URGENT: Everyone needs to scan their systems ASAP, please.

[Doug]

We're very aware of the latest issues centered around the ads that we had up.  As a safety and security measure, everyone on a PC needs to do an anti-virus/anti-spyware check on their system.

While Hogville doesn't officially endorse any Anti-Virus company over another, based on PERSONAL experience, the two following sites are the safest and best ones available.

My personal favorite:  http://www.eset.com/onlinescan/
Another trusted one:  http://housecall.trendmicro.com/
Recommended by several in this thread:  http://www.malwarebytes.org/

There are others, but the two that I recommended above (again, this is a PERSONAL recommendation) are very good at catching a majority of these issues.

Also, please get your hands on SpyBot Search & Destroy:  http://www.safer-networking.org/en/mirrors/index.html

Let's not forget AdAware (from LavaSoft) does a very nice job:  Ad-Aware Free Anti-Malware 8.1.2 (Search for that and get the download from there (Do NOT grab the one on the top!)

I use all three of the below to protect my systems:
NOD32
SpyBot S&D
AdAware

If you have your own antivirus software, please make sure it's updated before you scan... and make sure you immunize your system via SpyBot's utility.

[lookinupthehill]

Ok, this is like the Dr coming in and telling you that you need to come in for emergency surgery but not saying why. Can you elaborate, please?  Does the site have an incoming or outgoing problem?  I browse this site at work a lot and it would be nice to know if I may have inadvertantly DL'd some malware to our network. PM would be fine if it's too technical to post up. T. I. A. !

[PetrinoFan]

 "http://funtikstore.ru" add kept trying to run on the site but was "loading..." on my browser at the bottom and the site locked up. This happened with firefox and internet explorer.  "SpyEraser" popped up on my computer which I assume is a spyware program or trojan of some sort.  People's private information are in danger so run scanners or do what I did and reset your computer to an earlier date.  I tried to delete it but I restarted my computer and it came back up and it took 93% of my resources.. I was freaking out.

[Doug]

This was centered around the ads that we had up earlier today and some people getting forced downloads.  This issue isn't affecting everyone, however, it's best to err on the side of caution.

Aside from my first few lines, this is no different than what I've routinely advocated/posted before in our Help forum.

[PorcineSublime]

FWIW the executable file for the "SpyEraser" program on my computer (XP) was in the Windows/system 32 file under the name msctrl32.exe or something approximating that. You will see the same  green gear/wheel icon above it that showed up on the popup console. I could not find a way to remove it other than manually. One word of warning. Don't go mucking around the windows system files if you aren't pretty savy, you can cause your computer to have  real issues. Guess the potsmokers (Mac users) are having a good laugh about now.

[Doug]

While I am happy to announce that we have discovered the source of the problem, it is absolutely IMPERATIVE that everyone scans their systems.

I cannot get into the details, but the source of these issues has been clearly identified and is now undergoing repairs.  When we bring the ads back, we will no longer (HOPEFULLY!!!) have these issues.

[reds10]

Vipre Antivirus & Spyware is the best antivirus I have ever run. Low CPU and Ram usage.  15 day free trail for the full version but it is well worth the money ($20). Beats anything Avast, Norton, McAfee, AVG puts out.

I say this after recently running Norton 360.

[Doug]

Everything > Norton.  No questions asked.

[HawgAdvocate]

I did battle with SpyEaraser last night.

FWIW the executable file for the "SpyEraser" program on my computer (XP) was in the Windows/system 32 file under the name msctrl32.exe or something approximating that. You will see the same  green gear/wheel icon above it that showed up on the popup console. I could not find a way to remove it other than manually. One word of warning. Don't go mucking around the windows system files if you aren't pretty savy, you can cause your computer to have  real issues. Guess the potsmokers (Mac users) are having a good laugh about now.

If you do search for any files with msctrl32, you should get two of them, I found that simply deleting the .exe file will not rid the program from coming back. I can't recall the exact name of the other file, but it might have been a .pif file (or something similiar). Once I disposed of the other file as well, the program stopped loading itself on startup....or there is the outside chance that you guys fixed the issue on the site around the same time I deleted the 2nd file.

I emailed Uniblue (maker of SpyEraser) about removing the program. They acted like they knew nothing about it. That damn siren every 3 minutes had to go.

[solix]

Will avg pick it up?

