Virus?

[st00ka]

Yep. Was a typo. Of course I didnt mean "Last one on drugs in a queer", I meant to say ""Washing machines live longer with Calgon"

[ThomThomDrum]

Out of curiousity then, what is the site actually run for?

[Rufus Gwertigan]

Not in hard water areas they don't.

[ThomThomDrum]

Are we on about Calgon or queers or drugs?

[elfimaju]

Are you allowed to take bottles into the arena?

[st00ka]

Are we on about Calgon or queers or drugs?

[eFestivals]

Out of curiousity then, what is the site actually run for?

to provide info as we see it.

Edited May 5, 2010 by eFestivals

[paddydog]

to prove info as we see it.

[worthyraver]

I might change sides, this way is easier

[st00ka]

I might change sides, this way is easier

[ThomThomDrum]

I might change sides, this way is easier

[al_coholic]

I suggest that as this thread is now full of random bollocks the original point has been lost and that is reason enough to close the thread

[st00ka]

I suggest that as this thread is now full of random bollocks the original point has been lost and that is reason enough to close the thread

[showmethestones]

That's all?

[ThomThomDrum]

Have we got a name for the virus yet?

It there an offical name like?

Can we make one up?

[Rufus Gwertigan]

Have we got a name for the virus yet?

It there an offical name like?

Can we make one up?

[st00ka]

Have we got a name for the virus yet?

It there an offical name like?

Can we make one up?

[eFestivals]

That's all?

Yep (I meant 'provide' not 'prove' - apologies for the typo)

As opposed to doing things in the way that will suck the greatest amount of money out of the greatest amount of people, which is the standard way that the majority of businesses work.

That difference is able to work here because there's clearly a market for a truthful angle rather than a contrived-for-money angle. I've been pleased to find out that there is, because looking outside it seems that today's world only wants fluff and no substance.

Taking the approach that we do doesn't mean that our readers will necessarily agree with us, but at least they'll be able to know that what is presented is presented as straight opinion and not something that's said for financial advantage thru lies.

There's another festivals website out there (at least one, perhaps more) which will print anything if they're paid enough (I know this is the case and have the emails to prove it - there's some very stupid people out there who send emails to the wrong place ). So while they might sometimes give a straight opinion there's no way for anyone to know if it's that.

[al_coholic]

you f**king stoopid w*nkers we had nearly got rid of it

[ThomThomDrum]

The *bump* virus it is so...........

It wont be long until Neil pours a little domestos on this thread so........

[st00ka]

you f**king stoopid w*nkers we had nearly got rid of it

[eFestivals]

If somebody gets a virus from a website, the website apologises, explains how it happened and fixes the issue, its real simple, its called customer service, something he knows very little about

This website has nothing to apologise for. This website has done nothing wrong.

Perhaps use this one instead?

http://www.pleasetellmewhatIwanttohearbutn...ngtruthful.twat

[ThomThomDrum]

This website has nothing to apologise for. This website has done nothing wrong.

Perhaps use this one instead?

http://www.pleasetellmewhatIwanttohearbutn...ngtruthful.twat

[st00ka]

Just in case anyone is still struggling.

copy of the email I posted Neil:

Hey Neil,

Think you'll probably know by now, but just emailing to say you got a Virus on the site at present. Picked it up around midnight Saturday night after switching my comp on and only opening my home page (just MSN main page) and efests. Eventually removed it manually through the registry, and thought I'd give it 24 hours before trying the site again to confirm whether efests was the source or if it had just been lying dormant from before, until I restarted my computer.

Just did 1.08 pm today and picked it up again, same thing.

Antispyware Soft, AVsoft and AVsuite all bundled. Just one of the ones that pretends to run a scan and inform you that your computer is infected to try and trick you into signing up for removal. Opens webpages with things such as Viagra.com, Adult.com, Porno.com, opens a pretend Action Centre telling you your antivirus' are disabled etc.

Pretty nasty at first once fully up, as doesn't allow you to open anything and just blocks it (Couldn't close it in task manager etc, "task manager is infected", "help and support" is infected etc). Managed to get Avira to do a scan, and found some detections but it didn't close the pretend scanners etc, did a scan again in safemode but wasn't active there. Restarted, closed the process in task manager before it was started and removed the registry values found in the two sites below.

http://www.2-spyware.com/remove-antispyware-soft.html

http://www.malwarehelp.org/antivirus-suite-removal-2010.html

Pretty sure all clear now.

