posted on February 22, 2009 01:40:28 PM new
You might want to think twice before you click on auctions with pictures hosted by Auctiva - don't click to enlarge.
Appearently Auctiva servers have been infected with some kind of Trojan:
posted on February 22, 2009 01:45:37 PM new
Yes, it has been happening since they system update Thursday night. Ugly stuff! Luckily the viruses are getting blocked by most active virus scanners but I feel for those people who may not have one installed.
posted on February 22, 2009 06:57:50 PM new
Holy carp! I can't remember Vendio ever transferring viruses! Edited to add: if most anti-virus programs can detect this, why didn't Auctiva detect this before they added this to their update?
[ edited by pixiamom on Feb 22, 2009 07:03 PM ]
posted on February 22, 2009 07:35:30 PM new
I wonder if it is this? UDXFYTW.sys
I had this one on my computer over the weekend and it deletes all of your cookies and temp internet files. Plus it watches your key strokes..
It is nearly impossible to get rid of. Anti virus will not block it nor delete it. It attaches itself in the System32 file within windows and can only be deleted if you are disconnected from the internet and on a fresh boot. Then you have to move it to your recycle bin (you cannot delete from the System32 folder). Then you can empty your recycle bin. Then shut down (not just reboot) your computer. That seems to cure it. I guess time will tell.
posted on February 22, 2009 08:07:44 PM new
Stone - It wasn't that.
This is from Auctiva:
Update - Our engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up on our site is because some of our machines were injected with malware originating in China. The malware we believe to be at fault has also hit a number of other high profile websites over the past 6 months.
If our current suspicions about what happened are correct, we know some things we can do to prevent this from happening again, but some additional investigation will be required before we reach a conclusive determination.
The affected machines are no longer in our rotation so it is currently safe to navigate the Auctiva website, however, if you did visit our site between Thursday evening and Saturday afternoon at about 2 PM PT, as a precautionary measure, we recommend taking the following actions to ensure that your computers are not infected:
1) Clear your browser cache, delete ALL temporary internet files, and restart your browser.
2) If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3) Make sure you are running some reputable antivirus software (AVG is available for free at http://free.avg.com and is known to catch this malware)
4) Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.
We will post further updates on this situation to this thread as additional information becomes available. If you have any additional questions, please feel free to contact our customer support team using the appropriate link on our help page: http://www.auctiva.com/help/requesthelp.aspx
-----------------
I got it and it was quite easy to get rid of. It wasn't a keystroke virus!
posted on February 23, 2009 12:59:25 PM new
I had the Vundo trojon last week and pop-ups. My daughter helped me rid everything. I run McAffee in the background and it did not stop it. I disconnected the internet and ran malware and ad-aware, several times. I even had to turn off my explorer to keep the pop-ups while running these programs. What a pain. All seems well right now, and I have no idea where it came from. I normally do not surf much.
posted on February 23, 2009 08:39:55 PM new
I still would not visit their site or click on any auction pictures that go to their site until they get this hashed out. they say their checkout and pictures are safe but they have lost my trust.
This just came in:
SUBJECT: Information regarding Auctiva’s Site Warning
February 23, 2009
7:30 PM PST
On Thursday, February 19 we discovered the presence of malware on the Auctiva servers. This caused Google to flag Auctiva as a dangerous site. Our Systems Engineers identified the malware through our monitoring system and they immediately began working to isolate the infected servers and take them offline. During this process the site was running on fewer servers and you may have experienced some delays.
The infected servers were wiped clean and by Saturday morning, most servers were put back online. As of Sunday night, Google rescanned Auctiva.com and determined we were safe to navigate. However, upon continued monitoring today, additional malware was detected and we decided to temporarily take Auctiva.com offline to eliminate the possibility of further infection. We take the security of our site very seriously. We have identified the source of the problem and we are working 24/7 to resolve the issue. We will bring Auctiva.com back online once we are confident we can provide the level of safety and security for our customers that we have for the past 10 years.
What can you do now?
If you visited www.auctiva.com between Thursday evening and Saturday afternoon at about 2 PM PST, as a precautionary measure we recommend taking the following actions to ensure that your computers are not infected:
Clear your browser cache, delete ALL temporary internet files, and restart your browser. For instructions specific about your browser: http://community.auctiva.com/eve/forums/a/tpc/f/1081020411/m/11910151?r=31410571#31410571
If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
Make sure you are running reputable antivirus software.
Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.
During this time your Auctiva Checkout, scheduled listings, and images, templates and scrolling gallery in listings on eBay will remain available.
posted on February 24, 2009 06:15:15 PM new
Two things I did to cure my problem was to download malwarebytes anti-malware and spyware terminator.
The malwarebytes did about 90% of the repairs and the spyware terminator did the clean up. Now my computer is running as good as it has in a long time. I should have done it months ago.