[Doug]

Guys, I'm cleaning up all of the PC vs Mac stuff.  Please keep the chit chat in this thread to a minimum, since it's extremely important.

[HogSkinsDisease]

Malwarebytes is also another great free one to use.

http://www.malwarebytes.org/

[Hogbody]

Anyone know how to get rid of PersonalGuard 2009? It's causing all kinds of popups and malfunctions

[Dr. Leonard Ford]

I cannot get into the details, but the source of these issues has been clearly identified and is now undergoing repairs.  When we bring the ads back, we will no longer (HOPEFULLY!!!) have these issues.

Uh, why can't you go into details? If Tylenol issued a recall because of a defective product, I sure as hell would want "details".  Which ads were the problem? Did I have to click on them to be infected? Who did this?  How do we know it won't happen again?  Sorry for the questions but this is a work computer, and if I get caught, I could be in trouble.

[fritolayhog]

Uh, why can't you go into details? If Tylenol issued a recall because of a defective product, I sure as hell would want "details".  Which ads were the problem? Did I have to click on them to be infected? Who did this?  How do we know it won't happen again?  Sorry for the questions but this is a work computer, and if I get caught, I could be in trouble.

I won't be logging in here from my work computer ever again, for this very reason.  How in the world can this happen?  This is the sort of thing that happens at sketchy porn sites, not legitimate websites.  Holy crap.

[Doug]

It won't happen again because the ad serving system was the one that caused the issue.  It is not my place to disclose the exact cause of the problem.  It IS my place to ensure that Hogville does its part to help protect its users.

If you look around the sites (Hogville and Fearless), you will notice that there are no ads running and that the main page is also missing some additional information.

The key problem has been very clearly identified and the proper security measures are being undertaken to ensure that this does not happen again.

To answer someone's question... no, you didn't have to click on the ads to be affected by this.

Additional security protocols will be put into place going forward to ensure that Hogville remains safe to browse, no matter where you're browsing from.

For people that have updated anti-virus and anti-spyware programs that are running in resident memory, they were unaffected by this.

For people that have implemented their own security protocols on their own web browsers, they should generally be safe (though they should also be utilizing a SOLID anti-virus and anti-spyware program in conjunction with their security measures).

I've always advocated having an anti-virus and at least ONE anti-spyware/anti-scumware program.  I've advocated this long before I even joined Hogville 6.5 years ago, and I will continue to advocate it.

If you browse websites (doesn't matter which ones), you're automatically at risk.  How well you protect your system determines how at risk you are.

Thanks!

[31to6]

Anyone know how to get rid of PersonalGuard 2009? It's causing all kinds of popups and malfunctions

http://www.2-spyware.com/remove-personal-guard-2009.html

However, if you have installed untrusted software on your system the ONLY way to be sure is to reinstall a clean O/S and migrate the data (after scanning it). A not-too-painful way to do this is to buy a new hard drive and a cheap USB enclosure for your old one. Install the O/S and a trusted A/V product (NOD32, Kaspsersky, Sophos or AVG in my opinion). Mount your old hard drive in the enclosure and use the clean O/S and trusted, updated A/V to scan all your data files before copying them over.

[If you *really* want to be safe, get an Ubuntu live CD or bootable thumdrive image, boot your system off of it without a hard disk even installed, mount the USB drive and run ClamA/V against the USB drive.]

Do NOT let Geek Squad touch your system. Odds are good they will hose it and lose all of your data.

[Hawgwild8988]

Wait. So we are supposed to take security software advice from someone that let their Website get infected?

[fritolayhog]

If you browse websites (doesn't matter which ones), you're automatically at risk.  How well you protect your system determines how at risk you are.

Thanks!

How well you protect the server determines how at risk we are, apparently.

[Doug]

Hawgwild8988, take a deep breath and calm down.

The infection ended up on our site, through no control on our own.  The infection was caused by the ads, which are served through a third party company.

If you want to disregard my advice (which is based on 15 years of technical experience), do so at your own peril.

Everyone:  Please understand that we're NOT trying to diminish what happened.  We're absolutely upset over the events that have transpired over the past few weeks.

This next part is NOT going to read as very friendly, so please make sure you pay attention to the bolded part:  We're not dealing with credit card or personal financial information on here, so Hogville was under no obligation to notify anyone regarding this issue.

Having said that, we felt it was best to let everyone know about this, since even members of our own Moderating team was affected by this.  I made the call to post what little information I am alowed to post and made personal recommendations as far as what software I would recommend for each person to safeguard their systems.

