Re: Polip.A

I agree with David. There may be other infected computers on the network that ensures that all of the computers are being infected. One method to check this is to install a decent personal firewall on a fresh box.

From the very nature of the polymorphism, many AV's purposefully choose not to add polip to their detection, because to emulate the file and fully scan it would consume too much time. I do know of some decent scanners that check (mostly accurately) for polipos. If the issue persists, then you may need to scan with some of them.


David H. Lipman wrote:
From: "ergibson83" <ergibson83@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Has anyone had a problem with a dangerous virus called "Polip.A" , originally
| named Polipos.A?
| I'm an advanced computer user. 2 days ago, I was in the process of
| downloading a windows update from microsoft's update site. Windows automatic
| update kept repeating a particular update and installing it successfully, and
| I can not remember the update number, but it eventually finished. Right after
| it completed, I began to see my computer's antivirus program, Trend Micro
| recognize a virus called W32.Polip.A. Right after my anti-virus program
| recognized this virus, I began to see virus detection windows for .exe and
| .src program files. My anti-virus program was detecting my infected .exe and
| .src with the virus which had been replicating itself and quarantining my
| virus infecting executable and source files. I am also a college student,
| living in the dorm behind my university's firewall and I do not use P2P
| programs.
| I work at geeksquad and today at work, I was performing advanced security
| setups on 3 brand new, 'out of box' computers. During the process of windows
| updates, all three computers detected the W32 Polip.A virus and began to
| display the above symptoms my computer displayed once infected. Funny thing
| is, the first computer that received the virus was currently re-downloading
| and installing the above mentioned particular update from microsoft. I was
| behind my company's (Bestbuy) firewall also.
| Is it possible that Microsoft could have a virus in one of their updates?
| From the looks of my google searches, this virus is being slow to detection
| in many anti-virus programs. Is there a successful fix for this virus? Any
| help is much appreciated
| -ergibson83

The W32/Polip is a P2P worm. That is it is spread through Peer-2-Peer programs. It is a
very complex and very advanced polymorphic file infector. You need to seek expert
assistance in its removal since it roots itself in many Win32 processes. It also may have
other worm capabilities and /*may*/ use network protocols to spread.

I also know that there are instances of False Positive declarations of this infector. That
means a given file may be falsely deemed to be infected with this virus.

recently submitted a file to Virus Total and Ikarus declared "P2P-Worm.Win32.Polipos.a" on
some adware. Went I sent the same sample to Ikarus email scan it was deemed "clean".

It is NOT possible that Microsoft is pushing a virus in their updates -- That's pure FUD !

For a student who works for GeekSquad you lack facts in this post.

What is the fully qualified name and path to the infected file ?

Have you submitted a sample to Virus Total for infection verification ?

BTW: Just because it is a new out-of-the-box PC meens sh!t. Dell is shipping new computers
with adware and and old version of Sun Jave Run-Time that laeves the user at risk of malware
infections. In fact old versions of Sun Java are the cause of most infections of the Vundo
trojan/Vrtuomonde adware.

Microsoft MVP - Security 2006