Whedonesque : Comments on 18108 : Whedonopolis write up of Dr. Horrible Halloween Screening.

This site will work and look better in a browser that supports web standards, but it is accessible to any browser or Internet device.

November 13 2008

Whedonopolis write up of Dr. Horrible Halloween Screening. One Whedonopolis member writes up an account of the event, with some funky pictures.

NYPinTA | Dr. Horrible | 06:47 CET | 28 comments total | tags: red double decker tour bus, swaying lights and cellphones, report, pictures, dr.horrible

There are a bunch of pictures in the gallery. (Found a good one of my daughter & her friend, yay!)

jcs | November 13, 07:01 CET

There are a bunch of pictures in the gallery.

Actually, that's "picturs".

The One True b!X | November 13, 07:12 CET

They are seemingly endless, these "picturs". Help me, mine eyes are numb...

zeitgeist | November 13, 07:14 CET

Wait... did I actually write "picturs"? Gorram it. Someone stole the E again. Frelling E thief.

NYPinTA | November 13, 07:38 CET

E-thievery should be punishable by death.

Caroline | November 13, 07:39 CET

I have no idea if you wrote "picturs". I just know they did.

The One True b!X | November 13, 07:54 CET

Yes, the dreaded E Thief was Dr. Horrible's main rival for that open ELoE spot, but I think you can see why he didn't make it: nobody wants to join the "Vil Lagu of Vil".

cabri | November 13, 07:56 CET

I went to that page and immediately picked up a Trojan horse which crashed my system and appears to still be mucking up the works... (Avast flagged it, but apparently failed to contain it on the first try.) I'm currently trying to get rid of it when the whole reason I was up now is that I have an overdue assignment I'm supposed to be working on. Beware!

Shmuel | November 13, 09:10 CET

The first time I loaded that page, a file called "doc.pdf" downloaded to my desktop. But then I could not replicate the event, and so I assumed I was mistaken about the cause.

So that's two of us that had something automatically and mysteriously downloaded from this page.

[ edited by theonetruebix on 2008-11-13 09:17 ]

The One True b!X | November 13, 09:17 CET

Oh! I noticed that and was looking for a pop-up ad but there wasn't any so I thought it was just a hiccup on the site. :(

cabri | November 13, 09:25 CET

Have squished it, I think. You might check your Windows system folder for brastk.exe... in my case, it was responsible for a window popping up claiming that I was infected with spyware, which would then download what appeared to be a bogus antivirus program. (Fortunately, these people never hire copyeditors and invariably commit errors in spelling and grammar...) Killed the process, deleted that file, plus a couple of others that I forget the names of.

Shmuel | November 13, 09:55 CET

"So that's two of us that had something automatically and mysteriously downloaded from this page."

Make that at least three, my Norton gave me a worm message and threw me off the site.

jpr | November 13, 09:59 CET

Bugger I just had it all lock up on me. Spybot just flagged up that brastk.exe. Better do a sweep.

grrrhh

The Do That Girl | November 13, 11:17 CET

Your experiences with this malicious site remind me of why I usually read the Whedonesque comments (i.e., here) before visiting the actual site referenced in the headline!

SteveP | November 13, 12:53 CET

The site appears to have a PDF trojan on it, using the recent Adobe PDF Reader Javascript buffer overflow. It looks like somebody has hacked the site, or web host.

gossi | November 13, 13:10 CET

Well I've removed the link for the time being until someone can give a guarantee that it's now safe.

Simon | November 13, 14:31 CET

The file being dropped is this (link is safe, it's an analysis). It won't hurt Macs, but Windows uses will want to update their antivirus software (or get some if you don't have it) if you visit Whedonopolis.

Edit: Here's the other file.

[ edited by gossi on 2008-11-13 14:42 ]

gossi | November 13, 14:38 CET

I have emailed Brian to about this. If anyone ever has any problem with the working of the site please let me know.

Can someone email me exactly where this is happening [main page, event page, gallery, wherever] so I can tell Brian.
marsia@whedonopolis.com

Marsia | November 13, 18:26 CET

I also want everyone to know we don't use any pop-ups nor PDFs on our site. Nothing should ever be asked to be opened or downloaded.

Please folks let me know where on the site this is happening as I can't get it to do it on my computer.

Marsia | November 13, 18:30 CET

Hey guys, I'm the web admin for Whedonopolis. I'm not finding any PDF in question. Could y'all give me as much information as possible?

Veloxi | November 13, 18:42 CET

I think everything's been given. The name of the file, the two links gossi provided. It appears to be some sort of drive-by download.

The One True b!X | November 13, 18:50 CET

K, I've looked through our code and can't find anything malicious, so I'm unsure why anyone is having this issue. I've run the file in three browsers and have had no issues. I also can't find any reference to doc.pdf in the code. This is weird. I'll be contacting our host to resolve this issue.

Veloxi | November 13, 18:54 CET

The problem has been found and rectified. Thank you.

Veloxi | November 13, 19:32 CET

So it's ok now to put the link back?

Simon | November 13, 19:35 CET

Yes, it's been fixed.

Marsia | November 13, 20:04 CET

Cheers.

Simon | November 13, 20:06 CET

Whedonopolis has made me say awesome more than once. That's awesomer.

Pointy | November 13, 21:54 CET

Whew, thanks for fixing the problem before I clicked on the link.

Loved the write-up!