Let me be abundantly clear about this:  The entire Hogville team is extremely upset about this whole situation.  W are working VERY hard with our members here to get their systems cleaned up.  We're working VERY hard with our advertising agency to ensure that this issue does not come up again.

Security protocols have already been implemented and new systems are being delloyed as well undergoing rigorous security checks.

Hogville will not bring any advertising back until we are satisfied that the integrity of everyone's systems will not be subject to risk again.

I need everyone to understand that we're going above and beyond what is morally and ethically required to do so.

No, I'm not saying this to make myself feel better.  I'm trying to get everyone to understand that Hogville Administration DOES care about the health of its site and will do what it can to ensure that the amount of impact is minimized for everyone that visits the site.

Thank you.

[hawgsav1]

I did battle with SpyEaraser last night.

If you do search for any files with msctrl32, you should get two of them, I found that simply deleting the .exe file will not rid the program from coming back. I can't recall the exact name of the other file, but it might have been a .pif file (or something similiar). Once I disposed of the other file as well, the program stopped loading itself on startup....or there is the outside chance that you guys fixed the issue on the site around the same time I deleted the 2nd file.

I emailed Uniblue (maker of SpyEraser) about removing the program. They acted like they knew nothing about it. That damn siren every 3 minutes had to go.

I did a search on my system, and all I got was one file with the msctrl32.  I deleted it manually, yet it was still being retarded.  I scanned with AVG, and it found threats, but the spyEraser is still there.  It hasn't popped up since I ran the scan, and I've stopped the process from running via task manager, but it still shows up in my All Programs directory.

[hawgsav1]

Hawgwild8988, take a deep breath and calm down.

The infection ended up on our site, through no control on our own.  The infection was caused by the ads, which are served through a third party company.

If you want to disregard my advice (which is based on 15 years of technical experience), do so at your own peril.

Everyone:  Please understand that we're NOT trying to diminish what happened.  We're absolutely upset over the events that have transpired over the past few weeks.

This next part is NOT going to read as very friendly, so please make sure you pay attention to the bolded part:  We're not dealing with credit card or personal financial information on here, so Hogville was under no obligation to notify anyone regarding this issue.

Having said that, we felt it was best to let everyone know about this, since even members of our own Moderating team was affected by this.  I made the call to post what little information I am alowed to post and made personal recommendations as far as what software I would recommend for each person to safeguard their systems.

Let me be abundantly clear about this:  The entire Hogville team is extremely upset about this whole situation.  W are working VERY hard with our members here to get their systems cleaned up.  We're working VERY hard with our advertising agency to ensure that this issue does not come up again.

Security protocols have already been implemented and new systems are being delloyed as well undergoing rigorous security checks.

Hogville will not bring any advertising back until we are satisfied that the integrity of everyone's systems will not be subject to risk again.

I need everyone to understand that we're going above and beyond what is morally and ethically required to do so.

No, I'm not saying this to make myself feel better.  I'm trying to get everyone to understand that Hogville Administration DOES care about the health of its site and will do what it can to ensure that the amount of impact is minimized for everyone that visits the site.

Thank you.

You made some spelling and grammatical errors. 


Just kidding. 

But that being said, do you have any details on the particulars for the adware programs/malware that popped up and how to remove them?  The only issue I had was with "SpyEraser", but I've had none since my previous post.

[31to6]

Wait. So we are supposed to take security software advice from someone that let their Website get infected?

In this case saying that Hogville got infected is not accurate. The infection, if you want to use that term, is at least two parties removed, possibly more.

The internet is massively interconnected and you should not "trust" any site any more than you absolutely must because a "site" is often just a nexus for content from many different sources under the control of many different organizations. Contractural guarantees only go so far to provide "security".

[Tim Harris]

"http://funtikstore.ru" add kept trying to run on the site but was "loading..." on my browser at the bottom and the site locked up. This happened with firefox and internet explorer.  "SpyEraser" popped up on my computer which I assume is a spyware program or trojan of some sort.  People's private information are in danger so run scanners or do what I did and reset your computer to an earlier date.  I tried to delete it but I restarted my computer and it came back up and it took 93% of my resources.. I was freaking out.

Same issue I ran in to last night.  Was able to resolve it by manually deleting the files like others above me instructed us to do so.

