I just deleted the messenger folder and explorer works fine still.

prefetch? What / where? I read that the virus was found in early march, but the majors just shrugged and said 'no problem man...' Note this from drweb.com: "The propagation of Win32.Polipos began in March. It was added to Dr.Web virus base on March 20, 2006 and then it is no longer a danger for users of Dr.Web Anti-virus." I'm close to certain I was infected -AFTER- that date. And given that I was current with norton, I should not have been. I do think we could have worked to keep this whole issue into a smaller number of different topics, but also that it needed to be brought out as it hits upon a weakness common to this community - downloading things on the internet and trusting the places you get them from, be they corps or individual producers. And there is nothing wrong with having that trust, and if the major anti-virus cos had not dropped the ball, I suspect that trust would not have led us into this situation.

@ arcady.. nortons/symantec didnt add it to their definitions until APRIL 23 :o(

Quote - Well I got the scans of the office machines done, we are clean of Polip.a. :)
Good to hear DAZ is too.

I did find 6 trojans on the network and some people were very infected with adware. All clean now.

I'm not worried about my home computers, -- they are all Mac. :)

bB

I wouldn't get too complacent about the fact you have Macs at home, Virus writers are now starting to target Macsters as well.

no viruses yet written for OS X. there were quite a few written for OS 7 and 8, but nobody has seen any of those for years now. rest assured, we aren't complacent - whenever we find out about a new security exploit before apple does, we make sure they fix it up ASAP. hence the existing OS X exploits (3 worms, 3 concept trojans, 2 malicious trojans and one rootkit) only affect older OS X versions, upon which vista may be based. but we wil have to wait until mar 2007 to find out if that's true.

Yes, there was one virus. ONE virus. That effected the Mac OSX. First one in 7 years. And Apple was on top it. Hackers are more interested in ITunes and iPod than OSX at this stage. bB

Does anyone know of a virus scanner that will remove the virus without disabling the.exe, or will I have to reformat? All my backup drives are infected, too, SOB

Drifterlee.. DrWeb's CureIt removed the sucker from all my exe's. And I didn't rename them or  anything. But they are apparently clean now. And working too :o)

My back ups are screwed too. I don't know what to do. I keep trying to clear my machine with CureIt but Win32.Polipos is hiding in the WinLogon I think. This machine has no Internet connection. Hmmm.

Anyway, some people like me don't go much of anywhere on the Internet but here, Poser stores and e-mail. I only found out about the problem through a Poser colleague. The virus seems to be living in my DAZ .exe files but not any other .exe files. Odd.

Momodot you will probably find the virus in other exe files if you keep looking for it.

The daz files being infected is just a coincidence.

It could be that daz use a standard exe file that is easier to infect than some other types.

"I keep trying to clear my machine with CureIt but Win32.Polipos is hiding in the WinLogon I think"

Momdot, what makes you suspect that?  The reason I ask is CureIt found the virus in my winlogon.exe file and said it cured it.  But a few days later, something wierd started happening: whenever I try to shut down my computer, it reboots instead. And upon each reboot, I get the message “Winlogon.exe has encountered an error and needs to close.”

I click OK and the machine finishes booting. Everything seems to work okay and winlogon.exe appears in the process list as running.

It’s still doing it—the only way I can turn off my machine is by the switch on the tower.  Don’t know what to make of it.  Both CureIt and Norton AV full system scans say the computer is clean.

Make sure there is a copy in your system 32 folder. My AV moved it into quarentine & I had to copy back from a backup.

In addition, not sure if this will help anyone.  I might have located my offending file.  It was in MY Documents/Local

It was labeled as ~vis000 & inside was a 0kb file called house of mog ruth(this is a daz file that I purchased)  I could NOT delete it thru regular means.  I had to use a file utility called UNLOCKER to delete it.  What's even stranger. is the file came back as NOT having any locking mechanism on it.

Now then, I re-dowloaded the House of Mog Ruth from Daz - reinstalled it & the above mentioned file did NOT reappear. Go figure.

