Last night, it seems CAG, along with several other sites running PHPBB forum software (including SpeedTv.com), were compromised. So far, it does not appear to be serious and seems like only a redirect link was inserted into the forum pages. No information was lost.
Of course this is little consolation to those who installed the malware plugin. I thought I made the necessary updates to prevent this from happening, but apparently my changes never took. My apologies.
Thanks to everyone who emailed me about the problem and I hope you can get your PCs back to normal quickly. Thanks to Defender for helping to get the site back up quickly.
Here are Defender's plugin removal steps:
Of course this is little consolation to those who installed the malware plugin. I thought I made the necessary updates to prevent this from happening, but apparently my changes never took. My apologies.
Thanks to everyone who emailed me about the problem and I hope you can get your PCs back to normal quickly. Thanks to Defender for helping to get the site back up quickly.
Here are Defender's plugin removal steps:
We have a serious problem. We were hacked. If you have downloaded the file PLUGIN_INSTALL.EXE that was a fake patch to your computer you must delete it asap. DO NOT INSTALL. If you have please follow the instructions below to remove it. I make no claims that this will help you or that you won't screw your computer up. This is what I did and it worked for me. Print or copy this immediately!!!!! Read all instructions BEFORE attempting. Make sure you understand them,
1. Remove your computer from the web. You should just unplug the network cable.
2. If you have system restore on...you must shut if off immediately.
3. Shut down your computer. You can ctr-alt-del and go to USERS. From there you can choose to logoff..then shutdown.
4. Reboot your computer and hold the F8 key. This will bring up a boot menu option from windows.
5. Choose SAFE MODE.
6. Search your computer for a file named sp2patch.exe
7. Go into c:/windows/system32/ and delete the folder (remember the folder name please) that sp2patch.exe was inside.
8. Go to the start button and click RUN.
9. Run REGEDIT
NOTE: Please be very careful here.
10. Do a search in regedit for the key,value, and date for CSRSS.EXE (note:this is a clone of a real windows component) Delete anything found with that key where the directory is from the folder in step 7.
11. Do a search for sp2patch.exe in regedit as well. DELETE any entries found.
12. Reboot into normal windows mode.
13. If you reboot and do not get any errors then you may have been successful. If you ctr-alt-del you can see the system processes. If you see only 1 csrss.exe then you have it.
14. Shut down, attach your network cable again and reboot.
-Defender
Good Luck!