Can someone find out just exactly what virus and/or malware they have been infected with. That way, others can scan their computer for that specific virus to determine if there is something sitting back on their computer just waiting to jump up.... Billie Nichols Bennett ----- Original Message ----- From: Mike & Jane Keppler To: txgen-l@rootsweb.com Sent: Saturday, September 12, 2009 9:29 PM Subject: Re: [TXGEN] [TXGW-NEWS] Important - Please read I'd rather be safe than sorry... Jane Keppler --- On Sat, 9/12/09, Elaine Martin <mcstumped@suddenlink.net> wrote: From: Elaine Martin <mcstumped@suddenlink.net> Subject: [TXGW-NEWS] Important - Please read To: "TXGenWeb News" <TXGW-NEWS-L@rootsweb.com> Date: Saturday, September 12, 2009, 8:54 PM We announced several days ago that a hacker had gained access to the USGenWeb files, and numerous individual state/county files. The USGenWeb has been working hard to try and find the virus and/or malware and clean the site. There are still messages coming in where there are still infected files in several states and possibly the USGenWeb site. In order to be safe, we are asking that everyone in TXGenWeb refrain from uploading any files for the next week or so until we give the "all safe" signal. We have numerous CCs that are also CCs in some of the infected states, and we need to be sure that their computers have not been infected, which could transfer to our servers. So, to be safe please do NOT upload any files until further notice. Thanks! Elaine -- I am researching all branches of my family tree if for no other reason than to prove it does fork! ------------------------------- To unsubscribe from the list, please send an email to TXGW-NEWS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message ------------------------------- To unsubscribe from the list, please send an email to TXGEN-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message

Billie, I don't think it has been just one thing. It was first reported as a virus and had been cleaned. The next day it was reported as infected again. This time they said it was not a virus, but malware inside a frame and that it had been "cleaned" again. They announced that this was the 2nd hackers attack in two days. A day or so later all the anti-virus programs were going off again and someone said it was a trojan this time. Once again it was cleaned. Then yesterday (12th) it was announced that it was infected again. So, last I heard the USGenWeb site and several of the state/county sites were once again infected. The only name we have heard in all this is the malware: "iframe that references the bad guys at blackacez.cc" I don't know how many states were infected, but I do know AR, WI, and HI were, along with some of their county sites. Elaine Billie Nichols Bennett wrote: > Can someone find out just exactly what virus and/or malware they have been infected with. That way, others can scan their computer for that specific virus to determine if there is something sitting back on their computer just waiting to jump up.... > > Billie Nichols Bennett > ----- Original Message ----- > From: Mike & Jane Keppler > To: txgen-l@rootsweb.com > Sent: Saturday, September 12, 2009 9:29 PM > Subject: Re: [TXGEN] [TXGW-NEWS] Important - Please read > > > I'd rather be safe than sorry... > > Jane Keppler > > > > > --- On Sat, 9/12/09, Elaine Martin <mcstumped@suddenlink.net> wrote: > > > From: Elaine Martin <mcstumped@suddenlink.net> > Subject: [TXGW-NEWS] Important - Please read > To: "TXGenWeb News" <TXGW-NEWS-L@rootsweb.com> > Date: Saturday, September 12, 2009, 8:54 PM > > > We announced several days ago that a hacker had gained access to the > USGenWeb files, and numerous individual state/county files. The > USGenWeb has been working hard to try and find the virus and/or malware > and clean the site. There are still messages coming in where there are > still infected files in several states and possibly the USGenWeb site. > > In order to be safe, we are asking that everyone in TXGenWeb refrain > from uploading any files for the next week or so until we give the "all > safe" signal. We have numerous CCs that are also CCs in some of the > infected states, and we need to be sure that their computers have not > been infected, which could transfer to our servers. > > So, to be safe please do NOT upload any files until further notice. > > Thanks! > Elaine > > -- > I am researching all branches of my family tree > if for no other reason than to prove it does fork! > > > ------------------------------- > To unsubscribe from the list, please send an email to TXGW-NEWS-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message > > ------------------------------- > To unsubscribe from the list, please send an email to TXGEN-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message > > ------------------------------- > To unsubscribe from the list, please send an email to TXGEN-request@rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message > > -- I am researching all branches of my family tree if for no other reason than to prove it does fork!

