Virus?

[Gaz D]

So restart my computer and wile going trough the beginign bit with the black screen and white riteing press f8 repeatedley? how much ?

sorry for maybe asking what you may think is a silly question.

[frankie boy]

Dont think I would like to met these little shits I would proberly be up for a serious violent charge this has annoyed me incredibly and f**ked my bank holiday up

[rexclark]

Had one of these viruses a few weeks back, they're a right pain to get rid of but AVG seems to have caught it this time and I've checked it with Malwarebytes and norhing spotted.

[Gaz D]

It also downloaded a real nasty rootkit that needed flushing out, and there was a keylogger that sneaked in too. Very nasty, very difficult to shift.

[mikeb]

Even worse, Sun aren't planning to fix the problem until July!

Edited May 3, 2010 by mikeb

[mikeb]

Some more maybe useful info if you know what you're doing:

If you've got a handy firewall, then I suggest considering blocking 91.212.127.110 until further notice as that seems to me to be where this cr@p is currently originating from. It started being a problem late on Saturday 1st May although it could well have appeared any time after around midday but it certainly wasn't an issue on Saturday morning that's for sure.

PLEASE NOTE that this is absolutely NOT in any way a guaranteed solution to the problem or a long-term fix either of course because the malware will no doubt change download servers over time. However, all the apparently dodgy accesses that I've seen to date appear to resolve to that one single IP. Typical sources have been: ads.nu.mu, def.ignorelist.com, internal.ignorelist.com, external.ignorelist.com plus several others into the bargain ... but they all resolve to the same server at 91.212.127.110 Must say that I'm seriously tempted to block the entire IP allocation to Telos mind you as they've done b*gger all about apparently hosting and/or handling this cr@p despite reports ... and maybe I will do just that and sod 'em !!

Just out of morbid curiosity, I'm probably going to try reinstating Acrobat and unlocking Mr.Firewall just a little bit shortly just to see if blocking that IP resolves the issue completely for now. If I disappear for more than a couple of hours it's probably safe to assume that it all went t*ts up bigtime

EDIT: Yup, that stuffs it, no more unexplained Acrobat errors so that almost certainly proves where it's coming from I reckon. I'm currently blocking the entire Telos allocation 91.212.127.0 - 91.212.127.255 seeing as they clearly can't be @rsed to respond to abuse reports in anything remotely close to a timely manner. B@rstewards Will be removing all Adobe Cr@pware again mind you until I can somehow confirm that they've definitely fixed the issue for sure as well.

Edited May 3, 2010 by mikeb

[eFestivals]

the ads have been turned off on the forums for the moment, while this is investigated.

[scaryclaireyfairy]

hallelujah. i've missed this place but was too scared to come in until today.

edit: posting that gave me a virus warning. i'm outies.

Edited May 4, 2010 by scaryclaireyfairy

[verrymerry]

Mine got two yesterday, "Antispyware Soft" and it is a total bitch! Restoring my computer did it in the end (had to go via safemode) and then updated Java (actually just deleted it but you might wanna update) as I noticed my Java icon was coming up a lot and usually when on eFests. Also updated a million other things I should have done before like Adobe Reader etc

Fingers crossed it (my pc and eFests) seems to be ok, I really came on here as a test and so far so good...

[DJ Shakey]

It's not a vulnerability in Sun's Java JRE, but a vulnerability in Adobe Readers own Javascript.

Open Acrobat Reader / Edit / Preferences > then untick "Enable Acrobat Javascript"

That {should} prevent reinfection via the 3D parsing bug

[eFestivals]

I'm 95% sure that the issue has been identified and removed, tho am doing some final checks

[eFestivals]

while i can't 100% guarantee it, from testing on a second machine here, it appears that the issue is gone - I certainly got none of the same effects on that 2nd computer to what I got on this computer.

This computer wasn't infected BTW (up-to-date AV software, etc), but some actions were triggered - none of the same happened on that 2nd computer after making some changes here.

A further test was done with the ads restored, and again, nothing happened .... so I'm 99.99% sure the issue is fixed.

Please report any further problems to webmaster@efestivals.co.uk and not anywhere else - I might not see posts here.

[eFestivals]

any ideas about fixing an infected (broken) laptop?

outside of what people have already posted in this thread, nope, sorry.

and yes, I do have up to date anti-virus software

obviously not AV software that's very good.

Anyone want to tell me again that the free ones are as good as the paid-for ones?

[eFestivals]

I've got Norton... isn't that what you've recommended in the past? (which isn't the reason why I have it)

It's what I use (I don't particularly recommend it, tho there's no reason not to use it).

And it blocked my computer getting infected.

[ralph250]

any ideas about fixing an infected (broken) laptop?

and yes, I do have up to date anti-virus software

Edited May 4, 2010 by ralph250

[eFestivals]

well good for you...

I was simply making it clear that there's virus protection out there which does the job.

[eFestivals]

there was an element of gloating that people should get proper software (which I have), then they wouldn't have been infected... which I have been

No, it was a re-statement of what I've often said - that the free AV software is not of the standard of the paid-for alternatives. You get what you pay for.

Regarding Norton, I can only presume that your definitions were not up-to-date.

[scaryclaireyfairy]

well avast free protected me quite nicely.

[TYLER_4]

tonyblair: Super Anti Spyware is the best free software ive found for removing any virus, if you havent already sorted it

[jonbob]

Anyone want to tell me again that the free ones are as good as the paid-for ones?

[TYLER_4]

have to agree Norton has only ever been trouble for me, i rely on free software and ever since virus free

[eFestivals]

Norton is a god-awful piece of software,

I don't necessarily disagree, tho it gets virus', and it's anti-spam filtering for outlook is invaluable for dealing with the 3,000 or so spam emails I get each day.

[ralph250]

Was about 4-5 years ago now, but I had a Virus once, bought and installed Norton, updated definitions, found the virus, pressed delete and it told me it couldn't. Went out and bought Spyware Doctor and it found it, and deleted it straight away. Norton was a complete waste of time and money.

Think most have updated now, but I got windows 7 on release, and Malwarebytes/Superantispyware/Spyware Doctor & Antivirus weren't compatible on release so have just been making do with Avira which has been fine prior and plenty of times popped up with warnings/click don't allow etc (including on here a couple months ago when people were getting warnings).

This one bypassed it though.

[DougalMcGuire]

Just add an opinion for anyone now considering changing their AV after this fiasco, I always found Norton to be a lumbering beast of an app that slows down startup times by minutes and really takes it's time to scan things such as emails. And removing all traces of it completely proved nigh on impossible when I wanted to try something different.

And before anyone comes back with 'that's because it's doing it properly', I've tried various other FWs, AV's that work just as well without launching seventeen different processes and slowing the machine right up. The one I'd recommend without a doubt is ZoneAlarm Pro, which includes firewall, AV, phishing filter, spyware, creditcard protection, spam filter etc etc etc. (I think Kaspersky makes their AV)

I started using it two years ago and never once had a problem in that time. It's not free though, about £20, but that's for 3 PC's so £7 each if you've got two mates/siblings. And no I don't work for them, just a very satisfied customer.

This is just for those with little or no protection at the mo that want to beef up their security, I can't comment personally on whether it would have worked with the efest situation because I crossed to the dark side and bought a MAC a couple of months ago (which again I can't recommend highly enough, but that's a different argument for a different day on a different forum! )

[eFestivals]

without launching seventeen different processes

17? Not on mine.

Perhaps you had a virus?