Mon, Nov 25, 9:59 AM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 23 2:12 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Virus???


  • 1
  • 2
Digitell ( ) posted Thu, 27 April 2006 at 5:30 PM · edited Sat, 23 November 2024 at 8:50 AM

I received this message earlier and was wondering if anyone knows anything about this?? Here is the message I received:

 

Instant Message from elvenesque: Hi,

Win32.polipos virus is thus far undetectable by most virus software. Goto the following and download and install it. It will remove this vicious virus from your system if it is present. And it's FREE

http://download.drweb.com/drweb+cureit/

It attacks mainly EXE files on your system. So you can't ignore this warning. If you do not have it you soon will have. As none of the bigger virus companies have devised an inoculation. It has already caused major system failure for many artists on R'osity.

Please pass this info onto everyone you know that has a computer connected to the internet.

Kind regards,

Lee
elvenesque




BAR-CODE ( ) posted Thu, 27 April 2006 at 5:39 PM · edited Thu, 27 April 2006 at 5:44 PM

Norton anti virus see's the virus but 99% ofthe time he can't do anything else than delete the exe file.

And when a exe file like your IE explorer is infected you got real problems.

The to be deleted the exe file can not run.. so while the virus is jumping from exe to exe you can't do anything and hitting the taskmanager to stop exe files running you got the damn virus in the taskmanagers exe aswell.

I had to fix 4 computers in the last 3 days thats being infected ..all needed a full FORMAT.

And i do have to say this is one of the worst virus i encounterd in the last 10 years

Be save with the I net these days DON'T use Peer 2 Peer to people you don't know like kazaa limewire etc etc...

Chris who had one of the 4 computers to fix  :{

AND no i did not get it from a peer to peer ...

 

IF YOU WANT TO CONTACT BAR-CODE SENT A  PM to 26FAHRENHEIT  "same person"

Chris

 


My Free Stuff



vince3 ( ) posted Thu, 27 April 2006 at 5:58 PM

Attached Link: http://vil.nai.com/vil/default.aspx

i use McAfee,and it reakons this is a low-threat virus!!! to both home and business users!!! the link is to their virus library search page!! you can also get a free scan there if you don't have McAfee Antivirus(i would recommend getting it though as i have always used it and never had any major problems with any virus!!and they update their dats daily!!!!)


BAR-CODE ( ) posted Thu, 27 April 2006 at 6:10 PM

I know norton says is a low threat and easy to remove ... yes thats what they say..

When norton find the virus it says :" infection found , acces to file denied , unable to to clean or delete file... so hows that for a low rate virus.

It cannot be removed "clean" from a running exe file the virus.. thats not a low rate virus thats a nasty bugger !

From the moment norton gave me the virus alert popup .. in little more then 20 minutes it infected 80% of the running exe files like Poser IE-explorer explorer itself msn my grafixcard exe the exe file running my drawtablet my soundsystem files etc etc and you normaly run about 20 to 30 exe files in the background in windows.. just hit del,alt,ctrl to see how many you have ... 

all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby

Chris

Chris

 

 

IF YOU WANT TO CONTACT BAR-CODE SENT A  PM to 26FAHRENHEIT  "same person"

Chris

 


My Free Stuff



vince3 ( ) posted Thu, 27 April 2006 at 6:52 PM

Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!

Vince.


Jumpstartme2 ( ) posted Thu, 27 April 2006 at 8:20 PM

For some odd reason Im having to scroll to the right to read all of this thread...anyone see a 'return' around here?

~Jani

Renderosity Community Admin
---------------------------------------




iloco ( ) posted Thu, 27 April 2006 at 9:12 PM

Same for me.  I am having to scroll in this thread.
  I am using a resolution set at 1024 X 768.

ïÏøçö


kyhighlander59 ( ) posted Thu, 27 April 2006 at 10:09 PM

Norton's AV only finds about 30% of the infected files. Cureit finds many more and removes it, so you don't loose your DAZ3D files. I wish DAZ would move to .ZIP like everyone else. Much safer.

 

KY


bobbystahr ( ) posted Thu, 27 April 2006 at 11:46 PM

Juast a note here as well i guess...CureIt fixes trojans as well...didn't have the current threat [ Win32.polipos ] but to be safe ran Dr.Web's 'lil tool and it found one everything else had missed...and healed it...got my vote...

