Jump to content

  • Sign Up!

    Join our friendly community of music lovers and be part of the fun 😎

Virus?

Guest NeilVJ

By Guest NeilVJ
in Website wishlist & problems

 Share

Recommended Posts

strudders Newbie

strudders

Posted
Posted
Breakdown of this thread:

Pre-Neil's arrival:

97 % trying to sort the damn virus out

3 % Moaning

The Rest of it:

5 % Trying to sort the damn virus out

10 % Moaning

3% Sucking up to Neil

12 % Criticising the moaning

13% Criticising the criticism

20% Criticising something else

35% Telling everyone to shut up and drop it

2% Misc - boobs, bombing china, banter (the three essential Bs covered there)

:P:P

Link to comment
Share on other sites
  • Replies 670
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

StoneCircle Mentor

StoneCircle

Posted
Posted (edited)
Some of you really do not understand what this site is about.

First off I threw all my toys out the pram on Sunday and had a dig on Tuesday, but after it was explained what had occurred accepted what was what and moved on.

But I also accepted my responsibility

I am not going to blow smoke up Neil's arse, we disagree on lots and I expect he does not respect me any more than the next person on this board, he is not is he what I call a people person but hey I signed up as all you did.......

Yet some of you seem to think he and Efests owe you something.

However you pay nothing, take everything then bitch and whine when you dont get it.

I owe this site a great deal over the last two years an more so in the past year.

I accept that Neil may not be the webmaster you all think he should but then again it's his ball and he can play with it the way he likes.

I have been watching this thread all day and wonder at what point you will all stop bitching at moaning... when its pulled? when your banned? when you see other banned?

To be fair I really dont care anymore what you all think or say, its got to a point now where you are digging at the guy who ownes, runs and supports this site just because you cant be arsed to look past the very reason for its existence.

What I am saying is I respect Efests, I respect the people on here I call friends, real friends and not some sort of virtual camp-fire names, people who have look ed after me this year and done some great things for me.

If your so f**king dense that you cant see that the issue whilst coming from here but if infecting your PC is your problem then you are lost in my eyes......

at the end of the day if your so worked up and so pissed off with efets that you feel the need to keep posting sjit, then why dont you f**k off and find another site because we really dont need you...

Neil and the guys here a job that is thankless when its going great and the spawn of the devil when its not, me included in that. However at the end of the day you all pay nothing to be here and as Neil says you pay for what you get.....

So flame away, call me a c**t, I dont c are because I am sick of some of your attitudes to the site and dont give a f**k, I have thick skin and have a lot more going on than a bunch of whiny arsed moaning shit heads who dont no a good thing when they see it...

Shit happens, it Happened over the weekend, its sorted now move on or f**k off.......

Edited by StoneCircle
Link to comment
Share on other sites
Pilton Newbie

Pilton

Posted
Posted
Some of you really do not understand what this site is about.

First off I threw all my toys out the pram on Sunday and had a dig on Tuesday, but after it was explained what had occurred accepted what was what and moved on.

But I also accepted my responsibility

I am not going to blow smoke up Neil's arse, we disagree on lots and I expect he does not respect me any more than the next person on this board, he is not is he what I call a people person but hey I signed up as all you did.......

Yet some of you seem to think he and Efests owe you something.

However you pay nothing, take everything then bitch and whine when you dont get it.

I owe this site a great deal over the last two years an more so in the past year.

I accept that Neil may not be the webmaster you all think he should but then again it's his ball and he can play with it the way he likes.

I have been watching this thread all day and wonder at what point you will all stop bitching at moaning... when its pulled? when your banned? when you see other banned?

To be fair I really dont care anymore what you all think or say, its got to a point now where you are digging at the guy who ownes, runs and supports this site just because you cant be arsed to look past the very reason for its existence.

What I am saying is I respect Efests, I respect the people on here I call friends, real friends and not some sort of virtual camp-fire names, people who have look ed after me this year and done some great things for me.

If your so f**king dense that you cant see that the issue whilst coming from here but if infecting your PC is your problem then you are lost in my eyes......

at the end of the day if your so worked up and so pissed off with efets that you feel the need to keep posting sjit, then why dont you f**k off and find another site because we really dont need you...

Neil and the guys here a job that is thankless when its going great and the spawn of the devil when its not, me included in that. However at the end of the day you all pay nothing to be here and as Neil says you pay for what you get.....

So flame away, call me a c**t, I dont c are because I am sick of some of your attitudes to the site and dont give a f**k, I have thick skin and have a lot more going on than a bunch of whiny arsed moaning shit heads who dont no a good thing when they see it...

