[seriousrat]

I don't know if this helps you guys in anyway, but here are a few of the comments from the two webmasters. Any comments about future protection? We believe we are clean at serious now. I hid their email addresses.

This is 'one' of the hacks we were infected with and the one that's caused the most trouble. They had access to all of our files AND databases and injected code throughout the databases.


http://www.derekfountain.org/security_c99madshell.php

On Mon, Sep 30, 2013 at 8:50 PM, *****wrote:

hmmm... we were told today the server house carried the infection to us,,, and thousands more

we locked our front door until the server is clean


In a message dated 9/30/2013 8:31:08 P.M. Eastern Daylight Time, *****writes:
It's not coming through the site files, I've cleaned all those...it's being injected from the database.



On Mon, Sep 30, 2013 at 8:21 PM, ******* wrote:

go to your .exe file and find this entry >>

1E161D6D.exe

see if you can delete it if it's there


In a message dated 9/30/2013 8:16:56 P.M. Eastern Daylight Time, *****writes:
Yeah....there's a redirect javascript buried in there somewhere. I'm chasing it now. Got rid of everything else though. I'd like to pummel the nerd that put this one together.


On Mon, Sep 30, 2013 at 8:09 PM, ********* wrote:

I just logged on SO and entered my password to look around
my MS virus blocker went apeshit as soon as I clicked on the forum header
8 pings in 3 minutes... quarantined every ping

wow, bad bad bad

btw, this same virus crashed the U of Colorado website and countless others