 

Once in a while I look around,
I see a sound
and try to write it down
Sometimes they come out very soft
Tinkling light sound
The Sun comes up again



 

 

 

 

 


Acadia ( ) posted Thu, 27 April 2006 at 11:47 PM · edited Thu, 27 April 2006 at 11:55 PM

Ok, this is totally weird!!!

My desktop wasn't infected earlier today, but now it is....well, 6 .exe files anyway... all Daz ones.

I saw that some program at Daz was $1.99 so I went and bought it. I started my download and within a minute I got a window popup telling me that there were 4 infected files in the folder I was saving the download to; the only folder I save  my Daz downloads in. Two of these files indicated they were quarantined, and 2 said "infected".

I went to the folder to quarantine the 2 that said infected but were for some reason not quarantined. As soon as I  opened it I got another popup telling me that there were 4 more infected files, and again, 2 were quarantined, and 2 were infected. 

I stopped the download at this point.

I tried again, and the same thing happened. 

I now have a total of 6 quarantined Daz items that are infected but my antivirus can't clean.  There are apparently 6 others in that folder that indicated "infected", but when I scanned them individually they came up clean.  So I don't know if they are infected or not.

I'm re-organizing my CDs so I currently have other folders with multiple .exe files in them, and I don't get any popup warnings when I open those.

I'm currently doing a full system virus scan and so far with 30,000 files checked (lots more to go), no infections have been found.

I find it very odd that the only folder that so far seems to have a problem is the one I was downloading a new Daz file to.  

I have an up-to-date antivirus software  (e-Trust Antivirus formerly known as Innoculate-T) with current signatures.  It's an excellent and proven antivirus program that has found viruses that programs such as McAffey and "Norton's" have missed.

I have an up-to-date software firewall (e-Trust Firewall), tha I never lower.

I sit behind a Linksys router.

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



Acadia ( ) posted Thu, 27 April 2006 at 11:52 PM

Why the heck am I having to scroll to the right in this thread???!!!!  Ther aren't any long links!!

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



Jumpstartme2 ( ) posted Fri, 28 April 2006 at 2:26 AM · edited Fri, 28 April 2006 at 2:28 AM

Quote - I saw that some program at Daz was $1.99 so I went and bought it.

Has Daz been informed of these files? Acadia, what 'program' did you buy?

~Jani

Renderosity Community Admin
---------------------------------------




Acadia ( ) posted Fri, 28 April 2006 at 6:07 AM · edited Fri, 28 April 2006 at 6:09 AM

That Hexagon2  program. 

I never finished downloading it, and it wasn't one of the files flagged by my antivirus.

I just think that it's  very weird  that I only got notices from my antivirus about  infected files in my "Daz Downloads" folder  when I was downloading a Daz file into it. And that the only files infected on my computer were Daz .exe ones inside that same folder.

It could be co-incidence, but I'm not downloading that program from there until I know more about what's going on.

I did post this in a Virus thread at Daz in the Commons Forum.

Others in that thread are saying that they got infected after they got an email from Daz with links to the  Daz site.  Again, it might be co-incidence. But I'm still not going to download that Hexagon program until I know more about the situation.

EDIT:  This scrolling to the right is very very very annoying.

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



vince3 ( ) posted Fri, 28 April 2006 at 6:16 AM

sorry Acadia!! i did originally have a long link-to,but it didn't work!!! have i gone and broken the forums now!!!(please insert embaressed smiley here)


Acadia ( ) posted Fri, 28 April 2006 at 6:22 AM

Acutally you found a bug.  I posted in another thread and they are going to look at the problem. It has something to do with word wrap or something.

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



ClintH ( ) posted Fri, 28 April 2006 at 8:41 AM

I've been in the computer industry for around 25 years and have never had a virus Until YESTERDAY! I had 2 trojans and have no idea where I got them.

Norton didnt locate them however it did tell me I had been infected but it couldnt fix them. I downloaded the CureIt program and it detected the following trojans on my system.

Trojan.Fakealert and Trojan.LowZones.156

I ended up having to reload my entire system from scratch since the trojans seemed to have taken over my graphics controler options in Win XP Pro and it was time to reload anyway....been to long.

So, 12 hrs later I'm almost back up and running 100%.

