Virus?

[Ed209]

OK, so I had it really bad. Was hijacking everything and i was unable to open my antivirus, task manager, etc.., and it was accessing adult sites etc at every opportunity. however I've just managed to get my antivirus updated and running (symantec End Point) after start up before the virus had a chance to kick in. It has apparently quarantined a Trojan-Horse.

The virus hasn't reared its ugly head since, does this mean i'm clean or could there be other stuff on there?... as i suspect.

Help would be appreciated. Thanks.

EDIT:

Just had a look at my AV log and it has quarantined

Trojan.FakeAV naofcsqtssd.exe

Trojan Horse 2c0b83fe-61849eb8

Edited May 4, 2010 by Ed209

[strudders]

OK some tools for cleaning.....

Rkill for killing processes allowing you to regain control of your PC Link

Malwarebytes can clean most of the infection Link

Spybot Search and Destroy Use this to clean as well... My preferred choice... Link

Hyjackthis used to eveluate your PC and post onto forums for help.. very useful Link

Cwshredder used to clean search malware infections.. excelent..... Link

aboutbuster used to identify the infect you have... Link

instruction for all are available.......

[ralph250]

OK, so I had it really bad. Was hijacking everything and i was unable to open my antivirus, task manager, etc.., and it was accessing adult sites etc at every opportunity. however I've just managed to get my antivirus updated and running (symantec End Point) after start up before the virus had a chance to kick in. It has apparently quarantined a Trojan-Horse.

The virus hasn't reared its ugly head since, does this mean i'm clean or could there be other stuff on there?... as i suspect.

Help would be appreciated. Thanks.

Edited May 4, 2010 by ralph250

[LondonTom]

That's a load of bollocks.

Your server is so insecure, an eight year old could hack it. I'm shocked it doesn't get hacked more often.

Not only is your server highly vulnerable, you leave your users vulnerable to not only malware but direct attacks from anyone who takes a dislike to them.

Don't believe me?

These users will be able to confirm that this information is correct.

[kerplunk]

I tried several times over the weekend but found that the Report Post button wasn't working for me again for reason or reasons unknown I've had the same issue a few times before but not consistently - it works just fine sometimes. I never got to the bottom of what the problem might have been. There's an old thread in "website wishlist and problems" forum about it. I also found the same on egigs last night when I tried to report some spam posts. On several different occasions over a long period of time now, I've found that when trying to report a post, it occasionally appears to "hang" on "waiting for efestivals.co.uk" after entering a message and clicking the submit button. When it's not apparently working, it's not working at all i.e. not just a temporary issue of some kind. Many repeated attempts also fail in the same way despite page refreshes, reboots, different browsers and trying again several hours later etc. However, when it works, it works and you get a "confirmation" message on screen straight away. On the last occasion, it wasn't working for me although other peeps had apparently submitted reports successfully around the same time so not necessarily an eFests problem and all that but I've absolutely no idea what causes it unfortunately.

oh first time I've heard of problems with the report button...

you could try a pm if similar circumstances arise - thanks for trying anyway.

[Ed209]

OK thanks.

I'll give that a go once my AV has finished its full scan

[paddydog]

Triton,

the issue that this thread refers to was fixed at 8:30 this morning. Guaranteed, 100%.

If there's other issues, I'd be grateful if you brought my attention to them via PM.

[eFestivals]

Triton's post appears to have been deleted. The content bothered me. Can you explain what you are doing to resolve this, please? All users of this site should be concerned that their IP address and operating system details are being broadcast by a third party.

There have been three linux engineers looking into each of the three efests servers since triton made that post. It is being given the utmost priority.

Things would be sorted sooner if triton hadn't unhelpfully waved it in my face but refuses to supply further info, leaving each of you more vulnerable than you were before his post.

FYI: what he's flagged up is of zero relevance to what has happened with this virus - so while what he's flagged up might be important in the grand scheme of things, it's nothing whatsoever to do with this, and my statement was 100% accurate - there are no issues here, and haven't been since 8:30am this morning.

[paddydog]

There have been three linux engineers looking into each of the three efests servers since triton made that post. It is being given the utmost priority.

Things would be sorted sooner if triton hadn't unhelpfully waved it in my face but refuses to supply further info, leaving each of you more vulnerable than you were before his post.

FYI: what he's flagged up is of zero relevance to what has happened with this virus - so while what he's flagged up might be important in the grand scheme of things, it's nothing whatsoever to do with this, and my statement was 100% accurate - there are no issues here, and haven't been since 8:30am this morning.

