Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Nov 23 2:12 am)
Norton anti virus see's the virus but 99% ofthe time he can't do anything else than delete the exe file.
And when a exe file like your IE explorer is infected you got real problems.
The to be deleted the exe file can not run.. so while the virus is jumping from exe to exe you can't do anything and hitting the taskmanager to stop exe files running you got the damn virus in the taskmanagers exe aswell.
I had to fix 4 computers in the last 3 days thats being infected ..all needed a full FORMAT.
And i do have to say this is one of the worst virus i encounterd in the last 10 years
Be save with the I net these days DON'T use Peer 2 Peer to people you don't know like kazaa limewire etc etc...
Chris who had one of the 4 computers to fix :{
AND no i did not get it from a peer to peer ...
IF YOU WANT TO CONTACT BAR-CODE SENT A PM to 26FAHRENHEIT "same person"
Chris
Attached Link: http://vil.nai.com/vil/default.aspx
i use McAfee,and it reakons this is a low-threat virus!!! to both home and business users!!! the link is to their virus library search page!! you can also get a free scan there if you don't have McAfee Antivirus(i would recommend getting it though as i have always used it and never had any major problems with any virus!!and they update their dats daily!!!!)I know norton says is a low threat and easy to remove ... yes thats what they say..
When norton find the virus it says :" infection found , acces to file denied , unable to to clean or delete file... so hows that for a low rate virus.
It cannot be removed "clean" from a running exe file the virus.. thats not a low rate virus thats a nasty bugger !
From the moment norton gave me the virus alert popup .. in little more then 20 minutes it infected 80% of the running exe files like Poser IE-explorer explorer itself msn my grafixcard exe the exe file running my drawtablet my soundsystem files etc etc and you normaly run about 20 to 30 exe files in the background in windows.. just hit del,alt,ctrl to see how many you have ...
all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby
Chris
Chris
IF YOU WANT TO CONTACT BAR-CODE SENT A PM to 26FAHRENHEIT "same person"
Chris
Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!
Vince.
Juast a note here as well i guess...CureIt fixes trojans as well...didn't have the current threat [ Win32.polipos ] but to be safe ran Dr.Web's 'lil tool and it found one everything else had missed...and healed it...got my vote...
Once
in a while I look around,
I see
a sound
and
try to write it down
Sometimes
they come out very soft
Tinkling light sound
The Sun comes up again
Ok, this is totally weird!!!
My desktop wasn't infected earlier today, but now it is....well, 6 .exe files anyway... all Daz ones.
I saw that some program at Daz was $1.99 so I went and bought it. I started my download and within a minute I got a window popup telling me that there were 4 infected files in the folder I was saving the download to; the only folder I save my Daz downloads in. Two of these files indicated they were quarantined, and 2 said "infected".
I went to the folder to quarantine the 2 that said infected but were for some reason not quarantined. As soon as I opened it I got another popup telling me that there were 4 more infected files, and again, 2 were quarantined, and 2 were infected.
I stopped the download at this point.
I tried again, and the same thing happened.
I now have a total of 6 quarantined Daz items that are infected but my antivirus can't clean. There are apparently 6 others in that folder that indicated "infected", but when I scanned them individually they came up clean. So I don't know if they are infected or not.
I'm re-organizing my CDs so I currently have other folders with multiple .exe files in them, and I don't get any popup warnings when I open those.
I'm currently doing a full system virus scan and so far with 30,000 files checked (lots more to go), no infections have been found.
I find it very odd that the only folder that so far seems to have a problem is the one I was downloading a new Daz file to.
I have an up-to-date antivirus software (e-Trust Antivirus formerly known as Innoculate-T) with current signatures. It's an excellent and proven antivirus program that has found viruses that programs such as McAffey and "Norton's" have missed.
I have an up-to-date software firewall (e-Trust Firewall), tha I never lower.
I sit behind a Linksys router.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Why the heck am I having to scroll to the right in this thread???!!!! Ther aren't any long links!!
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
That Hexagon2 program.
I never finished downloading it, and it wasn't one of the files flagged by my antivirus.
I just think that it's very weird that I only got notices from my antivirus about infected files in my "Daz Downloads" folder when I was downloading a Daz file into it. And that the only files infected on my computer were Daz .exe ones inside that same folder.
It could be co-incidence, but I'm not downloading that program from there until I know more about what's going on.
I did post this in a Virus thread at Daz in the Commons Forum.
Others in that thread are saying that they got infected after they got an email from Daz with links to the Daz site. Again, it might be co-incidence. But I'm still not going to download that Hexagon program until I know more about the situation.