What a freakin pain! Just happy I had a backup to reload from.  👍

Clint Hawkins
MarketPlace Manager/Copyright Agent



All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))



bobbystahr ( ) posted Fri, 28 April 2006 at 9:21 AM

So maybe till this DAZ crisis is resolved maybe we should post a link in the Poser and DAZ related forums to CureIt as it seems to be the answer to a fair number of problems. At least till this clears up. It does seem an efficient app as it found stuff in my system and, even tho I do no Posering or DAZing in my computer graphics, I noticed this thread and ran it as a precaution...

 

 

Once in a while I look around,
I see a sound
and try to write it down
Sometimes they come out very soft
Tinkling light sound
The Sun comes up again



 

 

 

 

 


thefixer ( ) posted Fri, 28 April 2006 at 12:22 PM

AVG anti virus isn't showing this as a threat and their web site doesn't show it as listed in their virus database!

When did this appear???

Injustice will be avenged.
Cofiwch Dryweryn.


ClintH ( ) posted Fri, 28 April 2006 at 12:38 PM

Hi Fixer, I didnt get the one everyone else is talking about. I got Trojan.Fakealert and Trojan.LowZones.156. The Norton site didnt have either of these listed.

I found that to be a bit strange/interesting.

On the bright side. Theres nothing like a freshly loaded system.  😄

Clint Hawkins
MarketPlace Manager/Copyright Agent



All my life I've been over the top ... I don't know what I'm doing ... All I know is I don't wana stop!
(Zakk Wylde (2007))



thefixer ( ) posted Fri, 28 April 2006 at 12:47 PM

You know I had loads of problems with Nortons in the past, Fake alerts, missing infections, advancing my clock 100 years [I kid you not] which is why I dumped it a long time ago for AVG which is much more stable and reliable.

maybe this is a Nortons inspired cock up again!!!!

Injustice will be avenged.
Cofiwch Dryweryn.


BAR-CODE ( ) posted Fri, 28 April 2006 at 1:37 PM

I didnot want to mention this in a earlyer mail ...but i think and i do say think i got the virus from DAZ.

I downloaded the free frog and the pyton and just after installing them the popup came from Norton

I can't proof this but it has a 90% change thats where i got them from.. they where te only download i did in the passed days that where exe files....

I hope its not because if it was from DAZ lots and lots of people who have no idea they have this virus are online and mailing and sharing things....

Chris

 

IF YOU WANT TO CONTACT BAR-CODE SENT A  PM to 26FAHRENHEIT  "same person"

Chris

 


My Free Stuff



Acadia ( ) posted Fri, 28 April 2006 at 2:09 PM

I think Daz should do a scan of their server.  I see in the Daz thread that some have posted that there  are other ways of getting infected, but most who are reporting this that I've seen are saying it's been when they were downloading from Daz, or going to links at Daz, and it seems odd that most of the files being affected are Daz files.

I know I'd feel a whole lot better if they did a server scan and then posted that it's clean. 

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



thefixer ( ) posted Fri, 28 April 2006 at 2:19 PM

Maybe an "anti DAZ" hacker has got in there as a way of damaging the company!!

Injustice will be avenged.
Cofiwch Dryweryn.


Jumpstartme2 ( ) posted Fri, 28 April 2006 at 2:38 PM

I agree, Daz needs to check their servers...

And somebody needs to seriously do something about this thread scrolling :glare:

~Jani

Renderosity Community Admin
---------------------------------------




thefixer ( ) posted Fri, 28 April 2006 at 2:40 PM · edited Fri, 28 April 2006 at 2:41 PM

Yea! What's with having to  scroll to the right like this????

Really crap!!

:cursing:

Injustice will be avenged.
Cofiwch Dryweryn.


williamsn ( ) posted Fri, 28 April 2006 at 4:07 PM

The scrolling is probably because digitell used

 tags. That will prevent a line from wrapping, which will expand the page. Nicholas
						

-Nicholas


Jumpstartme2 ( ) posted Fri, 28 April 2006 at 4:46 PM

Ummmm...ok..can anyone take those tags out and repost the original?

~Jani

Renderosity Community Admin
---------------------------------------




randym77 ( ) posted Fri, 28 April 2006 at 5:09 PM

FWIW, I've downloaded a ton of stuff from DAZ recently, and installed it, and I am not infected. 