The only adverse affect I have now is that when 1st load up a program it takes FOREVER & occasionly my IE goes wonky & clicking on links or even in the gallery stops working. I'm sure I have some items in services that should be running that I don't have on cause I simply don't know & I'm sure there are a handful items I need to re-copy back to sys32...not sure there either.

Jackon.. it may still possibly be there or the winlogon.exe might possibly be damaged.

If you look at what the virus actually does.. it attacks exe files. and it mutates to avoid detection each time it infects something..it injects its code into running processes to avoid detection.. and it also lowers system security by attacking certain AV files to avoid detection by the AV.

If you're using Xp and leave system restore turned on for any drives.. you will reinfect your PC.. as AV cannot scan inside system restore.

You might want to grab your windows install disk and try to repair windows.  Might solve your problem if something has gone skew with the AV cleaning the file.

I got nailed with this one, too (it was accidentally passed to me via email from a friend's infected system.) I tried a couple of the tools mentioned here, but I got the best results using the Stinger that McAfee just put out specifically to clean Win32a.polip. It's free and can be downloaded at http://vil.nai.com/vil/stinger/polipstinger.asp (be sure to follow the instructions.) It seems like nothing is working 100% for everyone, so the lesson here is to go slowly and carefully, try all of the different tools, and don't panic. This is a stubborn bugger and hard to eradicate, but it won't take formatting your hard drive to get rid of it.

Quote - This is a stubborn bugger and hard to eradicate, but it won't take formatting your hard drive to get rid of it.

I didn't find it hard to get rid of.

My virus scanner flagged some files and quarantined them.  I tried to clean them but couldn't at that time so I just left them there.  I ran "Cureit" after that and it found some adware but no virus or trojan files.  My antivirus came up with a fix for it and I was able to repair the infected files.  Further scans have come up 100% clean.  

Apparently this virus affects files in the system restore. I  don't keep a system restore because it takes up way too much hard drive space.  However, from what I read if you purge your system restore and turn it off, scan and repair files, your system will be clean.

Quote - I didn't find it hard to get rid of.

How hard W32.Polip is to get rid of depends greatly on how many and which files are infected, as well as how many computers one has on a network. When major system files are infected, it's harder. Polip also attempts to crash most antivirus software, which caused a couple of my machines to reboot midway through the cleaning process and thus reinfect most of the recently cleaned files. Nothing to do when that happened but start all over again. My congratulations to you on getting rid of Polip so easily, but it's pretty evident from posts in this and the other threads that it hasn't been so effortless a fix for everyone.

Guess I got lucky then. As I was downloading a file from Daz my antivirus started quarantining files in the folder I was downloading to.  I immediately stopped the download. Only 6 Daz .exe files were infected.

So DAZ was the source of the infection??? 80 What file was it? Did you notify DAZ about it? bB

Quote - So DAZ was the source of the infection??? 80 What file was it? Did you notify DAZ about it? bB

They did a system scan and said it was clean.

However, I'm still skeptical because it wasn't until I started a Daz download that my virus scanner started popping up windows about infected files in that particular folder. A folder that I had been in a couple hours prior.  I find it just a bit too co-incidental that  my troubles seemed to start as soon as I started to download a Daz file, into a folder where I  store my Daz files until they are burned, and that only 6 files were infected....all Daz ones, and all in that folder where I had directed the download.  I had stopped the download as soon as I started to get popups about a virus.   Personally I think that was my saving grace.  Basically I think it was caught and quarantined on my computer before it could do more damage. 

I've since downloaded the Hexagon 2 file from Daz and did so without incident this time, but that was after they had done their scan.

Attached Link: Viri removal tool from bit defender

The link  above is to the memory unloader for this virus. If you run it then run your antiviri program it should get rid of the thing.

 again this virus affects exe even as you download them as long as it's in your computers memory it will keep infecting files.

