[FIXED] Major LUA exploit hit majority of servers

Discussion in 'News and Announcements' started by Highwon, Apr 18, 2014.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. Highwon

    Highwon Owner VIP Silver

    UPDATE: The exploit has been fixed in the latest version of garrysmod. Please update your game as soon as possible.

    ORIGINAL THREAD:
    It seems a major LUA exploit has hit majority of garrysmod servers.

    I would suggest staying off garrysmod until there is a patch. For now there is a fix to remove any malicious files from your computer: http://facepunch.com/showthread.php?t=1386818&p=44583860&viewfull=1#post44583860

    If the link doesn't work, create a batch file with the following code and place it in your garrysmod folder and run it:
    Code:
    @echo off
title Exploit file cleanup - MFSiNC

if exist "hl2.exe" (
cd "garrysmod"
)

if not exist steam.inf (
echo.
echo You're running this from the wrong place!
echo.
echo Put this file in your garrysmod folder, either server or client, and re-run it.
echo.
echo.
pause
exit
)

echo.
echo This will remove the files used in the exploit/virus.
echo.
echo To see exactly what will be removed, open this batch file with Notepad.
echo.
pause

echo Cleaning..

taskkill /F /IM hl2.exe > nul
taskkill /F /IM srcds.exe > nul



::Files, clientside
if exist "engine_win32.dll" (
attrib -h "engine_win32.dll"
del /F /Q "engine_win32.dll"
)

if exist "materials\cooltexture.vtf" (
del /F /Q "materials\cooltexture.vtf"
)

if exist "bin\game_shader_generic_engine.dll" (
attrib -h "bin\game_shader_generic_engine.dll"
del /F /Q "bin\game_shader_generic_engine.dll"
)

if exist "download\engine_win32.dll" (
attrib -h "download\engine_win32.dll"
del /F /Q "download\engine_win32.dll"
)

::Dir
if exist "download\cfg" (
RD /S /Q "download\cfg"
)



::Files, serverside
if exist "lua\autorun\server\default.lua" (
attrib -h "lua\autorun\server\default.lua"
del /F /Q "lua\autorun\server\default.lua"
)



echo.
echo Done.
echo.
pause
     
    Last edited: Apr 19, 2014
    Highwon, Apr 18, 2014
    #1
    • Useful Useful x 3
    • Like Like x 2
    • Agree Agree x 1
  2. -spud-

    -spud- Banned

    -spud-, Apr 18, 2014
    #2
  3. Enigmatica

    Enigmatica The Song Lives On Banned

    Enigmatica, Apr 18, 2014
    #3
    • Agree Agree x 1
  4. Kythol

    Kythol ok Moderator VIP

    Well, this sucks. Highwon, if you need me to make sure everything is okay I'll be willing to risk the infection to make sure all is well.
     
    Kythol, Apr 18, 2014
    #4
  5. DieKasta

    DieKasta :Blackalien: Forever VIP

    oh shit
     
    DieKasta, Apr 18, 2014
    #5
  6. CaptainChild

    CaptainChild New Member

    Alright since there is a bit of confusion of knowing how your infected it's simple if you've been on a Gmod server that is fairly popular within the last 24hours your infected. Since it is a server side Infection that makes clients execute a nasty Lua
     
    CaptainChild, Apr 18, 2014
    #6
  7. Chii

    Chii Seriously a Baka VIP

    Chii, Apr 18, 2014
    #7
  8. ZeRo

    ZeRo :sneaky: Banned VIP Silver

    Chii, then you're infected and you should run the script. Just sayin. ;)
     
    ZeRo, Apr 18, 2014
    #8
  9. Enigmatica

    Enigmatica The Song Lives On Banned

    No it's whoever sends the messages is infected
     
    Enigmatica, Apr 18, 2014
    #9
  10. ZeRo

    ZeRo :sneaky: Banned VIP Silver

    Ahhh, never mind then.
     
    ZeRo, Apr 18, 2014
    #10
  11. Peter

    Peter VIP

    Serious TTT West has not been infected. Any server infected has "!!!" before the name, it's part of the infection (which makes it easier).

    Nonetheless you should run the patch.
     
    Peter, Apr 18, 2014
    #11
  12. Peter

    Peter VIP

    Not necessarily.
     
    Peter, Apr 18, 2014
    #12
  13. CaptainChild

    CaptainChild New Member

    Well he tweaked it a bit, but there are multiple versions of the same exploit going around the first one gave messages like this

    [​IMG]

    The second tweak was the *cough* message and now it looks like he tweaked it again to register names of servers with the lastest bug to change the name with a !!! in front
     
    CaptainChild, Apr 18, 2014
    #13
  14. Yawn.

    Yawn. Previously known as Kindle, Books, Pages.

    Inspired by Chii, someone had to make a gif out of this mess.

    [​IMG]
     
    Yawn., Apr 18, 2014
    #14
  15. Zikeji

    Zikeji Repoleved VIP Emerald

    This is hilarious. To bad I slept through the worst of it :(.
     
    Zikeji, Apr 18, 2014
    #15
  16. megaboy

    megaboy I got this game for Fathers day VIP

    It's kind of sad. One person sent this to people as a joke and it went out of hand. GG.
     
    megaboy, Apr 18, 2014
    #16
    • Disagree Disagree x 1
  17. Mr. Disco

    Mr. Disco Jeff Lynne is a musical genius. VIP

    Highwon said if the link didn't work then you should make a batch file.. Although most people might know how, some don't. Here's how:

    Photo1.PNG

    Copy paste the code into notepad.

    Then you want to save it.
    Photo2.PNG
    Make sure the "Save as type:" selected as "All files"

    Then name it to anything you want. I named it "GMODFIX" after you've named it put a .bat after the name.

    Then put it in your garrysmod folder.

    Hope this helps,

    Legoguy939.
     
    Mr. Disco, Apr 18, 2014
    #17
    • Like Like x 2
    • Agree Agree x 1
  18. [LD] SDfool

    [LD] SDfool New Member

    Which Code do we copy and put in it though?
     
    [LD] SDfool, Apr 18, 2014
    #18
  19. Mr. Disco

    Mr. Disco Jeff Lynne is a musical genius. VIP

    This one:
     
    Mr. Disco, Apr 18, 2014
    #19
  20. Silent Rebel

    Silent Rebel Lead Shitposter VIP

    I think you should just take the servers down while this is going on.. Don't see any point in having them up if people are just getting vac banned.
     
    Silent Rebel, Apr 18, 2014
    #20
    • Dumb Dumb x 1
Page 1 of 2
Thread Status:
Not open for further replies.