The "Nuke Anything" extension for Firefox lets you remove long URLs, large images, etc., that stretch the screen.  I nuked that block of text in the first message, and the screen now looks fine to me.  :-)


Jumpstartme2 ( ) posted Fri, 28 April 2006 at 5:25 PM

Where exactly in the extensions is it located randy?..there are sooo many extensions now its hard to keep up LOL

~Jani

Renderosity Community Admin
---------------------------------------




Richardphotos ( ) posted Fri, 28 April 2006 at 5:44 PM

Dr.Web Anti-virus protects peer-to-peer networks from a dangerous polymorphic Win32.Polipos 

April 19, 2006

Virus monitoring service of Doctor Web, Ltd. warns users of peer-to-peer networks on a dangerous polymorphic virus named Win32.Polipos which emerged around a months ago and is actively propagating in different file sharing networks.

The propagation of Win32.Polipos began in March. It was added to Dr.Web virus base on March 20, 2006 and then it is no longer a danger for users of Dr.Web Anti-virus.

Apart from the complicated polymorphic technique used by the virus writer, the virus also has a dangerous function of “neutralizing" certain antivirus and security programs. Fluently spreading across P2Ps, the virus infiltrates computers connected to these networks and, being run, secretly makes them accessible to public of P2P-networks.

The virus infected Windows executables by writing the code of the polymorphic decoder into unused spaces of code sections, as if “covering the body of the victim with own spots”. When doing this, the virus creates a new section and places there its main encoded code, moving the resource section, if any exists, below. When implanting into a file it does not modify the original entry point, but replaces addresses of calls of API, selected at random, with the start address of the virus.

When the virus is launched, it implants its code into all run processes, except for the following:

savedump, dumprep, dwwin, drwtsn32, drwatson, kernel32.dll
smss, csrss, spoolsv, ctfmon, temp

Thus, several copies of the virus stay in the computer memory, each of them is responsible for a definite activity, for example search for files for infection, infection of files, interaction with P2Ps based on Gnutella networks, etc. Infected files become open for members of this network. Resident copies of Win32.Polipos intercept the following API functions - ExitProcess, CreateProcess, CreateFileA, LoadLibraryExA, SearchPathA, CreateProcessW, CreateFileW, LoadLibraryExW, SearchPathW. When any of these functions is called, new files get infected. When the control is passed to a victimized file with overlays (sfx-archives, installation files , etc.) the virus tries to create the original copy of file in the temporary directory with the name ptf*.tmp and runs it. This is done to evade the integrity check used by certain installers.

The spread of such virus undoubtly caused the anxiety of users of P2Ps and it is strange enough that though the presence in networks of Win32.Polipos is not a secret for anybody for a whole month, Dr.Web Anti-virus has long remained the only anti-virus to detect it.

At the beginning of the epidemics the technical support service of Doctor Web, Ltd. received users’ requests about false alarms to “clean files”. But Dr.Web analysts proved the existence of a new virus. Dr.Web Anti-virus successfully detects different modifications of this complicated polymorphic virus due to the high technological level of the Dr.Web engine.

At present, Virus monitoring service of Doctor Web, Ltd. designed the curing procedure for files infected with Win32.Polipos. It was done for users whose anti-virus programs still do not detect this virus and whose computers, though protected by other anti-virus programs, are infected with the virus and let it infect other computers. The curing technique is rather difficult, as it requires processing of a complicated crypt algorithm XTEA, and the decoding of the virus code can take much time. You should not download any additional curing utilities to cure the infected files, just use Dr.Web Anti-virus and update the virus bases on time.


randym77 ( ) posted Fri, 28 April 2006 at 6:20 PM

Attached Link: Nuke Anything

Here's a link to the Nuke Anything extension.

It only temporarily removes things, so  you'll have to remove it again each time you load the page.  Still much better than trying to read this super-wide screen.


Jumpstartme2 ( ) posted Fri, 28 April 2006 at 6:31 PM · edited Fri, 28 April 2006 at 6:31 PM

Thanks for the link but now I see that once I come to this second page..the text is fine and no more scrolling :D

~Jani

Renderosity Community Admin
---------------------------------------




vince3 ( ) posted Fri, 28 April 2006 at 6:41 PM

Attached Link: http://vil.nai.com/vil/content/v_139296.htm

i don't know if this is any help to those who have this virus but here is a link to info about a variant of polipos(virus) called polip(worm) which tells how to remove, method of infection and stuff!!!specifically which files are being executed!!! but after reading this thread today and then looking it up it sounds like useful info for those affected!!!apparentley just rolling back your system restore should restore any lost files!!!anyway hope it helps someone!!! does Daz need an Exorcist then?

