Welcome Back DPF!

[Peter Presland]

I received the following information from one of our members this morning (my time) I thought I'd post it here in case it is of relevance to any one else and so they can make use of this tool if needed.

I'm not sure if there is any connection but around the time the forum was hacked, I was the recipient of a virus that was almost impossible to remove. This may have just been a coincidence but at any rate I did find a website that enabled me to eradicate the invader. While this site names a particular virus, it would do to eliminate any intruder. I was going to post this info on the forum but really wasn't sure where to put it, so I am sending the info to you. The website is http://malwaretips.com/blogs/win32-d...er-gen-trojan/ and is so involved, it took me almost a full day to do the entire procedure. Please feel free to pass this info on to any who may need it or do as you see fit.

A couple of points about this.

1. The possibility that the encrypted rogue php files discovered after the hack were intended, among other things, to spread malware cannot be entirely ruled out.

2. There are no longer ANY rogue files on the DPF server. Also, the back-end database server has been pretty thoroughly queried for malicious content that might facilitate further malicious activity and nothing has been found. The database is also new, with a different name and different access credentials.

Also, I accessed the system extensively with a windows 7 machine after the hack, both before and after the site was locked and before any steps were taken to clean up. I did NOT do any regular editing/posting to the forum, blogs or cms though. My machine was not infected in any way.

I don't claim to be any kind of techie professional - just a reasonably competent amateur (if that's not an oxymoron) so, if there are any techies out there with useful observations/suggestions on this little episode please fire away.