Last night my poser program froze and after several attempts would not start.  I thought OK I might need to re-install it so I backed up my runtime to a separate drive.  When I went to back up the downloads directory I noticed that it had 0 files but still lots of folders.  Weird.  Went back to look at my runtime which when I copied it had 7.62 Gb of files was now empty.  All my folders are still present under the library folder.  All character, pose etc folders with all the sub folders still show, but no files inside the folder.  Rechecked my back-up and they were empty too.   Also every jpg and poser file I've ever created is gone as well.  Seems only my poser files are affected.  All other programs still have files in them as normal.  Anyone run across this?

Any help would be appreciated.

Thanks,

Dana

JEEFO is a virus that attacks Poser files.  I just got it in an e mail from a member here.  Norton couldn't do anything with it because it's in an e mail attachment.  I figure as long as I don't open it I'll be safe.

First I've heard of that one. It specifically targets Poser files? Hmmm.....

That was always my impression of it.  Maybe I'm wrong.

It infects Windows Portable Executable files.

en.wikipedia.org/wiki/Jeefo_(computer_virus)

Well, I did a Google for it and according to Symantec it's a Windows Portable Executable (PE) file infector. Files infected by W32.Jeefo increase in size by 36,352 bytes.
Said to be very low risk.

Symptoms: 1. Memory Usage is High 2. Executables do not launch 3. Multiple instances of svchost.exe launched in the task manager.

Sophos has a detector/removal tool for it here:

http://www.sophos.com/support/disinfection/jeefoa.html
http://www.sophos.com/security/analyses/viruses-and-spyware/w32jeefoa.html

Just ran it on my system, which has been misbehaving lately -- and I was on Rendo a couple times during the virus attacks last week -- but so far all scans keep coming up clean. Not sure if that's good or bad as I still have the problems : Memory usage suddenly going very high, up to 100% of my CPU, and the dreaded low-battery error at startup day before yesterday. Then again it might not have anything to do with a virus, these Dell 8300s have been known to be lemons in disguise.

Quote - JEEFO is a virus that attacks Poser files.  I just got it in an e mail from a member here.  Norton couldn't do anything with it because it's in an e mail attachment.  I figure as long as I don't open it I'll be safe.

You got it from a member here by email... and how did he got your email then ?
There is no way to email from this site to a other  email adres...
And IF you had a email true this site ...there is NO way to attach anything true this site to emails
Only Vendors can sent to your email adres ..but those messages are checked by RO..

So how did you get tthat virus true a member here ???

And there Are NO ! viruses specialy for poser files... things like that make myths and fables...

99% of virusses you get from opening bad email from hackers etc etc and spam
And from using unfair files..

So im realy waiting to hear how you got a virus from here....

"And there Are NO ! viruses specialy for poser files... things like that make myths and fables... "

On reflection, maybe not. See these threads.

DAZ Forum Thread Similar in Renderosity thread

Another DAZ form post.

Mostly although the posts were commented upon no solution was given.

I stand corrected.. after talking with Co workers here..
I must say that lately we see things that actualy shows illigal Poser files and zips
That have being invected with nasty's ...
And i have read the threads in the links above...
it seems NO solution to the nasty's can be found or given.
--

Stil i like to know how some one get a virus true the Renderosity email system...
Impossible to me so please tell me ...

Chris

Quote - I stand corrected.. after talking with Co workers here..
I must say that lately we see things that actualy shows illigal Poser files and zips
That have being invected with nasty's ...
And i have read the threads in the links above...
it seems NO solution to the nasty's can be found or given.

See if this helps:

http://www.sophos.com/support/disinfection/jeefoa.html

Quote -

See if this helps:

http://www.sophos.com/support/disinfection/jeefoa.html

Thnx but i dont ned the info...
i have only legit. files and so i dont have to deal with this kind of virus..
Its a shared virus.. its only spread true sharing infected files so i have nothing to fear from it..

But maybe someone else can...

Maybe the site mail got whammied during that business with the infected banner thingie last week. If so, something could have gotten out then before it was all cleaned up and some folks had the bad luck to be on the receiving end.

Meanwhile, my gear checks out all clean after numerous scans. I found one of the problems -- an incorrect program setting I'd forgotten to fix. However, the other nuisance is either entirely Dell's fault or else Windoze has gone wonky again.

*Stil i like to know how some one get a virus true the Renderosity email system...
Impossible to me so please tell me ...

It wasn't from rendo e mail system.  It was an e mail from this individuals personal e mail address to my yahoo address. 

Still don't know what I should do with it.  I haven't opened it,  so my computer isn't infected.  Norton identified it,  but won't do anything since it's an e mail attachment. 

Quote - *Stil i like to know how some one get a virus true the Renderosity email system...
Impossible to me so please tell me ...

It wasn't from rendo e mail system.  It was an e mail from this individuals personal e mail address to my yahoo address. 

Still don't know what I should do with it.  I haven't opened it,  so my computer isn't infected.  Norton identified it,  but won't do anything since it's an e mail attachment. 

DELETE it and Empty the trash bin... simple..
And then tell the sender you like the email again without nasty's..

*DELETE it and Empty the trash bin... simple..
And then tell the sender you like the email again without nasty's..

Cool!  Thanks!

Even if you just put it in the trash bin, yahoo deletes after so many days. BTW: Question for someone who knows about system files...what is svchost.exe anyway? I have several instances runing and wonder if I should delete them.

Pat, open it and embrace the warm liquidy fluid that comes forth!

It's probably been a while since you had to reinstall everything...such fun. :lol:

Attached Link: http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

Thank you, Khai.
Now I know how to deal with it. :)

Drakke, after you get the virus removed, try downloading a deleted file recovery program. It will help find things that aren't in you recycle bin. You can get a demo at http://www.easeus.com/. Good luck.

*Pat, open it and embrace the warm liquidy fluid that comes forth!

It's probably been a while since you had to reinstall everything...such fun.

LOL!  It's been 4 years since I've had to reformat and reinstall.  Got the gator toolbar from elf bowling.

Thanks khai - great site & article.  (I too had long wondered about all the svchost.exe's running.)

I downloaded the free Process Explorer and found out most of mine are from my AV program.

What a relief!
I was worried I might have a trojan the escaped notice.
 

If you'll allow me to drift a little farther OT, "the How-To Geek" page Khai mentioned above also has an article telling how to disable 'ctfmon.exe' in Windows.

http://www.howtogeek.com/howto/windows-vista/what-is-ctfmonexe-and-why-is-it-running/

Quote:
"Ctfmon is the Microsoft process that controls Alternative User Input and the Office Language bar. It's how you can control the computer via speech or a pen tablet, or using the onscreen keyboard inputs for asian languages."

It can slow or hang the system, and sounds unnecessary for most folks, so I'm considering killing it.    The replies there indicate that  only folks using multiple language keyboard fonts were really using it - as far as I could tell.

Q: Anyone aware of any overlooked reason why disabling ctfmon.exe might be a bad idea?   

D***, I misread the title I thought someone had made a posable virus, Now I can my forget my new hospital render in which Vicky gets the flue...

Bopper.

CTFMON is also used for items like a WACOM Tablet... other than that, kill that sucker...

Poof! -- It's gone.  Thanks Khai.

Bopperthijs,

Try RDNA they used to have a decent virus/dna model for download.

Zygote at one time had one too, I don't know if they still do though.

And at one time there were some pollen or alien spores for download here in the freestuff as well.

Hope that helps you with finding something you can use.

Daidalos