Vince.


CrazyDawg ( ) posted Fri, 28 April 2006 at 9:46 PM

Hi all first time here and i'm only here because someone pointed this thread out to me.

As one of many that were infected i can honestly tell you that the win32.polipos.A worm is a major threat to systems. It was shutting down networks all around the world. I had 400+ exe files on my system infected and yes my Anti Virus Program picked it up and placed all the files into the quarantine folder. At that time i had no idea about Dr Web so i took the only option i could and that was to format my hard-drive.

Now most of the files that were infected were DAZ files and on the day my Anti Virus program found them i had just downloaded another file from Daz.

The Worm/virus is actually one that sat in the memory, on my computer for sometime and the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.

So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



Acadia ( ) posted Fri, 28 April 2006 at 10:13 PM

Quote - Where exactly in the extensions is it located randy?..there are sooo many extensions now its hard to keep up LOL

Type in "nuke" in the search bar on the extension page.  It will pull it up for you.  Took me awhile to figure out that you don't have to scroll through thousands of extensions to find the one you are looking for and that their search works quite well.

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



Acadia ( ) posted Fri, 28 April 2006 at 10:34 PM

Quote - the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.

So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.

Maybe. However, I also downloaded a few other files from other sites, accepted an attachment of .png files through my email and a .jpg file over MSN.  I still find it odd that I only got a popup notification when I was downloading a Daz file into my Daz folder, and that  out of all of the .exe files on my computer only Daz .exe files were infected... all which were inside the folder that I was downloading the Daz file to.

Again, like I said it could be co-incidence.  But it still raises a red flag for me because it just sounds "too co-incidental".

"It is good to see ourselves as others see us. Try as we may, we are never
able to know ourselves fully as we are, especially the evil side of us.
This we can do only if we are not angry with our critics but will take in good
heart whatever they might have to say." - Ghandi



CrazyDawg ( ) posted Fri, 28 April 2006 at 10:35 PM

Quote - all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby

Chris

Chris

Oh trust me i believe you. I infact watched my AV go crazy with in 20 minutes quarantining all the files that were infected and the one exe file that started it all off was Internet Explorer which i had just opened. Its amazing how quick it infected files.

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



CrazyDawg ( ) posted Fri, 28 April 2006 at 10:44 PM

Quote - Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!

Vince.

 

Vince you have some good suggestions here but there is one problem with some system files which i have found by trying it on my old test computer. You are unable to move them into another folder anywhere on your computer, even if you did make another folder in your system32 folder the file/system wont allow you to move most files.

I don't know win xp that well and i have set it up on my old computer so i can go into things and look around then doing things like you stated without causing major problems to my main computer..

Today my old computer goes back to having win 98SE placed back on it so my neice can use it to play a few small games i have for her 😄

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



CrazyDawg ( ) posted Fri, 28 April 2006 at 11:11 PM

Acadia
I also download a file from Daz the day i was infected, i also downloaded 3 other files from other sites one being a well known download site. At first i thought it strange that the only file i had installed and was using before i had the popup from my AV was the Daz file. I also found it strange and still do that most of the files that were infected as well as my system files were the ones in the daz folder where i download my daz files to..

Please don't get me wrong, we could have been infected by files from Daz all i'm saying though is also look at other possibilities.

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



Jumpstartme2 ( ) posted Sat, 29 April 2006 at 4:13 AM

CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.

So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.

~Jani

Renderosity Community Admin
---------------------------------------




rockets ( ) posted Sat, 29 April 2006 at 7:00 AM

I've been at Daz reading about this in the Commons forum. Here's what Khai had to say...

OK

I've been hit as well. go here - http://download.drweb.com/drweb+cureit/ grab the Free program and run a scan. it will cure or quarintine the affected files.

no need to reformat / reinstall (unless you really want to, but trust me, you don't have to)

this ain't that bad. btw F-prot will detect it, Dr Web will cure it. other AV's checking atm, but AVG don't nail it (yet)

Khai also goes on to say:

tip
keep a floppy start disk with CDrom drivers
or have a Booting CD that will let you access your drives..

I have those handy in my kit. tho, soon I hope to make a USB version...

plus speaking from years of fixing this kinda thing, no. you did'nt have to format. infected or not, you can still disinfect a machine even if the explorer.exe is infected. trust me on that..

My idea of rebooting is kicking somebody in the butt twice!


