virus logo Virus

W32/Polip.A

description-logoAnalysis

This is a polymorphic virus for 32bit portable executable (PE) files.

When this virus infects a target file, it adds a PE section reference into the PE header, and an additional PE section is inserted into the host file. The entry point may also be modified to point directly to the infectious code, but in some cases, the viral code is referenced later in the code sequence. The new code section may appear between existing code sections, or it could be an appended section. Files that become infected grow in size by 60Kb or more.

Miscellaneous
The new section will not have a name association such as ".idata" or ".rsrc".

recommended-action-logoRecommended Action


    FortiGate systems:
  • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option

    • FortiClient systems:
  • Quarantine/Delete infected files detected and replace infected files with clean backup copies

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-29 92.02882
2024-03-25 92.02774
2024-03-20 92.02624
2024-02-01 92.01184
2024-02-01 92.01173
2023-12-27 92.00101
2023-11-13 91.08757
2023-11-08 91.08616
2023-09-25 91.07285
2023-06-13 91.04163
ID 170607
Released Apr 14, 2006
Description
Updated		 May 01, 2006
Aliases P2P-Worm.Win32.Polipos.a [KAV], PE_POLIP.A [TM], W32.Polip [SAV], W32/Polip.A!worm.p2p, W32/Polipos-A [Sophos], W32/Polipos.A, W32/Polipos.A [FP], W32/Polipos.A!worm.p2p, W32/Polipos.V12
Platform Profile Win32 file format / PE 32 bit