Virus?

[JimOfTheJungle]

That's fine. It's your choice, a choice I accept your right to have.

I have freely available choices too. I could choose to block your access here, so that as well as not being associated with this site via your choice you're not associated with it by my choice too.

Just as well the world is not full of people as grumpy as you, eh? Yep, not even me.

[worthyraver]

If I've been amiss with something here (which I haven't), then exactly the same applies with your own PC where you haven't taken every measure possible to stop such things happening (because: my AV software stopped my PC becoming infected, it told me that it had).

[eFestivals]

So there is nothing you can do in future to prevent your site from running infected ads?

I can offer no greater a guarantee that you can for your own PC becoming infected.

This site did NOT run "infected ads". This site was hacked. What was hacked has been identified, and that vulnerability has been closed.

It is not possible to give a meaningful guarantee that the same will not happen again - and that applies to any other website too, and any PC. This website is no more vulnerable to attack than any other website, or your own PC.

[Ed209]

I had a fully up to date symantec end point (which I'm fairly certain is considered to be very good) and I got it, bad. Can we please stop having smug comments about peoples AV software. It's not cool or helpful.

I'm going to have to do a rebuild so not very happy. I realise it's not efestivals fault directly, but Neil, I think it's rude to not offer any apology for what has gone on. Sometimes as a business things that piss off your customers are out of your control, but you still have to give them an apology. People use your site in good faith that it is clean, a sorry when that wasn't the case would be appreciated. Unfortunately the response we did get was fairly predictable. I would have been blown over if we had received a proper apology from efests, whereas I'm sure a lot of other websites would be groveling to their customer base now.

[eFestivals]

Yeah you could ban me if you wanted, I'm hardly a trouble causer though. I'm just pointing out that while you do a cracking job of running a website, you dont seem too good at PR. And dont like criticism much either.

Any criticism levelled at me for "allowing" this website to become infected applies no less to any user who "allowed" their PC to become infected.

[sisterofmercy]

Not sure if you are purposefully missing the point, or that you really dont see it. Either way I will lose the will to live if I carry on with this. I was totally unaffected so I dont know why I am bothering in any case.

To everybody else, you did not need anti-virus to protect from this one as it turned out, still good to have it though of course, just running flashblock and adblockplus would have been sufficient, of course to do so you would have to be running Firefox.

[ampersand]

is the adobe pop up linked to this or is that unrelated to this site?

was still getting this this morning, and only just been brave enough to come on here at work...

[eFestivals]

I had a fully up to date symantec end point (which I'm fairly certain is considered to be very good) and I got it, bad. Can we please stop having smug comments about peoples AV software. It's not cool or helpful.

It *IS* helpful, tho it doesn't resolve the issue you have already.

Some AV software stopped people getting infected (as mine did, as it told me it had).

I'm going to have to do a rebuild so not very happy. I realise it's not efestivals fault directly, but Neil, I think it's rude to not offer any apology for what has gone on. Sometimes as a business things that piss off your customers are out of your control, but you still have to give them an apology. People use your site in good faith that it is clean, a sorry when that wasn't the case would be appreciated. Unfortunately the response we did get was fairly predictable. I would have been blown over if we had received a proper apology from efests, whereas I'm sure a lot of other websites would be groveling to their customer base now.

I'm sorry that there's scumbag hackers who will attack any system that takes their eye.

I've been attacked, you've been attacked. It's a shit for both of us .... but just me is getting the abuse for it.

[ralph250]

I'm going to have to do a rebuild so not very happy.

[sisterofmercy]

is the adobe pop up linked to this or is that unrelated to this site?

was still getting this this morning, and only just been brave enough to come on here at work...

[eFestivals]

is the adobe pop up linked to this or is that unrelated to this site?

was still getting this this morning, and only just been brave enough to come on here at work...

Any issue on this website was resolved by 8:30am this morning.

[JimOfTheJungle]

Any criticism levelled at me for "allowing" this website to become infected applies no less to any user who "allowed" their PC to become infected.

[worthyraver]

Actually that's not entirely true; you can get Chrome extensions for that also.

[DJ Shakey]

To recap (from my own investigations and testing):

It seems to get in via different stages. I think it is along the lines of:

1 - a dodgy PDF file has code in it that exploits a bug in Adobe Reader (that Adobe haven't addressed yet).

