Aliases: Polipos.a [F-Secure], P2P-Worm.Win32.Polip.a [Kasper], W32/Polip [McAfee], W32/Polipos-A [Sophos], PE_POLIP.A [Trend Micro]
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Hard
Platform: W32
Discovered: 21 Apr 2006
Damage: Medium

Characteristics: W32.Polip was discovered on April 21, 2006. This virus is a polymorphic virus that infects particular files, .exe and .scr, once these files are opened or executed in the computer. This virus is also known as Polipos.a, P2P-Worm.Win32.Polip.a, W32/Polip, W32/Polipos-A and PE_POLIP.A. It mostly affects Windows operating systems like the Windows 2000, 95, 98, Me, NT, Server 2003 and XP.

More details about W32.Polip

Once W32.Polip is executed, the virus begins to spread by infecting .scr and .exe files if they are executed or opened in the computer. The worm then hides its presence by infecting its code into the actively running processes. Next, the worm shares infected files on the Gnutella file sharing network even if that software is not installed in the computer. Finally, it attempts to lower security settings by deleting files related to antivirus software. This would be the payload of the worm trying to block all antivirus programs from its active running.

The W32.Polip program may be installed on a computer through drive-by downloads. Some websites encourage the user to download video codecs or other components that will allow the user to fully view the features of the web page. These components usually display a fake EULA (End User License Agreement) to convince the user that the program is legitimate. The W32.Polip software may be installed together with the plug-in.