(need to go into type regedit into search; may want to backup first and don't delete anything else, and everything might not be there, eg I didn't have anything in policies and I didn't delete proxyoverride as it was set to its default <local> )

Kill processes: (using task manager, do this as soon as you start the computer up, it won't work once the virus is up and running).

[random]tssd.exe (eg. I had wolqiddtssd.exe)

Delete registry values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "" (again it'll be tssd)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun ""

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyServer" = "http=127.0.0.1:5555"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = ".exe"

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "RunInvalidSignatures" = "1"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "ProxyOverride" = ""

HKEY_CURRENT_USERSoftwareAvScan

Delete files:

[random]tssd.exe

----

Antivirus Suite Associated Files and Folders

C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe

C:\WINDOWS\Prefetct\N0.EXE-072D4DFD.pf

C:\WINDOWS\Prefetch\YYBEXFOTSSD.EXE-00412335.pf

Some of the file names may be randomly generated. The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Antivirus Suite Associated Registry Values and Keys

HKEY_CURRENT_USER\Software\avsoft

HKEY_CURRENT_USER\Software\avsuite

HKEY_CURRENT_USER\Software\avsuite\knkd=1

HKEY_CURRENT_USER\Software\avsuite\aazalirt=1

HKEY_CURRENT_USER\Software\avsuite\skaaanret=1

HKEY_CURRENT_USER\Software\avsuite\jungertab=1

HKEY_CURRENT_USER\Software\avsuite\zibaglertz=1

HKEY_CURRENT_USER\Software\avsuite\iddqdops=1

HKEY_CURRENT_USER\Software\avsuite\ronitfst=1

HKEY_CURRENT_USER\Software\avsuite\tobmygers=1

HKEY_CURRENT_USER\Software\avsuite\jikglond=1

HKEY_CURRENT_USER\Software\avsuite\tobykke=1

HKEY_CURRENT_USER\Software\avsuite\klopnidret=1

HKEY_CURRENT_USER\Software\avsuite\jiklagka=1

HKEY_CURRENT_USER\Software\avsuite\salrtybek=1

HKEY_CURRENT_USER\Software\avsuite\seeukluba=1

HKEY_CURRENT_USER\Software\avsuite\jrjakdsd=1

HKEY_CURRENT_USER\Software\avsuite\krkdkdkee=1

HKEY_CURRENT_USER\Software\avsuite\dkewiizkjdks=1

HKEY_CURRENT_USER\Software\avsuite\dkekkrkska=1

HKEY_CURRENT_USER\Software\avsuite\rkaskssd=1

HKEY_CURRENT_USER\Software\avsuite\kuruhccdsdd=1

HKEY_CURRENT_USER\Software\avsuite\krujmmwlrra=1

HKEY_CURRENT_USER\Software\avsuite\kkwknrbsggeg=1

HKEY_CURRENT_USER\Software\avsuite\ktknamwerr=1

HKEY_CURRENT_USER\Software\avsuite\iqmcnoeqz=1

HKEY_CURRENT_USER\Software\avsuite\ienotas=1

HKEY_CURRENT_USER\Software\avsuite\krkmahejdk=1

HKEY_CURRENT_USER\Software\avsuite\otpeppggq=1

HKEY_CURRENT_USER\Software\avsuite\krtawefg=1

HKEY_CURRENT_USER\Software\avsuite\oranerkka=1

HKEY_CURRENT_USER\Software\avsuite\kitiiwhaas=1

HKEY_CURRENT_USER\Software\avsuite\otowjdseww=1

HKEY_CURRENT_USER\Software\avsuite\otnnbektre=1

HKEY_CURRENT_USER\Software\avsuite\oropbbsee=1

HKEY_CURRENT_USER\Software\avsuite\irprokwks=1

HKEY_CURRENT_USER\Software\avsuite\ooorjaas=1

HKEY_CURRENT_USER\Software\avsuite\id=71.1

HKEY_CURRENT_USER\Software\avsuite\ready=1

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures=no

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download\RunInvalidSignatures=1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer=http=127.0.0.1:5555

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride=

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes=.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation=1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\rhdfdvqt=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\UserRequestedUpdate=0

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhdfdvqt=C:\Documents and Settings\malwarehelp.org\Local Settings\Application Data\xhgskppga\yybexfotssd.exe (again it'll be random)

The term malwarehelp.org or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

[The Nal]

This website has nothing to apologise for. This website has done nothing wrong.

Perhaps use this one instead?

http://www.pleasetellmewhatIwanttohearbutn...ngtruthful.twat