2 - this crashes Adobe Reader in such a way that it can install something without your agreement, this is the xxxxxtssd.exe file that gets installed. The way this gets installed is clever enough to avoid being picked up by (some) resident virus scanners (but will get picked up by a full virus/malware scan)

3 - if you have a firewall, you get a firewall message asking if you give permission for xxxxxtssd.exe to access the Internet. If you say no, you don't get the really nasty malware, but you still have xxxxxtssd.exe running, and it will start each time you reboot cause it's put something in the Registry.

4 - if you don't have a firewall, or the firewall lets it through (I said yes to it to see what would happen, before rebuilding my PC), then the xxxxxtssd.exe accesses the Internet and installs the really nasty malware (called Antispyware Soft) that tells you about having loads of viruses, changes your Internet settings, and stops you opening any applications. This is when it gets even more difficult to remove.

Some tips on how to get rid of it here:

http://www.myantispyware.com/2010/04/15/ho...l-instructions/

You can either manually get rid of it, if you know what you're doing. Or download and run the following:

http://www.malwarebytes.org/

Edited May 4, 2010 by DJ Shakey

[scaryclaireyfairy]

i appreciate that it was a bank holiday and all but in having only one admin that could do something but who was busy (cos people have lives), this meant the site was up and running for 2 full days while infected with no warning, nothing. that's pretty brutal.

i know you said only 4 people emailed and no-one called, but believe me, if i had your phone number i would have called. i didn't see the point in emailing cos if you were online you'd already know about the problem by coming on here.

in short, no, efests is not responsible for the virus or the havoc it caused people initially, but the fact it was allowed to continue for so long and additional people had problems is.

[Langdale Wolf]

I think I was one of the lucky ones - I never received even a warning from my AV software over the weekend.

I don't know if that means it's simply a good AV programme or what as I'm utterly clueless when it comes to this sort of thing.

Hope everyone is sorted soon.

[ampersand]

Any issue on this website was resolved by 8:30am this morning.

[sisterofmercy]

in short, no, efests is not responsible for the virus or the havoc it caused people initially, but the fact it was allowed to continue for so long and additional people had problems is.

[eFestivals]

apart from a lack of humility, you've blamed people for not having the proper a/v software, which, as has been pointed out, whether it's free or the best one you can buy, is never going to be 100% reliable. ...

I've not "blamed" anyone.

I have pointed out that some AV software has stopped people becoming infected while other AV software has not.

======

As a totally separate statement, that people can chose to take on board or not.....

I've been using Norton for around 20 years. I've *NEVER* become infected by any virus. Any person's anti-virus protection is only ever as good as the AV software they're using (including how up-to-date it is) - and some software is not as good as others, despite the claims made for it.

[eFestivals]

i appreciate that it was a bank holiday and all but in having only one admin that could do something but who was busy (cos people have lives), this meant the site was up and running for 2 full days while infected with no warning, nothing. that's pretty brutal.

i know you said only 4 people emailed and no-one called, but believe me, if i had your phone number i would have called. i didn't see the point in emailing cos if you were online you'd already know about the problem by coming on here.

in short, no, efests is not responsible for the virus or the havoc it caused people initially, but the fact it was allowed to continue for so long and additional people had problems is.

1. incorrect.

2. the phone number is available to anyone that wants it, on the contact page. It seems your claim is greater than your actions.

3. can I please borrow your psychic skills.

[cejx]

crikey - what a mess! Thank god I'm Mac based!

[mandypants]

I wasn't willing to stay on this website any longer so looking up any email addresses or phone numbers on this website wasn't possible. My (free) AV protected my computer but I'm not willing to risk staying on a website that is infected.

[ralph250]

i know you said only 4 people emailed and no-one called, but believe me, if i had your phone number i would have called. i didn't see the point in emailing cos if you were online you'd already know about the problem by coming on here.

Edited May 4, 2010 by ralph250

[Rufus Gwertigan]

I think I was one of the lucky ones - I never received even a warning from my AV software over the weekend.

I don't know if that means it's simply a good AV programme or what as I'm utterly clueless when it comes to this sort of thing.

Hope everyone is sorted soon.

[Langdale Wolf]

No. It probably means the virus recogised your PC as an outdated piece of crap and left it alone