I received this message earlier and was wondering if anyone knows anything about this?? Here is the message I received:

Instant Message from elvenesque: Hi,

Win32.polipos virus is thus far undetectable by most virus software. Goto the following and download and install it. It will remove this vicious virus from your system if it is present. And it's FREE

http://download.drweb.com/drweb+cureit/

It attacks mainly EXE files on your system. So you can't ignore this warning. If you do not have it you soon will have. As none of the bigger virus companies have devised an inoculation. It has already caused major system failure for many artists on R'osity.

Please pass this info onto everyone you know that has a computer connected to the internet.

Kind regards,

Lee
elvenesque

Norton anti virus see's the virus but 99% ofthe time he can't do anything else than delete the exe file.

And when a exe file like your IE explorer is infected you got real problems.

The to be deleted the exe file can not run.. so while the virus is jumping from exe to exe you can't do anything and hitting the taskmanager to stop exe files running you got the damn virus in the taskmanagers exe aswell.

I had to fix 4 computers in the last 3 days thats being infected ..all needed a full FORMAT.

And i do have to say this is one of the worst virus i encounterd in the last 10 years

Be save with the I net these days DON'T use Peer 2 Peer to people you don't know like kazaa limewire etc etc...

Chris who had one of the 4 computers to fix  :{

AND no i did not get it from a peer to peer ...

Attached Link: http://vil.nai.com/vil/default.aspx

I know norton says is a low threat and easy to remove ... yes thats what they say..

When norton find the virus it says :" infection found , acces to file denied , unable to to clean or delete file... so hows that for a low rate virus.

It cannot be removed "clean" from a running exe file the virus.. thats not a low rate virus thats a nasty bugger !

From the moment norton gave me the virus alert popup .. in little more then 20 minutes it infected 80% of the running exe files like Poser IE-explorer explorer itself msn my grafixcard exe the exe file running my drawtablet my soundsystem files etc etc and you normaly run about 20 to 30 exe files in the background in windows.. just hit del,alt,ctrl to see how many you have ... 

all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby

Chris

Chris

Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!

Vince.

For some odd reason Im having to scroll to the right to read all of this thread...anyone see a 'return' around here?

Same for me.  I am having to scroll in this thread.
  I am using a resolution set at 1024 X 768.

Norton's AV only finds about 30% of the infected files. Cureit finds many more and removes it, so you don't loose your DAZ3D files. I wish DAZ would move to .ZIP like everyone else. Much safer.

KY

Juast a note here as well i guess...CureIt fixes trojans as well...didn't have the current threat [ Win32.polipos ] but to be safe ran Dr.Web's 'lil tool and it found one everything else had missed...and healed it...got my vote...

Ok, this is totally weird!!!

My desktop wasn't infected earlier today, but now it is....well, 6 .exe files anyway... all Daz ones.

I saw that some program at Daz was $1.99 so I went and bought it. I started my download and within a minute I got a window popup telling me that there were 4 infected files in the folder I was saving the download to; the only folder I save  my Daz downloads in. Two of these files indicated they were quarantined, and 2 said "infected".

I went to the folder to quarantine the 2 that said infected but were for some reason not quarantined. As soon as I  opened it I got another popup telling me that there were 4 more infected files, and again, 2 were quarantined, and 2 were infected. 

I stopped the download at this point.

I tried again, and the same thing happened. 

I now have a total of 6 quarantined Daz items that are infected but my antivirus can't clean.  There are apparently 6 others in that folder that indicated "infected", but when I scanned them individually they came up clean.  So I don't know if they are infected or not.

I'm re-organizing my CDs so I currently have other folders with multiple .exe files in them, and I don't get any popup warnings when I open those.

I'm currently doing a full system virus scan and so far with 30,000 files checked (lots more to go), no infections have been found.

I find it very odd that the only folder that so far seems to have a problem is the one I was downloading a new Daz file to.  