You can use 1 antivirus program and still not get every instance of the infection. I've run 3 - 5 and then a webased scan to get rid of it on my grandmothers machine. (trust me she doesn't download from Peer to peer or Daz.)

thanks for that link Storm.
it confirmed I'm clear :) just by using Cureit :)

Okay.  Having just recovered from the darn Polip virus myself (after having to completely reinstall windows thanks to Norton messing up most of my windows system files.)  I can say that ANY help. advice or advisories regarding a bug are most welcome to me no matter where you get them, and for the poster who has the mac, Don't think you are 100% safe.  Contrary to rumors, there are Mac viri.  And now that Mac's are just overpriced PCs, and more people installing windows on them over the next year or so, you are going to see many more Mac viruses.  As for the Polip, I believe it came from something I got free on the Daz site,but the bug spread so fast I have no way of telling exactly which file it came from.  So this is sort of a poser related thread after all.  I just wish Norton had been able to clean the little bugger up rather than just quarantine the files.  The Norton site wasn't much help either, it listed the bug as low infection (0-49) systems.  Yeh right...  And their instructions for getting rid of it were totally useless.  So be careful of any poser content you DL from any site.

My Norton picked it up immediately after downloading and installing a bunch of files from the DAZ free file of the week archive.  Nothing else had been installed in three days prior to that.  The problem is the thing spreads like crazy.  In less than 5 minutes I had norton pop ups hitting every second.  I force rebooted it, made an up to date norton rescue CD on my other system and rebooted.  According to Norton, in less than 5 minuites, the bug had infected over 850 files, including most of my windows DLL and exe files.

Quote - Momodot you will probably find the virus in other exe files if you keep looking for it.

The daz files being infected is just a coincidence.

It could be that daz use a standard exe file that is easier to infect than some other types.

Well, a polipo remover that was mentioned - Stinger - I think from Norton, removed every folder on my slave drive that had an infected Daz file in it, including all my non-infected zip files. After I ran this "virus remover" it (?) put a mirror image of my old infected Windows XP C drive onto D drive, which had only been Poser and Bryce Storage. All infected Windows files were there, but my zip files and folders (backup) were all gone. I had to reformat my slave drive (I had just reformated my C drive with a new copy of windows). How my old OS got onto the slave drive is bizarre. Now I have lost all my freebies and purchases from RR, Daz, PoserPros, RDNA etc. This is a nightmare. This virus writer deserves to be boiled in oil - slowly.

PS. Daz would NEVER admit to having viruses - they could be sued - so I am sure I got it from Daz because that was the only .exe files I have installed in the past few months.

Quote - Well, a polipo remover that was mentioned - Stinger - I think from Norton, removed every folder on my slave drive that had an infected Daz file in it, including all my non-infected zip files.

The Stinger executable from McAfee does not move or remove any files. It checks for the virus, then attempts to clean any infected files found while leaving them in situ, then reports on its success or failure. It doesn't copy, move, or delete anything. So whatever did that to you, it was not the Stinger utility.

Well, what could do such a weird thing then???

My external HD was totally erased and I had no virus warnings. .
both hard disks are still there but slow eratic. Trying to save what I can and the reformat. I hate it!

Quote - Jackon.. it may still possibly be there or the winlogon.exe might possibly be damaged.

Exactly. A cure application -tries- to cure the infected file without damaging it. But that is never a guarantee. Something needed in the file might resemble something the cure app is removing, or might have been overwritten byt the virus to begin with. So, you can always repair your copy of windows from a CD-boot off of your WinXP CD, now that you have run the cure... Failing that, you can copy the needed file off of a good machine of someone else.

Quote - My external HD was totally erased and I had no virus warnings. . ... Trying to save what I can and the reformat. I hate it!

Before reformating try out the drive on a Mac. A lot of my CD-Rs decayed over time and I found some of them readable on the Mac and not the PC, and vice versa - with each claiming those it couldn't read where blank... When that happened I would use the machine it worked on to back it up and burn a new CD. If you don't know anyone with a Mac, Kinkos used to always have Macs, and might still. If it works there, get all the files you can off, and then reformat and put them back on. OS X can format a drive to be PC readable. I've had to do this many times with my little USB flash drive... Need to buy a new one of those as it keeps failing...