Shit happens, it Happened over the weekend, its sorted now move on or f**k off.......

Link to comment
Share on other sites
stuartbert two hats Grand Master

stuartbert two hats

Posted
Posted
I was not going to jump on this whole virus band wagon, I was going to leave it right alone...however, I do feel compelled to say something...and that is...Mr Pilton as most of you know runs pilton.com...this he does completyl free, he spends many many many hours on updating the site.

He started the site initially as a thank you becouse we had moved to the area, with a large family and had recieved such a warm welcome.

Now the site has become so large that we have people all over the world looking at it and the local community rely on it.(so we are told)

The reason I am saying all this out is just to piont out, that We KNOW our site brings a lot of enjoyment to people....it's free, but if we cocked up somehow (although....Mr Pilton...does not cock up), then we would expect some kind of understanding, given we produce something people, use, get enjoyment from...and does a lot of good. Pilton sighning out!!

Link to comment
Share on other sites
Pilton Newbie

Pilton

Posted
Posted
You'd probably apologise graciously if you accidentally have a virus to a load of people - even if it wasn't actually your fault. The quote from the Register earlier on was the classy way to do it. Anyway, I'm only on the thread for advice, many many thanks to those who replied.
Link to comment
Share on other sites
TazOnSpeed Newbie

TazOnSpeed

Posted
Posted
Really up to you, it worked for me, and it's not too many registry keys as 30-40 are just those contained in HKEY_CURRENT_USER\Software\avsuite

eg. HKEY_CURRENT_USER\Software\avsuite\aazalirt=1

HKEY_CURRENT_USER\Software\avsuite\skaaanret=1

HKEY_CURRENT_USER\Software\avsuite\jungertab=1

HKEY_CURRENT_USER\Software\avsuite\zibaglertz=1

Just delete AVsuite there and it'll delete all the entries within its folder.

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"

was duplicated in both, as was:

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

Pretty sure the ones I found and removed are those red coloured, though could be different for different users I'd guess:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "" (again it'll be ending tssd)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun ""

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""

HKEY_CURRENT_USERSoftwareAvScan

Delete files:

[random]tssd.exe (see below)

----

Antivirus Suite Associated Files and Folders

C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe

C:\WINDOWS\Prefetct\N0.EXE-072D4DFD.pf

C:\WINDOWS\Prefetch\YYBEXFOTSSD.EXE-00412335.pf

Some of the file names may be randomly generated. The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antivirus Suite Associated Registry Values and Keys

