:lip::sick:
Our humble BBS website has been one of the latest victims, and our site is hosted on the icestorm network, which i can only assume means that ALL of the websites hosted by Ice storm are now infected as well....

Jeeze... a few more thousand pages to the list.

Now what do we do?

I know of only one, perhaps two PC's that had password access to the FTP files, do I need to reformat the hard drives on those computers?

What do I tell our members of our little BBS website?
Kill all of their computers too????

Icestorms "tech department" was working hard to clean up our website as it appears on their servers, hopefully we will be back up online soon.

Our little BBS site has been infected.
What do we do now?
Their "tech people" are working to clean up their servers and restore our site, but then what? Do we need to wipe our two hard drives that have been used to access the FTP servers?

What do we tell all of the people who regularly post on our BBS?
Kill their computers too?
Lord I hope not.
:lip:

Apparently there are no edit functions here once you post something, so forgive the re-postings people.

The infection I am talking about is the Gumblar infection ... that is why i originally posted this under... of all things... the GUMBLAR infection thread in the main forum instead of here in the catch-all tavern.

I was hoping that the person(s) who started the GUMBLAR topic that is stickied could offer some help or advice.

:lip:

Hello Oldendays,

I was hoping that the person(s) who started the GUMBLAR topic that is stickied could offer some help or advice.

:lip:

AplusWebMaster posts alerts (http://forums.spybot.info/showthread.php?t=2144) in the General Security Alerts forum, support is not offered there.

Help for infected personal computers is provided by volunteer analysts in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) after members read "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


Apparently there are no edit functions here once you post something, so forgive the re-postings people.



Can I edit my own posts?


In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.
In the Malware Removal Forum, members may not edit their posts. A helper may already be analysing the information given.

Best regards. :)

Stopbadware.org

Tips for Cleaning & Securing Your Website (http://stopbadware.org/home/security)

Information for Website Owners (http://stopbadware.org/home/webmasters)

Hope that helps. :)


(http://stopbadware.org/home/security)

Some info about FTP passsword stealing malware and some advice:

here (http://blog.tigertech.net/posts/ftp-password-viruses/)
here
(http://www.avertlabs.com/research/blog/index.php/2008/04/29/password-stealing-trojan-with-dash-of-ftp-and-a-hint-of-parasite/)and here (http://blog.unmaskparasites.com/tag/ftp/)

I appreciate all the help folks, this is all new to me and hit us rather unexpectedly as I am sure you have heard many times before.
We *assumed* that ICESTORM had a handle on that kind of stuff on the server end of things... apparently not.