EDIT: This scrolling to the right is very very very annoying.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Acutally you found a bug. I posted in another thread and they are going to look at the problem. It has something to do with word wrap or something.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
I've been in the computer industry for around 25 years and have never had a virus Until YESTERDAY! I had 2 trojans and have no idea where I got them.
Norton didnt locate them however it did tell me I had been infected but it couldnt fix them. I downloaded the CureIt program and it detected the following trojans on my system.
Trojan.Fakealert and Trojan.LowZones.156
I ended up having to reload my entire system from scratch since the trojans seemed to have taken over my graphics controler options in Win XP Pro and it was time to reload anyway....been to long.
So, 12 hrs later I'm almost back up and running 100%.
What a freakin pain! Just happy I had a backup to reload from.
Clint Hawkins
MarketPlace Manager/Copyright Agent
All my life I've been over the top ... I don't know what I'm doing
... All I know is I don't wana stop!
(Zakk Wylde (2007))
So maybe till this DAZ crisis is resolved maybe we should post a link in the Poser and DAZ related forums to CureIt as it seems to be the answer to a fair number of problems. At least till this clears up. It does seem an efficient app as it found stuff in my system and, even tho I do no Posering or DAZing in my computer graphics, I noticed this thread and ran it as a precaution...
Once
in a while I look around,
I see
a sound
and
try to write it down
Sometimes
they come out very soft
Tinkling light sound
The Sun comes up again
Hi Fixer, I didnt get the one everyone else is talking about. I got Trojan.Fakealert and Trojan.LowZones.156. The Norton site didnt have either of these listed.
I found that to be a bit strange/interesting.
On the bright side. Theres nothing like a freshly loaded system.
Clint Hawkins
MarketPlace Manager/Copyright Agent
All my life I've been over the top ... I don't know what I'm doing
... All I know is I don't wana stop!
(Zakk Wylde (2007))
You know I had loads of problems with Nortons in the past, Fake alerts, missing infections, advancing my clock 100 years [I kid you not] which is why I dumped it a long time ago for AVG which is much more stable and reliable.
maybe this is a Nortons inspired cock up again!!!!
Injustice will be avenged.
Cofiwch Dryweryn.
I didnot want to mention this in a earlyer mail ...but i think and i do say think i got the virus from DAZ.
I downloaded the free frog and the pyton and just after installing them the popup came from Norton
I can't proof this but it has a 90% change thats where i got them from.. they where te only download i did in the passed days that where exe files....
I hope its not because if it was from DAZ lots and lots of people who have no idea they have this virus are online and mailing and sharing things....
Chris
IF YOU WANT TO CONTACT BAR-CODE SENT A PM to 26FAHRENHEIT "same person"
Chris
I think Daz should do a scan of their server. I see in the Daz thread that some have posted that there are other ways of getting infected, but most who are reporting this that I've seen are saying it's been when they were downloading from Daz, or going to links at Daz, and it seems odd that most of the files being affected are Daz files.
I know I'd feel a whole lot better if they did a server scan and then posted that it's clean.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
FWIW, I've downloaded a ton of stuff from DAZ recently, and installed it, and I am not infected.
The "Nuke Anything" extension for Firefox lets you remove long URLs, large images, etc., that stretch the screen. I nuked that block of text in the first message, and the screen now looks fine to me. :-)
Dr.Web Anti-virus protects peer-to-peer networks from a dangerous polymorphic Win32.Polipos
April 19, 2006
Virus monitoring service of Doctor Web, Ltd. warns users of peer-to-peer networks on a dangerous polymorphic virus named Win32.Polipos which emerged around a months ago and is actively propagating in different file sharing networks.
The propagation of Win32.Polipos began in March. It was added to Dr.Web virus base on March 20, 2006 and then it is no longer a danger for users of Dr.Web Anti-virus.
Apart from the complicated polymorphic technique used by the virus writer, the virus also has a dangerous function of “neutralizing" certain antivirus and security programs. Fluently spreading across P2Ps, the virus infiltrates computers connected to these networks and, being run, secretly makes them accessible to public of P2P-networks.
The virus infected Windows executables by writing the code of the polymorphic decoder into unused spaces of code sections, as if “covering the body of the victim with own spots”. When doing this, the virus creates a new section and places there its main encoded code, moving the resource section, if any exists, below. When implanting into a file it does not modify the original entry point, but replaces addresses of calls of API, selected at random, with the start address of the virus.
