Time for Beveled Guilt, people!
this guy evidently hired to work for AD
Yesterday people started telling me the site had been flagged by Google for hosting malware, and we found it. It appears to be a database thing not actually related to Drupal since another site on the server running Wordpress got hit at the same time, and it only places the bad code in the files intermittently—so when it was gone yesterday I thought it was gone for good. If you actually get infected it will be very obvious. Instructions on how to remove "System Tool" are all over the google, but usually the best course of action is to do a system restore.
I'm going to be monitoring this closely the rest of the day, but my body has its own malware—zing!—and I feel miserable so other than watching for iframes like a hawk I am taking a sick day.
A thousand apologies for any trouble this caused people.
Time for Beveled Guilt, people!
With great power comes great responsibility. I can't even imagine the insane number of emails you got in the last 24 hours. Thanks again for the hard work.
I bet it leads to somewhere in Allegheny County. TGibson I presume???? Hath he no shame! Leave us be demon!
of hours of classic games. In fact, I think we had the red and black joystick shown in that photo.
and this Blog needed an enema.
With friends like us, who needs enemas?
thanks, Brian. Get feeling better.
You can request a review of the site using google's webmaster tools, if you haven't already. It expidites the process of getting the warning removed.
Somehow this is Greg Robinson's fault
I feel like I'm on a GeoCities site.
I got this malware from another site a month or so ago and did a system restore, it removed the malware but i started getting a ton of svchost errors and then internet commercials from wtka and 97.1 online started playing at all hours of the day/night. Had to leave the thing on mute. It got so bad with svchost errors the pc wouldnt stay up for more than 3 minutes, even in safe mode.
I had to rip the HD out and get a sata cable to pull the data off and load a new copy of the OS.
The only way this happened is if you didn't completely wipe your hard drive. Viruses don't just lurk around in your keyboard waiting to reinfect your system. If you wiped the drive, the viruses are gone.
Not sure what you are talking about, all I said was after the malware attack I did a system restore and my computers functionality deteriorated over a few weeks. It wouldnt stay up for more than a few minutes. It got so bad I had to reload the OS. Maybe you misunderstood my post.
feel better soon.
I've been wandering in the desert of ESPN and (dare I say it) Mlive, just attempting to eek out a little bit of pertinent information. Thanks for your diligence Brian, and get better.
I still get the attack page screen when I come here on firefox, so I had to disable that on my options. But now it pops up saying it can't run some protocol the blog runs called I think htc, or htp, something like that. Weird.
Is it just coincidence that the main site identified as the culprit by Google starts with osu (osufoyysdf.co.cc)? Or is something more sinister going on? Has cyberwar been declared on us?
This same thing happened to the guy who runs a Red Wings forum called http://letsgowings.com. Some trouble with ads slipping things through the cracks. But he seemed to get control of the problem. If needed maybe you could contact him for some advice on the matter. This sucks, this is a great site.
Would the malware affect macs at all? I know I got on mgoblue on my friends mac at the time of the outbreak and was wondering if I need to inform him of anything...
This particular malware can't install on a Mac.
Ha yes...mgoblog. My bad
j/k. Thanks Brain for the diligence. Malware can be a b**ch to prvent against with ads, so I commend you.
So is the site safe to use on firefox? Should i override the warning?
I just got a virus on my computer, is it from this? (I have no idea since I know nothing about computers.)
Not hit by the main page, but while attempting to open the MGoBoard links in new windows. Got the following warning:
This page may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other abuse. You can find out more about phishing here.
I assumed that it was an "old warning," so I told AVG to let me through, then got hit. I just tried again, 755pm (after cleaning off my computer), and still got the same message.
If you managed to snag anything from the site, Malwarebytes should remove it. Download it from malwarebytes.org, update, and run a quick scan. You should be good after that.