[eFestivals]

That is what I wanted to know. I wasn't concerned about the virus at this point and had not asked about it. Speaking as a user of your site I would rather that my personal data was secure and any vulnerabilities were highlighted by whatever means necessary.

All that's been "revealed" is your IP address and browser - something which every website you visit has details of, and things that are given to google by any site that uses google analytics.

If others having those details is a major concern to you then the only answer is to use no websites.

[incident]

Regardless of the rights and wrongs of the various flavours of Virus Protection (and I think timing will have played a huge part in that), something that's been overlooked is -

Please, don't use Adobe Reader. Anyone who didn't have it installed would've been absolutely fine. There's plenty free better, faster, and more secure alternatives out there. I use and would recommend PDF X-Change Viewer, but that's one of many options.

Edited May 4, 2010 by incident

[eFestivals]

something that's been overlooked is -

Please, don't use Adobe Reader. Anyone who didn't have it installed would've been absolutely fine. There's plenty free better, faster, and more secure alternatives out there. I use and would recommend PDF X-Change Viewer, but that's one of many options.

while that's true with this instance, it's no greater guarantee overall - the software you recommend is just as likely to have a flaw as any other software. The problem with such flaws is that once they become known they are able to be exploited.

[paddydog]

All that's been "revealed" is your IP address and browser - something which every website you visit has details of, and things that are given to google by any site that uses google analytics.

If others having those details is a major concern to you then the only answer is to use no websites.

[jonbob]

Triton's post appears to have been deleted. The content bothered me. Can you explain what you are doing to resolve this, please? All users of this site should be concerned that their IP address and operating system details are being broadcast by a third party.

[paddydog]

For a bit of perspective i'd point out that source IPs and OS details are standard parts of HTTP headers. Your IP is needed to send you the data, and the OS version is needed to send the right kind of page to you. By merely going on the internet you make this information public. They are also non-disclosing attributes which means its nearly impossible to extract personal info from them, and are notoriously unreliable for user info gathering.

[incident]

while that's true with this instance, it's no greater guarantee overall - the software you recommend is just as likely to have a flaw as any other software. The problem with such flaws is that once they become known they are able to be exploited.

[Tiddles]

Hi

Not sure if anyone else is getting this but everytime I now load efests I get a warning about a virus on the page

Edited May 4, 2010 by Tiddles

[jonbob]

I know. See my post above. It was not clear what other data may have been in the public domain that should not be.

[Triton]

I know. See my post above. It was not clear what other data may have been in the public domain that should not be.

[eFestivals]

Neil's got Linux engineers looking at the server, so I'm sure these issues will be resolved very soon.

They'll be resolved before the end of the day at latest.

However, they could be resolved far sooner if Triton chose to be helpful, which he doesn't appear to want to be.

Edited May 4, 2010 by eFestivals

[StoneCircle]

Regardless of the rights and wrongs of the various flavours of Virus Protection (and I think timing will have played a huge part in that), something that's been overlooked is -

Please, don't use Adobe Reader. Anyone who didn't have it installed would've been absolutely fine. There's plenty free better, faster, and more secure alternatives out there. I use and would recommend PDF X-Change Viewer, but that's one of many options.

[eFestivals]

They'll be resolved before the end of the day at latest.

I take that back.

Either they'll be resolved by the end of today or efestivals & egigs will be shut down forever by the end of today.

I've got to the point where I really don't give a shit which it is. The decision is in the hands of those who are meant to be fixing these extra things which are totally unrelated to the virus problem, and is no longer my decision.

I'll like to say it's been fun but that would be a lie.

[The Nal]

I take that back.

Either they'll be resolved by the end of today or efestivals & egigs will be shut down forever by the end of today.

I've got to the point where I really don't give a shit which it is. The decision is in the hands of those who are meant to be fixing these extra things which are totally unrelated to the virus problem, and is no longer my decision.

I'll like to say it's been fun but that would be a lie.

[paddydog]

Whats all this about then?

[eFestivals]

Whats all this about then?

the shit all round simply isn't worth the hassle from where I'm sat.

So either things are fixed today, or efests is dead. The decision ain't mine.

I'm off now for some nice relaxation. If efests ain't here in the morning then I can get back to a life, an abuse free life, and ten times the wages. I'm beyond caring which way it goes.