Quote - PS. Daz would NEVER admit to having viruses - they could be sued - so I am sure I got it from Daz because that was the only .exe files I have installed in the past few months.

A timely admission would actually more than likely protect them from liability than open them up to it. So when they say they are not infected I believe them. Look at an admiision like this: X finds it has been sending out a virus in product Y. X finds it has infected many of its customers as a result. X can: 1. Deny this. When it is later proven X can now be sued for 'intentional spread of a computer virus.' In the USA this is also a federal felony. As such the managers and board of X would all be facing possible prison sentences if they took route 1 (See U.S. v. Park, 421 U.S. 658, 1975 for an analogy in the food industry to see how this can go all the way up to the head of a company).

1. Admit it. X takes a customer relations hit, but it is less severe than that which happens under scenerario 1. X now sends out a notice to all customers of Y telling them they have likely been infected and they can cure the virus by following the steps listed in the remainder of the notice. X is shielding from liability by being able to show they took prompt action the moment they were put on alert to their status.

It is not a crime to get a virus, nor to unknowingly pass it on. In this case you are a victim. It is however, a crime to pass it on knowingly.

Quote - @ arcady.. nortons/symantec didnt add it to their definitions until APRIL 23 :o(

My point exactly. They knew it about for over a month before lifting a finger over it... I call that dropping the ball. It's why I removed norton from all but one of the PCs I have control over. I wanted one PC to still be on something different from the others though...

Quote - Hackers are more interested in ITunes and iPod than OSX at this stage.

I would be too if I listened to Britney Spears... I wouldn't want anyone able to trace that kind of shame back to me... :D

Quote - PS. Daz would NEVER admit to having viruses - they could be sued - so I am sure I got it from Daz because that was the only .exe files I have installed in the past few months.

Do you run any chat programs? ICQ, AOL, Skype, msn, and/or the like? You can get the viri through there. If you run any chat program it can transmit the virus expecially if you directly connect to another computer.

Have you updated windows and iexplore lately?  While I understand not updating them due to problems they can leave your computer at considerable risk

have you recieved emails that might have been infected even from family or even friends? They may not know they had it and sent it along (again since most of the antivirus definitions that find this virus did not go into place until this week) a lot of people who got it got it secondary.

Are you running your antivirus program every night or at least 3 times a week? (btw most of the antivirus companies saw this as a low threat and didn't get the detection codes out until this week)

Do you have a firewall? if not your computer is at risk for intrusions.

Don't just assume because you ran an exe from DAZ that it is what infected you. The viri loads into your memory and running processes and will infect the exe's that way. If you are like me you are doing a hundred or more things on your computer each day. Just because you remember running one DAZ exe file DOESN'T mean you didn't do something else that triggered it.  and since DAZ does exe files they would of course get infected quickly.

make sure when you are doing the antiviri checks that you run the removal tool from bitdefender. It unloads the virus from memory making it a bit easier to clean. (follow the directions carefully and turn off system restore while doing it.)

Whoever wrote this virus needs to be boiled in oil. I finally had to reformat my main drive and then the messed up slave drive. I lost everything except my poser runtime that I had backed up earlier. Now I have to beg all the stores to reset my downloads or pay them, whatever. It is a huge, disgusting mess!!! I even lost all my (800+) pictures from Europe last summer. Horrible.

drifterlee, yes it's horrible!

I lost my external drive completely. I had all my poser stuff, my texture files, my psd and oodles of other things there.

Three new charaters and textures I had ready to zip and send to my testers is gone.
Lost my new Clark textures I started plus a texture for another product.
and the worst of it is that I had intended to do a backup on theose files later in the day. But when I checked my drive, everything was gone. No warnings, just gone.
Tthree new products gone Means lost sales for me.

I have to rebuild most of my textures.

I just did another scan and found 3 more nasties virus's plus 7 trojans, one of which is on my volume of a slave drive and can't be deleted.
Now I have to go ahead and reformat all drives.

