch fixing it up Prop!

<3 my Mac.

 

[47]

DLing malwarebytes now.. thx guys.
i hope that my fat bank accts havent been emptied !!!

..panic attack ensues ...

 

[auron]

I use Chrome and it popped up and told me the site was fuct so I just stayed away. Props to google.

 

[Gump]

no problems here and all my scans came back fine :)

 

[DrUgZ]

lucky for me my HD died on my gaming rig. Only went here on my ubuntu fileserver. glad to dodge that bullet. gj on locking that shit down prop. u da man!