I have an up-to-date antivirus software  (e-Trust Antivirus formerly known as Innoculate-T) with current signatures.  It's an excellent and proven antivirus program that has found viruses that programs such as McAffey and "Norton's" have missed.

I have an up-to-date software firewall (e-Trust Firewall), tha I never lower.

I sit behind a Linksys router.

Why the heck am I having to scroll to the right in this thread???!!!!  Ther aren't any long links!!

Quote - I saw that some program at Daz was $1.99 so I went and bought it.

Has Daz been informed of these files? Acadia, what 'program' did you buy?

That Hexagon2  program. 

I never finished downloading it, and it wasn't one of the files flagged by my antivirus.

I just think that it's  very weird  that I only got notices from my antivirus about  infected files in my "Daz Downloads" folder  when I was downloading a Daz file into it. And that the only files infected on my computer were Daz .exe ones inside that same folder.

It could be co-incidence, but I'm not downloading that program from there until I know more about what's going on.

I did post this in a Virus thread at Daz in the Commons Forum.

Others in that thread are saying that they got infected after they got an email from Daz with links to the  Daz site.  Again, it might be co-incidence. But I'm still not going to download that Hexagon program until I know more about the situation.

EDIT:  This scrolling to the right is very very very annoying.

sorry Acadia!! i did originally have a long link-to,but it didn't work!!! have i gone and broken the forums now!!!(please insert embaressed smiley here)

Acutally you found a bug.  I posted in another thread and they are going to look at the problem. It has something to do with word wrap or something.

I've been in the computer industry for around 25 years and have never had a virus Until YESTERDAY! I had 2 trojans and have no idea where I got them.

Norton didnt locate them however it did tell me I had been infected but it couldnt fix them. I downloaded the CureIt program and it detected the following trojans on my system.

Trojan.Fakealert and Trojan.LowZones.156

I ended up having to reload my entire system from scratch since the trojans seemed to have taken over my graphics controler options in Win XP Pro and it was time to reload anyway....been to long.

So, 12 hrs later I'm almost back up and running 100%.

What a freakin pain! Just happy I had a backup to reload from. 

So maybe till this DAZ crisis is resolved maybe we should post a link in the Poser and DAZ related forums to CureIt as it seems to be the answer to a fair number of problems. At least till this clears up. It does seem an efficient app as it found stuff in my system and, even tho I do no Posering or DAZing in my computer graphics, I noticed this thread and ran it as a precaution...

AVG anti virus isn't showing this as a threat and their web site doesn't show it as listed in their virus database!

When did this appear???

Hi Fixer, I didnt get the one everyone else is talking about. I got Trojan.Fakealert and Trojan.LowZones.156. The Norton site didnt have either of these listed.

I found that to be a bit strange/interesting.

On the bright side. Theres nothing like a freshly loaded system. 

You know I had loads of problems with Nortons in the past, Fake alerts, missing infections, advancing my clock 100 years [I kid you not] which is why I dumped it a long time ago for AVG which is much more stable and reliable.

maybe this is a Nortons inspired cock up again!!!!

I didnot want to mention this in a earlyer mail ...but i think and i do say think i got the virus from DAZ.

I downloaded the free frog and the pyton and just after installing them the popup came from Norton

I can't proof this but it has a 90% change thats where i got them from.. they where te only download i did in the passed days that where exe files....

I hope its not because if it was from DAZ lots and lots of people who have no idea they have this virus are online and mailing and sharing things....

Chris

I think Daz should do a scan of their server.  I see in the Daz thread that some have posted that there  are other ways of getting infected, but most who are reporting this that I've seen are saying it's been when they were downloading from Daz, or going to links at Daz, and it seems odd that most of the files being affected are Daz files.

I know I'd feel a whole lot better if they did a server scan and then posted that it's clean. 

Maybe an "anti DAZ" hacker has got in there as a way of damaging the company!!

I agree, Daz needs to check their servers...

And somebody needs to seriously do something about this thread scrolling :glare:

Yea! What's with having to  scroll to the right like this????

Really crap!!

:cursing:

The scrolling is probably because digitell used

Ummmm...ok..can anyone take those tags out and repost the original?

FWIW, I've downloaded a ton of stuff from DAZ recently, and installed it, and I am not infected. 

The "Nuke Anything" extension for Firefox lets you remove long URLs, large images, etc., that stretch the screen.  I nuked that block of text in the first message, and the screen now looks fine to me.  :-)

Where exactly in the extensions is it located randy?..there are sooo many extensions now its hard to keep up LOL

Dr.Web Anti-virus protects peer-to-peer networks from a dangerous polymorphic Win32.Polipos 

April 19, 2006

Virus monitoring service of Doctor Web, Ltd. warns users of peer-to-peer networks on a dangerous polymorphic virus named Win32.Polipos which emerged around a months ago and is actively propagating in different file sharing networks.

The propagation of Win32.Polipos began in March. It was added to Dr.Web virus base on March 20, 2006 and then it is no longer a danger for users of Dr.Web Anti-virus.

Apart from the complicated polymorphic technique used by the virus writer, the virus also has a dangerous function of “neutralizing" certain antivirus and security programs. Fluently spreading across P2Ps, the virus infiltrates computers connected to these networks and, being run, secretly makes them accessible to public of P2P-networks.

The virus infected Windows executables by writing the code of the polymorphic decoder into unused spaces of code sections, as if “covering the body of the victim with own spots”. When doing this, the virus creates a new section and places there its main encoded code, moving the resource section, if any exists, below. When implanting into a file it does not modify the original entry point, but replaces addresses of calls of API, selected at random, with the start address of the virus.

When the virus is launched, it implants its code into all run processes, except for the following:

savedump, dumprep, dwwin, drwtsn32, drwatson, kernel32.dll
smss, csrss, spoolsv, ctfmon, temp

Thus, several copies of the virus stay in the computer memory, each of them is responsible for a definite activity, for example search for files for infection, infection of files, interaction with P2Ps based on Gnutella networks, etc. Infected files become open for members of this network. Resident copies of Win32.Polipos intercept the following API functions - ExitProcess, CreateProcess, CreateFileA, LoadLibraryExA, SearchPathA, CreateProcessW, CreateFileW, LoadLibraryExW, SearchPathW. When any of these functions is called, new files get infected. When the control is passed to a victimized file with overlays (sfx-archives, installation files , etc.) the virus tries to create the original copy of file in the temporary directory with the name ptf*.tmp and runs it. This is done to evade the integrity check used by certain installers.

The spread of such virus undoubtly caused the anxiety of users of P2Ps and it is strange enough that though the presence in networks of Win32.Polipos is not a secret for anybody for a whole month, Dr.Web Anti-virus has long remained the only anti-virus to detect it.

At the beginning of the epidemics the technical support service of Doctor Web, Ltd. received users’ requests about false alarms to “clean files”. But Dr.Web analysts proved the existence of a new virus. Dr.Web Anti-virus successfully detects different modifications of this complicated polymorphic virus due to the high technological level of the Dr.Web engine.

At present, Virus monitoring service of Doctor Web, Ltd. designed the curing procedure for files infected with Win32.Polipos. It was done for users whose anti-virus programs still do not detect this virus and whose computers, though protected by other anti-virus programs, are infected with the virus and let it infect other computers. The curing technique is rather difficult, as it requires processing of a complicated crypt algorithm XTEA, and the decoding of the virus code can take much time. You should not download any additional curing utilities to cure the infected files, just use Dr.Web Anti-virus and update the virus bases on time.

Attached Link: Nuke Anything

It only temporarily removes things, so  you'll have to remove it again each time you load the page.  Still much better than trying to read this super-wide screen.

Thanks for the link but now I see that once I come to this second page..the text is fine and no more scrolling :D

Attached Link: http://vil.nai.com/vil/content/v_139296.htm

Vince.

Hi all first time here and i'm only here because someone pointed this thread out to me.

As one of many that were infected i can honestly tell you that the win32.polipos.A worm is a major threat to systems. It was shutting down networks all around the world. I had 400+ exe files on my system infected and yes my Anti Virus Program picked it up and placed all the files into the quarantine folder. At that time i had no idea about Dr Web so i took the only option i could and that was to format my hard-drive.

Now most of the files that were infected were DAZ files and on the day my Anti Virus program found them i had just downloaded another file from Daz.

The Worm/virus is actually one that sat in the memory, on my computer for sometime and the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.

So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.

Quote - Where exactly in the extensions is it located randy?..there are sooo many extensions now its hard to keep up LOL

Type in "nuke" in the search bar on the extension page.  It will pull it up for you.  Took me awhile to figure out that you don't have to scroll through thousands of extensions to find the one you are looking for and that their search works quite well.

Quote - the only reason i knew i had it was because my AV company like most others had only made an update for it on the 4/25/2006 so in fact many of you that were infected by it could have had it already on your system and not known about it because the AV companies had no update to find it till the day you got the upgrade.

So in fact you shouldn't be blaming DAZ but your AV companies for not being up on this one since it was around for some time.

Maybe. However, I also downloaded a few other files from other sites, accepted an attachment of .png files through my email and a .jpg file over MSN.  I still find it odd that I only got a popup notification when I was downloading a Daz file into my Daz folder, and that  out of all of the .exe files on my computer only Daz .exe files were infected... all which were inside the folder that I was downloading the Daz file to.

Again, like I said it could be co-incidence.  But it still raises a red flag for me because it just sounds "too co-incidental".

Quote - all running file where infected while i just try to delete the one norton found in 20 minutes .. don't believe me if you like ... just be carefull and keep your CD's closeby

Chris

Chris

Oh trust me i believe you. I infact watched my AV go crazy with in 20 minutes quarantining all the files that were infected and the one exe file that started it all off was Internet Explorer which i had just opened. Its amazing how quick it infected files.

Quote - Bar-code-sorry i'm not very computer literate but have you tried the windows defender program(free) as in there,there is an option to see what is running on your computer at that moment! and the option to enable or disable it from there!!! i only mention this as if you haven't tried it it may work!!! also another thought is if you can locate the file(say it is running in system32) if it won't let you delete it yourself(as your antivirus isn't doing it) then sometimes you can create a new folder within(say system32(if that is where it is located)) and move the file to the new folder!and usually you can delete that new folder!!if that works though,be sure to get rid of your system restore points as any other file running can retrieve them even after deletion!! you probally know this method,but i thought i should say it incase you or someone else reading this doesn't(would again recommend using McAfee antivirus software instead of Norton!!)hope you get rid of it before it does too much damage to your 'puter!!!!

Vince.

Vince you have some good suggestions here but there is one problem with some system files which i have found by trying it on my old test computer. You are unable to move them into another folder anywhere on your computer, even if you did make another folder in your system32 folder the file/system wont allow you to move most files.

I don't know win xp that well and i have set it up on my old computer so i can go into things and look around then doing things like you stated without causing major problems to my main computer..

Today my old computer goes back to having win 98SE placed back on it so my neice can use it to play a few small games i have for her

Acadia
I also download a file from Daz the day i was infected, i also downloaded 3 other files from other sites one being a well known download site. At first i thought it strange that the only file i had installed and was using before i had the popup from my AV was the Daz file. I also found it strange and still do that most of the files that were infected as well as my system files were the ones in the daz folder where i download my daz files to..

Please don't get me wrong, we could have been infected by files from Daz all i'm saying though is also look at other possibilities.

CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.

So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.

I've been at Daz reading about this in the Commons forum. Here's what Khai had to say...

OK

I've been hit as well. go here - http://download.drweb.com/drweb+cureit/ grab the Free program and run a scan. it will cure or quarintine the affected files.

no need to reformat / reinstall (unless you really want to, but trust me, you don't have to)

this ain't that bad. btw F-prot will detect it, Dr Web will cure it. other AV's checking atm, but AVG don't nail it (yet)

Khai also goes on to say:

tip
keep a floppy start disk with CDrom drivers
or have a Booting CD that will let you access your drives..

I have those handy in my kit. tho, soon I hope to make a USB version...

plus speaking from years of fixing this kinda thing, no. you did'nt have to format. infected or not, you can still disinfect a machine even if the explorer.exe is infected. trust me on that..

Quote - CrazyDawg...did you also get an email with a link in it supposedly from Daz? Alot of folks are claiming they got this email with link, and after clicking said link {some type of update} their problems began.

So far its all generating around Daz...not saying Daz is at fault, but they certainly need to check some stuff out on their end.

Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.

If people are just getting this now en mass... I suspect Daz themselves is infected. If not, then another theory... -> As this virus can travel through IM services like 'windows IM' and MSN chat, you can get it without even doing anything other than turning on your computer... If you don't firewall block or remove Windows IM, it will connect itself and run around on its own... So it would be very easy for a business like Daz to get it. Likewise for any of us.

Quote - Yes i did recieve an email from Daz with a link but it was one letting me know someone had replied to a posting on their forum. when i clicked on the link IE opened then my AV started scanning my system.

 

IE uses Active X. That can allow things on the net to access your hard drive - run, modify, or even delte files on your harddrive. Such programs can be trigged by something as 'innocent seeming' as characters in a URL telling a server to 'run application X' which then runs out to your hard drive and goes to town. Active X does let you do a few 'neat things', like check out all of a user's stored credit cards and passwords and mail them off to you ( :) ) [what they called -push technology- back when they kicked it off in 96 or 97 or so, but it is not generally a wise thing to let loose... All you would need is for IE to tell your computer to run 'windows IM' and use that to connect to 'point X' where a copy of this thing is waiting to be downloaded and installed on your system... This is one in a long list of reasons to not use IE. Likewise you should have a firewall on your system other than Windoes firewall, as Windows lets 'friends of Bill Gates' through your firewall... (well, not literally proven, but I wouldn't trust it - there is a lot of money to be made by 'co called legit business' in being able to get into your machine without your permission, and they can point to licenses you 'agreed to' in buying software to legally shield them - a hacker could explout the same set of 'backdoors'. Further... disable all those instant message apps... Or just accept getting a virus now and then.

This is one of the reasons I refuse to go back to IE..too many doors open, and too many downloads going on behind ones back...

I haven't been over to Daz {shudder} not sure I want to go there at this point and time..never know whats actually infected..could be something embedded in a page or anything....I 'do' know, that everyone who has gotten this thing has said something about a link in an email from Daz..or about downloading something from there...

Does anyone know if  Daz has addressed this issue? Have they scanned any of their servers or anything?

Looks to me as though Daz has an enemy that has targetted them.

KY

I agree...Im wondering now if it could be someone 'within' Daz thats miffed about something...

Probably not. All it takes is one employee using an instant messenger app while at work. Something totally innocent like seeing who's picking up the kids from day care tomorrow, or should you get milk and eggs at the safeway on the way home tonight, could infect the entire company...

It's still not proven that DAZ is the source.  Could be just coincidence.  I wouldn't think downloading a file from DAZ or clicking on a link from them could spread the infection.  It was likely the browser or e-mail program that was infected, if the warning popped up when you were downloading files, clicking links, or reading e-mail.

Daz is actually ideal for the spread of this. Daz works in 'exe' downloads, and this virus spreads through hiding inside of exes.

Yes, that's true.  I said so myself.

But that doesn't mean that that's what's happening. 

I am clean, even though I've downloaded and installed a ton of stuff from DAZ over the past few weeks.