Douglas - Thanks for everything you do and all the recommendations you gave.  I've got almost 10 years in the technical business myself and agree with all the advice you provided others.

[Calling All Hogs]

Will avg pick it up?

My AVG picked it up but was only able to delete one of the two files. If you go to download.com and download the latest free version of Ad-Aware (Malware) it picked up both files and deleted both.

[Doug]

Ad-Aware link is in the first post.

tbharris, thanks for the vote of confidence.  It's tough being the messenger in all of this.

[majestic]

Malwarebytes is also another great free one to use.

http://www.malwarebytes.org/

It's on every machine that I own or support.

[Tim Harris]

tbharris, thanks for the vote of confidence.  It's tough being the messenger in all of this.

The messenger is always the one who gets shot.  It's even worse when it was an issue caused by a 3rd party and not related directly to the Hogville environment.

[pioneerhog]

I might get Ad Aware downloaded sometime today. It say it only has 4 hours left on the download, my DSL must be running slow today.

[TomasPistola]

Ad-Aware link is in the first post.

tbharris, thanks for the vote of confidence.  It's tough being the messenger in all of this.

Glad you found it bro. Hope the info I PM'ed you was helpful.

For those of you having problems deleting the effected files - Try running your Anti Spyware/Malware program in SAFE mode in windows.

Press F8 on your computer right before the Windows Loading screen comes up and choose Safe Mode. Run your app. Most times that will allow you to remove any infected files.

[TomasPistola]

It's on every machine that I own or support.

Same here. Great app.

[chiefsfan]

Im going to run my spyware system in a minute.   I just upgraded to the best version of Norton 2 days ago and it went nuts yesterday giving me a bunch of stuff that it was blocking.   I think it blocked it all  havent had any CPU problem since that happened

[cunetguru]

http://www.sophos.com/

Works great and quarantined the offending file last night while browsing the site...

I, for one, commend Douglas for making everyone aware of the situation. There are bad people that make life a PITA for the rest of us - those are the people you should be ticked at.

[HawgFan26]

I just downloaded the Malwarebytes thing and it caught two things that I had to delete.  AVG 8.5 is my normal anti-everything and it didn't find anything before I downloaded Malwarebytes.

[PetrinoFan]

You need more than one program to find anything.  Sometimes a certain program can't finish the whole job, it's better to have 3-4 anti malware/spyware program's instead of just one.

[FS Hog]

Run your browser in a sandbox. Prevents mal-ware from causing damage.
http://www.sandboxie.com/
The free version has a five second nag screen.

[Doug]

Prior to this thread, I hadn't heard of http://www.malwarebytes.org/.  After reading the recommendations and doing my own investigation, I feel confident and comfortable adding this to my recommended list.

I have amended my post above to put that on the recommended list.  Thanks to all who have endorsed it!

[WoooPigSooie]

So you, the site tech guy, who somehow didn't catch this virus that affected no telling how many computers, are now recommending anti-virus software?

You'll have to excuse me if I find some humor in that.

[WILL CLINTON]

anyone still having problems after using these programs or any other programs, try combofix, it is the l33t

[solix]

So avg didnt find anything, should i download another and scan again

[majestic]

So you, the site tech guy, who somehow didn't catch this virus that affected no telling how many computers, are now recommending anti-virus software?

You'll have to excuse me if I find some humor in that.

My mechanic had a flat tire.  I am not taking anything to him again.

[A.K.A.]

Ad-aware and Spybot use to be the two best, they are no longer the king of the hill. Malwarebytes has supplanted both of them.

In my most recent experience malwarebytes will detect and remove popular malware infections that the other two will not. Which suprises me in how far ad-aware and spybot have fallen from what I read after finding this out.

http://forums.anandtech.com/

One of the longtime contributors at the forums on anandtech created this website with very good information on detection and removal.

http://www.elitekiller.com/malware.htm

[Lanny]

A flaw in the OpenX advertising software, which is used by Nexstar Broadcasting Group's sites for advertising, was recently exploited by hackers, allowing them to place malicious code on advertisements. In response to this attack, Nexstar shut down its sites in order to protect end users while the malicious code was removed. If you are experiencing computer issues after accessing this site, or any of the sites in the Nexstar family, please click the appropriate link below for assistance.
For further information on these attacks, please click here.
Windows Users:
Using Internet Explorer click the link below and follow the instructions.
http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt


Mac Users:
Not affected