But tonight I'm going to just read some comic books and then go to bed. Tommorrow I'll wipe the disks. Then I have to start redownloadinfg all my Renderosity purchases and get Daz to reset for me too.
I feel you pain and loss from this.

May the virus creator catch a nasty boil making virus that lasts a lifetime!

Sorry to hear about your mess!!!!! Losing characters for sale is awful!!!! I don't know what is wrong with people who write viruses. If they are smart enough to write viruses, you would think they would use their brains to do good and make some money!

And this is only the a version of the virus. I hope they get this guy soon, I'd hate to see the e version.

Attached Link: http://poserpros.daz3d.com/forums/viewtopic.php?t=51682

Your problem is also mine drifterlee. I have just done a full scan with Cureit from Dr Web with System Restor turned off, Curit says my system is clean, but AVG keeps poping up warnings of infected files (Win32polipos). They can't both be right (or wrong). Either Curit is not doing its job or AVG is giving false virus reports. Anyone else having a similar problem?**
**

I have now done a complete scan with

McAfee AVERT(r) Labs Stinger for W32/Polip

and it also came up with nothing. I suspect that AVG is giving false reports, but should I just assume all is OK? I really have better things to do than spend hours looking for a visus/trojan I may well not have. What I have done is -

1. ban my kids from using MSN chat
2. uninstalled all my P2P stuff
3. be very careful about downloading ANY .exe files from ANYONE
4. put this shit behind me and get back into 3D creation

I hope this thread will become just a bad memory for all of my friends here.

It could be that there's some kind of archived or backup or system restore file that AVG is looking at but the other too are ignoring. In that case it's pobably safe unless you do a system restore or restore the backup. There were instructions earlier on clearing off system restore

Attached Link: http://market.renderosity.com/mod/forumpro/showthread.php?message_id=2671816

I think I found your "missing" post here.

Attached Link: http://poserpros.daz3d.com/forums/viewtopic.php?t=51682

The thread where you found :
    Quote - "I've posted an article here and it's gone because it was a "speculation".
    You have it now at PoserPros."
doesn't exist anymore.
Long and prosper life for Torquemada

Kawecki.. Are you an ArtZone member? You could do like some other people have done and post it in a blog there...

No I don't, if you want you can copy and paste it.

Quote - You don't need to reformat!!!!!!!!!!

I use eTrust Antivirus and they can find and restore the infected files.  They have a web based scan.  Try it.  If that doesn't work, then download the trial version of the eTrust Antivirus and use it.

Doesn't work with FIrefox, and some investigations have suggested that using IE to download is part of the problem. (Dunno if that's true, though.)

I don't trust any anti-virus company that can't make a website that works in something other than IE.

bonni

Attached Link: http://hoaxbusters.ciac.org/HBMalCode.shtml

bonni

Well, this virus ws no rumor. It trashed 4 0f my PCs!

Well, the first virus I ever had in life came from DAZ.  Early on, many years ago, I found I had a worm and, because I had recently written to a number of folks - amoung them DAZ - I wrote to warn them that I may have infected them.  The tech returned my e-mail saying that, indeed, HE HAD INFECTED ME.  He sent along instructions and a link to a Symantec app that would clean my machine.  He also sent along an apology.  The worm was tricky but not so tricky that I didn't figure out how it worked myself so that when I ran the app it didn't find anything at all: I had successfully taken care of the thing myself.  Kakworm or something like that.  Point is I did get the thing from a DAZ machine.  I know I still have the e-mail exchange in my archives somewhere.

I don't file share, don't run MS Messenger - I think Adaware makes an applicaiton that will disable Messenger - and don't usually even have regular access to high speed.  Still in all I've had three viruses in my day.

I must have missed earlier posts on this topic and I'm glad I read through this thread.  I'm checking my system now with McAfee and will look into some of the other suggestions as my machine has recently shut down for no apparent reason.

Best wishes to everyone and thanks for the thread -- which is funny since XFX3d meant to discourage such posts ;O

Rªnce