CrazyDawg ( ) posted Sat, 29 April 2006 at 8:57 AM

Quote - CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.

So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.

 

Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.

 

I have opinions of my own -- strong opinions -- but I don't always agree with them.


 



arcady ( ) posted Sat, 29 April 2006 at 2:13 PM · edited Sat, 29 April 2006 at 2:14 PM

If people are just getting this now en mass... I suspect Daz themselves is infected. If not, then another theory... -> As this virus can travel through IM services like 'windows IM' and MSN chat, you can get it without even doing anything other than turning on your computer... If you don't firewall block or remove Windows IM, it will connect itself and run around on its own... So it would be very easy for a business like Daz to get it. Likewise for any of us.

Truth has no value without backing by unfounded belief.
Renderosity Gallery


arcady ( ) posted Sat, 29 April 2006 at 2:24 PM

Quote - Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.

 

IE uses Active X. That can allow things on the net to access your hard drive - run, modify, or even delte files on your harddrive. Such programs can be trigged by something as 'innocent seeming' as characters in a URL telling a server to 'run application X' which then runs out to your hard drive and goes to town. Active X does let you do a few 'neat things', like check out all of a user's stored credit cards and passwords and mail them off to you ( :) ) [what they called -push technology- back when they kicked it off in 96 or 97 or so, but it is not generally a wise thing to let loose... All you would need is for IE to tell your computer to run 'windows IM' and use that to connect to 'point X' where a copy of this thing is waiting to be downloaded and installed on your system... This is one in a long list of reasons to not use IE. Likewise you should have a firewall on your system other than Windoes firewall, as Windows lets 'friends of Bill Gates' through your firewall... (well, not literally proven, but I wouldn't trust it - there is a lot of money to be made by 'co called legit business' in being able to get into your machine without your permission, and they can point to licenses you 'agreed to' in buying software to legally shield them - a hacker could explout the same set of 'backdoors'. Further... disable all those instant message apps... Or just accept getting a virus now and then.

Truth has no value without backing by unfounded belief.
Renderosity Gallery


Jumpstartme2 ( ) posted Sat, 29 April 2006 at 3:46 PM

This is one of the reasons I refuse to go back to IE..too many doors open, and too many downloads going on behind ones back...

I haven't been over to Daz {shudder} not sure I want to go there at this point and time..never know whats actually infected..could be something embedded in a page or anything....I 'do' know, that everyone who has gotten this thing has said something about a link in an email from Daz..or about downloading something from there...

Does anyone know if  Daz has addressed this issue? Have they scanned any of their servers or anything?

~Jani

Renderosity Community Admin
---------------------------------------




kyhighlander59 ( ) posted Sat, 29 April 2006 at 3:50 PM

Looks to me as though Daz has an enemy that has targetted them.

 

KY


Jumpstartme2 ( ) posted Sat, 29 April 2006 at 4:00 PM

I agree...Im wondering now if it could be someone 'within' Daz thats miffed about something...

~Jani

Renderosity Community Admin
---------------------------------------




arcady ( ) posted Sat, 29 April 2006 at 4:08 PM · edited Sat, 29 April 2006 at 4:09 PM

Probably not. All it takes is one employee using an instant messenger app while at work. Something totally innocent like seeing who's picking up the kids from day care tomorrow, or should you get milk and eggs at the safeway on the way home tonight, could infect the entire company...

Truth has no value without backing by unfounded belief.
Renderosity Gallery


randym77 ( ) posted Sat, 29 April 2006 at 4:30 PM

It's still not proven that DAZ is the source.  Could be just coincidence.  I wouldn't think downloading a file from DAZ or clicking on a link from them could spread the infection.  It was likely the browser or e-mail program that was infected, if the warning popped up when you were downloading files, clicking links, or reading e-mail.


arcady ( ) posted Sat, 29 April 2006 at 5:17 PM

Daz is actually ideal for the spread of this. Daz works in 'exe' downloads, and this virus spreads through hiding inside of exes.

Truth has no value without backing by unfounded belief.
Renderosity Gallery


randym77 ( ) posted Sat, 29 April 2006 at 5:23 PM · edited Sat, 29 April 2006 at 5:25 PM

Yes, that's true.  I said so myself.

But that doesn't mean that that's what's happening. 

I am clean, even though I've downloaded and installed a ton of stuff from DAZ over the past few weeks. 


  • 1
  • 2

Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.