When the virus is launched, it implants its code into all run processes, except for the following:
savedump, dumprep, dwwin, drwtsn32, drwatson, kernel32.dll
smss, csrss, spoolsv, ctfmon, temp
Thus, several copies of the virus stay in the computer memory, each of them is responsible for a definite activity, for example search for files for infection, infection of files, interaction with P2Ps based on Gnutella networks, etc. Infected files become open for members of this network. Resident copies of Win32.Polipos intercept the following API functions - ExitProcess, CreateProcess, CreateFileA, LoadLibraryExA, SearchPathA, CreateProcessW, CreateFileW, LoadLibraryExW, SearchPathW. When any of these functions is called, new files get infected. When the control is passed to a victimized file with overlays (sfx-archives, installation files , etc.) the virus tries to create the original copy of file in the temporary directory with the name ptf*.tmp and runs it. This is done to evade the integrity check used by certain installers.
The spread of such virus undoubtly caused the anxiety of users of P2Ps and it is strange enough that though the presence in networks of Win32.Polipos is not a secret for anybody for a whole month, Dr.Web Anti-virus has long remained the only anti-virus to detect it.
At the beginning of the epidemics the technical support service of Doctor Web, Ltd. received users’ requests about false alarms to “clean files”. But Dr.Web analysts proved the existence of a new virus. Dr.Web Anti-virus successfully detects different modifications of this complicated polymorphic virus due to the high technological level of the Dr.Web engine.
At present, Virus monitoring service of Doctor Web, Ltd. designed the curing procedure for files infected with Win32.Polipos. It was done for users whose anti-virus programs still do not detect this virus and whose computers, though protected by other anti-virus programs, are infected with the virus and let it infect other computers. The curing technique is rather difficult, as it requires processing of a complicated crypt algorithm XTEA, and the decoding of the virus code can take much time. You should not download any additional curing utilities to cure the infected files, just use Dr.Web Anti-virus and update the virus bases on time.
Attached Link: Nuke Anything
Here's a link to the Nuke Anything extension.It only temporarily removes things, so you'll have to remove it again each time you load the page. Still much better than trying to read this super-wide screen.
Attached Link: http://vil.nai.com/vil/content/v_139296.htm
i don't know if this is any help to those who have this virus but here is a link to info about a variant of polipos(virus) called polip(worm) which tells how to remove, method of infection and stuff!!!specifically which files are being executed!!! but after reading this thread today and then looking it up it sounds like useful info for those affected!!!apparentley just rolling back your system restore should restore any lost files!!!anyway hope it helps someone!!! does Daz need an Exorcist then?Vince.
Hi all first time here and i'm only here because someone pointed this thread out to me.
As one of many that were infected i can honestly tell you that the win32.polipos.A worm is a major threat to systems. It was shutting down networks all around the world. I had 400+ exe files on my system infected and yes my Anti Virus Program picked it up and placed all the files into the quarantine folder. At that time i had no idea about Dr Web so i took the only option i could and that was to format my hard-drive.
Now most of the files that were infected were DAZ files and on the day my Anti Virus program found them i had just downloaded another file from Daz.
The Worm/virus is actually one that sat in the memory, on my computer for sometime and the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.
So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.
I have opinions of my own -- strong
opinions -- but I don't always agree with them.
Quote - Where exactly in the extensions is it located randy?..there are sooo many extensions now its hard to keep up LOL
Type in "nuke" in the search bar on the extension page. It will pull it up for you. Took me awhile to figure out that you don't have to scroll through thousands of extensions to find the one you are looking for and that their search works quite well.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Quote - the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.
So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.
Maybe. However, I also downloaded a few other files from other sites, accepted an attachment of .png files through my email and a .jpg file over MSN. I still find it odd that I only got a popup notification when I was downloading a Daz file into my Daz folder, and that out of all of the .exe files on my computer only Daz .exe files were infected... all which were inside the folder that I was downloading the Daz file to.
Again, like I said it could be co-incidence. But it still raises a red flag for me because it just sounds "too co-incidental".
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Quote - all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby
Chris
Chris
Oh trust me i believe you. I infact watched my AV go crazy with in 20 minutes quarantining all the files that were infected and the one exe file that started it all off was Internet Explorer which i had just opened. Its amazing how quick it infected files.
I have opinions of my own -- strong
opinions -- but I don't always agree with them.
Quote - Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!
Vince.
Vince you have some good suggestions here but there is one problem with some system files which i have found by trying it on my old test computer. You are unable to move them into another folder anywhere on your computer, even if you did make another folder in your system32 folder the file/system wont allow you to move most files.
I don't know win xp that well and i have set it up on my old computer so i can go into things and look around then doing things like you stated without causing major problems to my main computer..