I've dealt with this virus before. They probably weren't hacked. What happens is that you get the virus in your computer and it goes through your entire hard drive looking for html file. It adds an invisible IFRAME to everything so that the next time you upload, you are putting the IFRAME up there. Then, when someone goes to the site, it is opening the IFRAME without their knowledge and infecting their computer. It's actually a really ingenious virus. At my old company, we had someone from India working on one of our clients. They were infected and infected that one website. Luckily, we did not get it on any of our other files. SO I had to do the research on the virus. My guess is that someone who works with USGenWeb got the virus and it propigated from there. If you have Dreamweaver or any of the other WSYWYG programs, do a sitewide search for blackacez.cc. It should find all of the IFRAMEs for you. Just delete them all and you will be good to go. If you don't have something like that, then you can do a search for a phrase in windows. Try that. If you can't do that, you are going to have to manually search. I would be surprised if all that many of us have a virus. You actually had to have gone to USGenWeb to catch it. Kimm, the viral one > -----Original Message----- > From: txgen-bounces@rootsweb.com > [mailto:txgen-bounces@rootsweb.com] On Behalf Of Elaine Martin > Sent: Sunday, September 13, 2009 4:40 AM > To: txgen@rootsweb.com > Subject: Re: [TXGEN] [TXGW-NEWS] Important - Please read --- > What is the virus they are having a problem with????? > > Billie, I don't think it has been just one thing. It was > first reported as a virus and had been cleaned. The next day > it was reported as infected again. This time they said it > was not a virus, but malware inside a frame and that it had > been "cleaned" again. They announced that this was the 2nd > hackers attack in two days. A day or so later all the > anti-virus programs were going off again and someone said it > was a trojan this time. Once again it was cleaned. Then > yesterday (12th) it was announced that it was infected again. > So, last I heard the USGenWeb site and several of the > state/county sites were once again infected. > The only name we have heard in all this is the malware: > "iframe that references the bad guys at blackacez.cc" > > I don't know how many states were infected, but I do know AR, > WI, and HI were, along with some of their county sites. > > Elaine > > Billie Nichols Bennett wrote: > > Can someone find out just exactly what virus and/or malware > they have been infected with. That way, others can scan > their computer for that specific virus to determine if there > is something sitting back on their computer just waiting to > jump up.... > > > > Billie Nichols Bennett > > ----- Original Message ----- > > From: Mike & Jane Keppler > > To: txgen-l@rootsweb.com > > Sent: Saturday, September 12, 2009 9:29 PM > > Subject: Re: [TXGEN] [TXGW-NEWS] Important - Please read > > > > > > I'd rather be safe than sorry... > > > > Jane Keppler > > > > > > > > > > --- On Sat, 9/12/09, Elaine Martin > <mcstumped@suddenlink.net> wrote: > > > > > > From: Elaine Martin <mcstumped@suddenlink.net> > > Subject: [TXGW-NEWS] Important - Please read > > To: "TXGenWeb News" <TXGW-NEWS-L@rootsweb.com> > > Date: Saturday, September 12, 2009, 8:54 PM > > > > > > We announced several days ago that a hacker had gained > access to the > > USGenWeb files, and numerous individual state/county files. The > > USGenWeb has been working hard to try and find the virus > and/or malware > > and clean the site. There are still messages coming in > where there are > > still infected files in several states and possibly the > USGenWeb site. > > > > In order to be safe, we are asking that everyone in > TXGenWeb refrain > > from uploading any files for the next week or so until we > give the "all > > safe" signal. We have numerous CCs that are also CCs in > some of the > > infected states, and we need to be sure that their > computers have not > > been infected, which could transfer to our servers. > > > > So, to be safe please do NOT upload any files until > further notice. > > > > Thanks! > > Elaine > > > > -- > > I am researching all branches of my family tree > > if for no other reason than to prove it does fork! > > > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > TXGW-NEWS-request@rootsweb.com with the word 'unsubscribe' > without the > > quotes in the subject and the body of the message > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > TXGEN-request@rootsweb.com with the word 'unsubscribe' without the > > quotes in the subject and the body of the message > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > TXGEN-request@rootsweb.com with the word 'unsubscribe' without the > > quotes in the subject and the body of the message > > > > > > -- > I am researching all branches of my family tree if for no > other reason than to prove it does fork! > > > ------------------------------- > To unsubscribe from the list, please send an email to > TXGEN-request@rootsweb.com with the word 'unsubscribe' > without the quotes in the subject and the body of the message >