/!\ NOTHING IN THIS GUIDE WILL HARM YOUR GARY'S MOD /!\

[IF YOU CANNOT RUN .BAT FILES READ THE LINK LISTED BELOW]
http://facepunch.com/showthread.php?t=1386855


"Not 100% sure, but it seems they Hack into RCON (They can get your RCON password through clientside lua, even with client uploads disabled), put some files on there, then they use some other fancy doodads to infect the server and clients more."


RUN THIS CODE AS .BAT INTO THE GARY'S MOD FOLDER TO REMOVE EVERYTHING AUTOMATICALLY:

http://pastebin.com/J02RdbpT

As you may have heard, a large number of Gmod servers were recently compromised. Basically, affected servers were renamed to include "!!!" or "#" before and after their names, and affected users have also been renamed to include asterisks (I believe) in their names. Symptoms of infection include sending the message "*cough* *cough*" via both server chat and Steam chat to all friends.

What is it?
The exploit works via Gmod's Lua engine by uploading a malicious script to a server. This script then downloads a DLL file to connecting clients, which then executes code which, in this case, renames the Steam user and sends messages to their friends. This seems to be all this particular DLL is capable of, other than deleting itself after 10 hours.

Why does it exist?
This intrusion seems to be the result of an unorthodox "white-hat" hacker (a hacker who finds exploits and reports them to the software owner/maintainer, usually for monetary compensation). They apparently intended to get the attention of those who have the power to fix it, and that they did. More about that in the next point.

Should I be worried?
The particular incident I've described is harmless. However, the exploit itself could be very dangerous, as it would allow for malicious code to be downloaded to all clients connecting to a server, now that it's known. No abuses of it have been reported (at least, I haven't heard of them yet), but that doesn't mean you shouldn't be careful. Do not connect to any Gmod servers which have the aforementioned prefix/postfix, and try to avoid connecting to Gmod servers altogether for the next few hours, at least. A patch has been released, but you should allow servers ample time to deploy it.
If I've missed anything or gotten something wrong, please let me know so that I can edit the post accordingly. Good night, and stay safe everyone. :)

Edit #1: Here's a FacePunch thread with some more details on the exploit.
Additionally, infected clients have reportedly spammed the message "VINH'LL FIX IT@@" to server chats.

Edit #2: I seem to be slightly mistaken. The different messages appear to be products of different infections, but none of them are harmful. Just wanted to clear that up.


**** I do not own any of these possible fixes above I give full credit to the authors I am just trying to help fix the virus. Send this to infected people!

SOURCES:
http://www.reddit.com/r/pcmasterrace/comments/23esri/psa_garrys_mod_exploit/
http://www.reddit.com/r/gmod/comments/23essc/important_stay_away_from_gmod_and_steam_for_a_bit/
http://facepunch.com/showthread.php?t=1386818&p=44583860&viewfull=1#post44583860
http://facepunch.com/showthread.php?t=1386855