Dr.Web Anti-virus warns users
of peer-to-peer networks on a dangerous polymorphic virus named Win32.Polipos.
The propagation of Win32.Polipos was added to Dr.Web virus base on March 20, 2006.
The complicated polymorphic technique neutralizes certain antivirus and security programs. The virus infiltrates computers connected to P2P-networks and, being run, secretly makes them accessible to the public. The virus infects Windows executables by writing the code of the polymorphic decoder into unused spaces of code sections. When the virus is launched, it implants its code into all run processes, except some of them.
Once Win32.Polipos is executed on a system:
- Certain Security Programs can't any more be downloaded, installed or updated.
- Programs can't be unzipped.
- The machine shuts down and restarts itself.
- Most Antivirus don't find anything.
- The firewall reports of changings of the running programs
- Files are getting bigger
- Every file being executed gets infected with this virus
- The Explorer tries to connect to the Internet to the following addresses
65.98.38.30, 217.195.47.206 and 66.36.241.147.
-
There are ERROR messages of Windows:
a file could not be saved because the source code could not be read.
a file could not be saved because of an unknown mistake: please try to save it to another folder.
These are the reports of two users having had this infection on their systems.
One of them was cured on our Board with the eScan recognizing some of these files as a P2P-Worm.Win32.Polipos.a and the FREE Dr.Web CureIt! disinfecting about 300 Win32.Polipos files.
Need a Remover?