Today my old computer goes back to having win 98SE placed back on it so my neice can use it to play a few small games i have for her
I have opinions of my own -- strong
opinions -- but I don't always agree with them.
Acadia
I also download a file from Daz the day i was infected, i also downloaded 3 other files from other sites one being a well known download site. At first i thought it strange that the only file i had installed and was using before i had the popup from my AV was the Daz file. I also found it strange and still do that most of the files that were infected as well as my system files were the ones in the daz folder where i download my daz files to..
Please don't get me wrong, we could have been infected by files from Daz all i'm saying though is also look at other possibilities.
I have opinions of my own -- strong
opinions -- but I don't always agree with them.
CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.
So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.
~Jani
Renderosity Community Admin
---------------------------------------
I've been at Daz reading about this in the Commons forum. Here's what Khai had to say...
OK
I've been hit as well. go here - http://download.drweb.com/drweb+cureit/ grab the Free program and run a scan. it will cure or quarintine the affected files.
no need to reformat / reinstall (unless you really want to, but trust me, you don't have to)
this ain't that bad. btw F-prot will detect it, Dr Web will cure it. other AV's checking atm, but AVG don't nail it (yet)
Khai also goes on to say:
tip
keep a floppy start disk with CDrom drivers
or have a Booting CD that will let you access your drives..
I have those handy in my kit. tho, soon I hope to make a USB version...
plus speaking from years of fixing this kinda thing, no. you did'nt have to format. infected or not, you can still disinfect a machine even if the explorer.exe is infected. trust me on that..
My idea of rebooting is kicking somebody in the butt twice!
Quote - CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.
So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.
Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.
I have opinions of my own -- strong
opinions -- but I don't always agree with them.
If people are just getting this now en mass... I suspect Daz themselves is infected. If not, then another theory... -> As this virus can travel through IM services like 'windows IM' and MSN chat, you can get it without even doing anything other than turning on your computer... If you don't firewall block or remove Windows IM, it will connect itself and run around on its own... So it would be very easy for a business like Daz to get it. Likewise for any of us.
Truth has no value without backing by unfounded belief.
Renderosity
Gallery
Quote - Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.
IE uses Active X. That can allow things on the net to access your hard drive - run, modify, or even delte files on your harddrive. Such programs can be trigged by something as 'innocent seeming' as characters in a URL telling a server to 'run application X' which then runs out to your hard drive and goes to town. Active X does let you do a few 'neat things', like check out all of a user's stored credit cards and passwords and mail them off to you ( :) ) [what they called -push technology- back when they kicked it off in 96 or 97 or so, but it is not generally a wise thing to let loose... All you would need is for IE to tell your computer to run 'windows IM' and use that to connect to 'point X' where a copy of this thing is waiting to be downloaded and installed on your system... This is one in a long list of reasons to not use IE. Likewise you should have a firewall on your system other than Windoes firewall, as Windows lets 'friends of Bill Gates' through your firewall... (well, not literally proven, but I wouldn't trust it - there is a lot of money to be made by 'co called legit business' in being able to get into your machine without your permission, and they can point to licenses you 'agreed to' in buying software to legally shield them - a hacker could explout the same set of 'backdoors'. Further... disable all those instant message apps... Or just accept getting a virus now and then.
Truth has no value without backing by unfounded belief.
Renderosity
Gallery
This is one of the reasons I refuse to go back to IE..too many doors open, and too many downloads going on behind ones back...
I haven't been over to Daz {shudder} not sure I want to go there at this point and time..never know whats actually infected..could be something embedded in a page or anything....I 'do' know, that everyone who has gotten this thing has said something about a link in an email from Daz..or about downloading something from there...
Does anyone know if Daz has addressed this issue? Have they scanned any of their servers or anything?
~Jani
Renderosity Community Admin
---------------------------------------
Probably not. All it takes is one employee using an instant messenger app while at work. Something totally innocent like seeing who's picking up the kids from day care tomorrow, or should you get milk and eggs at the safeway on the way home tonight, could infect the entire company...
Truth has no value without backing by unfounded belief.
Renderosity
Gallery
It's still not proven that DAZ is the source. Could be just coincidence. I wouldn't think downloading a file from DAZ or clicking on a link from them could spread the infection. It was likely the browser or e-mail program that was infected, if the warning popped up when you were downloading files, clicking links, or reading e-mail.
Daz is actually ideal for the spread of this. Daz works in 'exe' downloads, and this virus spreads through hiding inside of exes.
Truth has no value without backing by unfounded belief.
Renderosity
Gallery
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
I received this message earlier and was wondering if anyone knows anything about this?? Here is the message I received: