I am posting this to alert fellow users to the Win32.Polipos.  A fellow user alerted Chat earlier and gave us these 2 links. http://info.drweb.com/show/2815/en & http://download.drweb.com/drweb+cureit/.  He had all of his DAZ exe's infected by this virus.  It has infected 2 others user of my personal acquaintence.  One of them had Poser infected.  I checked just in case and am not.

Thanks.

just completed running scans with Dr Web's Cureit -
I had the W32/Polipos.A - AVG (atm) is not detecting it, F-Prot will see it but not kill it. Cureit will kill and Cure it.

out of an infection number of 300 files, I've lost 4 minor exe's.. so I can heartily recommend Cureit for getting rid of this one!

For further reading:

http://securityresponse.symantec.com/avcenter/venc/data/w32.polip.html

--John

I found out I was infected this past weekend, I did a repair reinstall of windows and that didn't eradicate it. I had to actually reformat the C: drive and reinstall, still didn't get it. Cureit is finding and curing the infection. Scary darn virus.

KY

Yep, had it too. Took me 4 days to get shot of it.

MS Defender (Free to verified customers) is well worth the download, too.

It's not so much Polip that does it, but all the trojans it lets through.

I'm slowing putting my disks back in...

BTW - Full format / Reinstall did not get rid of it (with no other drives attached)

Polip hides itself from virus scanners too.
Atm I'm zipping up all the clean exe's.

Thanks for the alert.  I scanned the drives using NAV and it caught one hiding in my network folder.  It couldn't fix the file so I just removed it. 

I also downloaded the Cureit and did a full scan just to be sure and it didn't found anything after the removal.  My question is, what else could I do to make sure the virus is indeed off my system?  I never had virus infection so I am not sure how to go about it.  With this specific virus, is there any sign of indication that I should look for to see if my computer is still infected?

If CureIt says it's gone, you should be on the safe side :)

It has taken me 3 days to get rid of this bugger, but at the last scan, CureIt didn't find it anywhere, so I believe I'm now finally rid of it.

It DID infect my Poser.exe, both the Pro Pack and Poser 6, but CureIt was able to ..well.. cure it.

I lost PWizard and Mat Pose Edit but I can download and reinstall those, so that's no biggie. I just wonder what it is that causes SOME select few files to be incurable?

And as far as I can see, the virus does't do much on itself, it's not destructive in the usual sense of the word, but it DOES act as a trojan, opening up your copmputer to the "outside world"

running final scans here, looks like I am free of it as well.. (was clear Weds, checked again Thurs and now today)

it's persistant, but nothing serious. I pity those that paniced and formatted tho. there was really no need... and I will not get annoyed with those going round screeching 'infection! Format!!!' I promise...

cureit is very good at cleaning up after an infection, and i'd feel pretty safe if it said it can't find anything anymore. do you know where you got the infected file? if you do, and you generally connect to their computer, you'll want to let them know that they're probably infected, and avoid connecting until they, too, have cleaned up. safest thing is to keep a couple of up-to-date virus scanners handy, and have copies of their executables on cd. some viruses (such as win32.polip here) go after the virus scanners, which screws you doubly because you can no longer trust them. if you're running p2p software, you should also run an active scanner that checks for stuff right when it comes down the pipe. same if you use an email program that is likely to execute all sorts of crapola on you.

You know the weird thing is, this is apparently/allegedly spread with P2P networks - which I don't use. (I'm paranoid enough as it is.) Pleonastic, good advice. But I'd go one further. If your virus scanner does not let you password protect itself from changes (any changes that is!) then throw the damn thing out of the window, like... now. (Nav does, Nod32 does) I found out my better (but sometimes not too bright) half went and turned mine off because a friend of his suggested to do this when installing the app he'd gotten, but which wouldn't run on his laptop (DUH same scanner, also pw protected but he couldn't remember what it was) so he went and installed it on mine, where he knew what the pw was... Which would have been fine. No problem. It was a genuine, legal, original CD app... but he "forgot" to turn the scanner back on after the install. Windows being windows... it hides system tray icons so I didn't really notice, since I don't reboot every five minutes. Or even days. Needless to say he does not get THIS password... The words I uttered at discovering his deed were not printable and I'm still wafting blue air out of the door.

<_<   nasty one

got to remove this one here on several computers of friends already

You know the weird thing is, this is apparently/allegedly spread with P2P networks - which I don't use. it originated on gnutella, but that was 4-5 weeks ago. it's long since found other vectors. but if you become infected it will continue to spread via gnutella, even if you don't have the software installed. charming, eh? this is really quite the clever little polymorph. luckily it's not particularly destructive. i really should give nod32 a try. i use kaspersky and bitdefender. dr web seems to be rapidly improving lately.

So how are people being infected? 

From what I've heard, you have to actually run an infected EXE or SCR to get this.  I can't believe that all the people who have said they got hit - including some very computer-savvy types - ran random executables sent to them over the net. 

A lot of people suspect DAZ is the source.  I don't know if I buy that.  I ran CureIt and it didn't find anything, and I've downloaded and installed as much DAZ stuff as anyone the last few weeks. 

Still...if DAZ did get hit, oy.  People trust them and run their installers without without a qualm. 

I really wish they used zips like everyone else.

Okay I've been reading various forums about this virus and think only this Cureit will clean it up.  I have no reason to believe that my machine is infected, but since I buy and install quite a bit of Daz's content, I just want to make certain I don't have it lurking.  I read somewhere that I should install the Cureit program on a CD running from a known clean machine.  Question:  How do I know a machine is clean?  Question:  Do I have to uninstall my AV before installing Cureit?  I asked this because I don't really want to uninstall my AV.  I'm not at all computer savvy and I'm afraid if it does find "stuff"  I won't have what I need to get my computer working again if need be.  Any help would be appreciated.

Does cureit find the virus without downloading any other files?

I used cureit on a computer that doesn`t have an internet connection and I want to be sure that it worked without having to download any virus signatures etc.

cureit doesn't download any signatures. which means that you need to download the program itself anew to have it stay up-to-date. rockets, no, you do not have to uninstall your AV. cureit is a cleanup program, not a standard virus scanner. as to how you know a machine is 100% clean, you don't, unless you disconnect a 100% clean machine from the network -- you can use one of the online virus scanners to check it out though. then run cureit. afterwards, burn your AV to CD; that way it positively cannot be changed by a virus, or get a virus scanner that insists on a password for changes. keep the virus definition file scrupulously up-to-date; it should download signatures at the very least daily; safer is hourly. if your AV doesn't do that automatically, chuck it out and get a better one. if you find that your computer has been infected, and your AV cannot clean the virus off, don't panic. usually there is absolutely no need to reinstall your OS or reformat your drive or anything like that. plug the name of the virus into google and search for removal instructions. all the big AV sites have those. pick one where you can follow step-by-step. print it out.

Quote - Okay I've been reading various forums about this virus and think only this Cureit will clean it up.  I have no reason to believe that my machine is infected, but since I buy and install quite a bit of Daz's content, I just want to make certain I don't have it lurking.  I read somewhere that I should install the Cureit program on a CD running from a known clean machine. 1Question:  How do I know a machine is clean?  2Question:  Do I have to uninstall my AV before installing Cureit?  I asked this because I don't really want to uninstall my AV.  I'm not at all computer savvy and I'm afraid if it does find "stuff"  I won't have what I need to get my computer working again if need be.  Any help would be appreciated.

Quote - 3Does cureit find the virus without downloading any other files?

I used cureit on a computer that doesn`t have an internet connection and I want to be sure that it worked without having to download any virus signatures etc.

1It's a catch22 question.  A machine never on the net & never been fed disc/floppy from the net.  Is a true clean machine. 

 2No, I have AVG running. 

3It is self contained. My firewall is set to ask permissions. It has not been activated by Cureit.

Downloading the Cureit file to your desktop and immediately running it is fastest.  It should not get infected itself in the that time.

http://download.drweb.com/drweb+cureit/

This program repairs files.  I have read of only 6 files having to be replaced by the user since I first started this thread.  2 were on the OS disc and the others not specified.

I ran the cureit program from a small usb harddisk, the virus wasn`t on that computer but cureit did find a trojan.

Somehow I got it too. Xantor told me what is was. My PC is in shambles!!! It infected everything!

I did not know about this virus. I'll run check on the work computers tomorrow. Last week we had a virus on the network. I have cleaned many infected machines, and there is one thing you guys haven't mentioned in regard to cleaning sick Windows machines, -- purge the system restore. The virus could hide in there and live to fight another day if you don't. bB

How do you purge system restore?

Quote - How do you purge system restore?

1. Start button
2. All Programs
3. Accessories
4. System Tools
5. System Restore and follow directions

• Or right click My Computer Icon
• System Restore tab
• Fill/check 'Turn off System Restore on all drives
• Click OK

Do not forget to Re-enable system restore once the computer is clean and safe.

Attached Link: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

cure-it found some 588 copies of the virus on my PC. Cured all but a few of them. I had to get a new copy of MAT pose edit, reinstall 'ACDsee' from my old CD archive, and I lost my 'digital Bible in multiple languages and versions' - but I've got an install CD for that too. Everything else seems good. I ran cure-it twice from a burned closed session CD, also ran bit-defender from the same CD, and installed 'avast anti-virus' from that CD. The CD was made on a clean computer that I used to download the apps. I got rid of norton antivirus. It was up to date the entire time, and if they were willing to drop the ball even after they knew about this virus, I don't need them anymore... And I've been a norton customer since my first PC. cure-it also found a stack of trojans and spyware, all of which spybot failed to find, and for some reason zone alarm had not blocked... On the list of actions that I suspect put me in that position, after avoiding it for almost 7 years, in late March I finally gave in and installed Realplayer... I figured, it's been years since they were exposed as the first people to use commercial spyware, surely by now they've cleaned up their act? Not so, as one of the trojans found was theirs... So that may come across as an accusation on my part, but it is certainly not an illogical hypothesis...

Attached Link: This is a notification that music2u4u has replied to the thread "virii alert" in the DAZ|Studio foru

This was posted to me over in the Daz forum.  May be relevent to general web usage.

Good luck and safe surfing.

At the moment I've gotten into a habit to download any exe with a .txt extension Save target as ---> whatever.exe.txt or whatever-exe.txt Bingo. If you want to run it, just change the extension from txt to exe. Works for me. Or if you want to save it as a zip whatever-exe.zip But make sure you stick to your own convention so you remember what the original file extension was :)