HKEY_CURRENT_USER\Software\avsoft

HKEY_CURRENT_USER\Software\avsuite

HKEY_CURRENT_USER\Software\avsuite\knkd=1

HKEY_CURRENT_USER\Software\avsuite\aazalirt=1

HKEY_CURRENT_USER\Software\avsuite\skaaanret=1

HKEY_CURRENT_USER\Software\avsuite\jungertab=1

HKEY_CURRENT_USER\Software\avsuite\zibaglertz=1

HKEY_CURRENT_USER\Software\avsuite\iddqdops=1

HKEY_CURRENT_USER\Software\avsuite\ronitfst=1

HKEY_CURRENT_USER\Software\avsuite\tobmygers=1

HKEY_CURRENT_USER\Software\avsuite\jikglond=1

HKEY_CURRENT_USER\Software\avsuite\tobykke=1

HKEY_CURRENT_USER\Software\avsuite\klopnidret=1

HKEY_CURRENT_USER\Software\avsuite\jiklagka=1

HKEY_CURRENT_USER\Software\avsuite\salrtybek=1

HKEY_CURRENT_USER\Software\avsuite\seeukluba=1

HKEY_CURRENT_USER\Software\avsuite\jrjakdsd=1

HKEY_CURRENT_USER\Software\avsuite\krkdkdkee=1

HKEY_CURRENT_USER\Software\avsuite\dkewiizkjdks=1

HKEY_CURRENT_USER\Software\avsuite\dkekkrkska=1

HKEY_CURRENT_USER\Software\avsuite\rkaskssd=1

HKEY_CURRENT_USER\Software\avsuite\kuruhccdsdd=1

HKEY_CURRENT_USER\Software\avsuite\krujmmwlrra=1

HKEY_CURRENT_USER\Software\avsuite\kkwknrbsggeg=1

HKEY_CURRENT_USER\Software\avsuite\ktknamwerr=1

HKEY_CURRENT_USER\Software\avsuite\iqmcnoeqz=1

HKEY_CURRENT_USER\Software\avsuite\ienotas=1

HKEY_CURRENT_USER\Software\avsuite\krkmahejdk=1

HKEY_CURRENT_USER\Software\avsuite\otpeppggq=1

HKEY_CURRENT_USER\Software\avsuite\krtawefg=1

HKEY_CURRENT_USER\Software\avsuite\oranerkka=1

HKEY_CURRENT_USER\Software\avsuite\kitiiwhaas=1

HKEY_CURRENT_USER\Software\avsuite\otowjdseww=1

HKEY_CURRENT_USER\Software\avsuite\otnnbektre=1

HKEY_CURRENT_USER\Software\avsuite\oropbbsee=1

HKEY_CURRENT_USER\Software\avsuite\irprokwks=1

HKEY_CURRENT_USER\Software\avsuite\ooorjaas=1

HKEY_CURRENT_USER\Software\avsuite\id=71.1

HKEY_CURRENT_USER\Software\avsuite\ready=1

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures=no

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures=1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=http=127.0.0.1:5555

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride=

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation=1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rhdfdvqt=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\UserRequestedUpdate=0

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhdfdvqt=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe (again it'll be random)

The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

http://www.2-spyware.com/remove-antispyware-soft.html

http://www.malwarehelp.org/antivirus-suite-removal-2010.html

...as I've tried to emphasise though, don't alter or delete anything your unsure of in the registry, and familiarise yourself with it first, and go slowly and carefully.

There is a degree of risk obviously with mucking about the registry if you delete something you shouldn't. It's got all the settings of every thing pretty much on your computer.

If can manage to get online and can download Rkill and Malwarebytes, then probably best to try those if not comfortable altering the registry. They seem to have worked for most here. Doing it manually will help if can't get online to download them.

Remember you need to kill the process of the virus first regardless (Rkill will do this if you can get online; if not then on switching on your computer and booting into windows, as soon as up, control-alt-del and enter task manager, look for processes (it's the second tab), and right click and end process of the one ending tssd.exe (eg. I had wolqiddtssd.exe). You'll have to do this very quickly, otherwise the fake scanner program kicks in.

Whether it helps might depend on how infected your computer is aswell, as TonyBlair thinks his is probably more infected, as is probably the person getting blue screens earlier so not sure about them.

Good luck and be careful.

edit: and if got an AV, run a virus check after obviously to check if picks anything else up.

Link to comment
Share on other sites
Mahdnyw Newbie

Mahdnyw

Posted
Posted

Why do people always have to have someone else to blame, oh no, it's never your fault is it? :P

Most viruses get on the system due to user error. If your system is not secure enough then that is your problem, not this website :P

Link to comment
Share on other sites
al_coholic Experienced

al_coholic

Posted
Posted
sorry for resuscitating this thread (it's only a thread, you don't have to read it or even acknowledge it if you want... :P ), but having spent some time and money on sorting my laptop out, I'd like some info from anyone who feels knowledgable enough to give it, and you DJ Shakey, seem like a good person to start with...

first... Firewalls. My Norton anti-virus says it works better with my Firewall off. Is this partly why I got infected? and should I have my firewall on or off?

also, these other downloadable programmes, like the ones you've mentioned (malwarebytes, myantispyware, etc), are they good? I've been told in the past that some of them are just as bad as the viruses themselves. Is this true?

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

Norton has it's own firewall built in, I think (I don't use Norton) but I would always have the router's firewall enabled. Far better to stop nasties at the router stage than when they hit your computer.

Edited by Ommadawn
Link to comment
Share on other sites
t0paz Proficient

t0paz

Posted
Posted

Norton won't have anything to do with your router. You router will have a firewall too but unless you've spent a lot of money and set it up properly it will be pretty basic. It's all about having multiple layers of protection so have one on your PC too. Norton has it's own firewall so they recommend you turn off the Windows one so they don't conflict.

I think this is perfectly reasonable to post in this topic as it's to do with the original post. If the moderators want to move it out of this forum then it's up to them.

Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted
I have BT homehub. I'll check what it's firewall capabilities later... ta

It can't stop this virus getting onto your PC, no firewall can.

The best any firewall will manage to do is to get you to confirm or not that the virus already on your PC can access the 'net (ZoneAlarm would do this [if set up that way], for example).

However, the firewall in your BT hub *has to* work in a different way - it works by allowing traffic back to your PC (or onto your network if you have one) where the request for that data back has originated from an outwards request by a program on your home network (with includes a single PC). As the virus makes that outward request (as did the process that had it installed in the first place), then data will always come back to your PC.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...