New p2p-virus....Win32.Polipos ?

for the same reason as other AVs that scored below 100% I imagine: the method of detection isn't good enough

 

In post #42 IBK has it listed as detecting all variants he has.

 

Seems some tester didn't replicate enough samples and used goat files that are too similar to each other.

 

Hello!

Look this link: http://www.pcwelt.de/news/sicherheit/136731/index.html

izi

 

Thats odd regarding NOD32

 

Fortinet W32/Polipos.A 49,7%
F-Prot P2P-Worm.Win32.Polip.a 95,2%
F-Secure W32/Polipos.V12 100,0%

The result table is messed up.
F-secure never calls it "W32/Polipos.V12" - thats the Fortinet Name and F-Prot has the KAV/F-Secure detection name

 

That's true. This table is realy strange. I hope that NOD32 and Kaspersky detect this file 100%.

 

Of course it's true when i write that - i do not fool around with technical postings

 

Sorry my master

 

My guess is that the publisher has just messed up some items in certain column concerning those sample names, nothing more. Kaspersky and F-secure were still able to detect them all according to that sample name by KAV. So NOD still was unable to detect them all.

Btw. If you can't detect them all with polymorphics, is it the same as you just can't prevent that infection at all?
So, all detection percents below 100 % has no implication at all.

Best regards,
Firefighter!

 

Panda Antivirus detected and deleted the virus, but I did read all you guys posting and this made me quite anxious that it isn't that simple.
I ran a removal tool (only for the memory) from Bit Defender and nothing was found.
http://www.bitdefender.com/VIRUS-1000066-en--Win32.Polipos.A.html
Does this mean that my computer is clean ?

 

I would run a online scan from a company that detects 100% of the virus.
or a stand alone from a bootCD to be completely safe.

 

Thank you for your reply !
Did an on-line scan with Norton and there was no more detection, compressed files are not scanned but Panda did remove a few .exe files that probably got infected through the execution of only two downloaded infected .exe files (p2p), the other ones (rar files) were not executed but removed by Panda.
I hope this is the end of it.
Greetings.

 

Did panda delete the files or renamed them?
When I had the problem about a week ago and it could not delete the virus.

Also what version are you using?

I had to use Doctor Web's Cure it to Get rid of it.

 

I use Panda Internet Security 2005 version 9.02.03 with TruPrevent and Panda moved the files in quanrantine and I could delete them.

 

NOD32 has 2 definitions added for it: http://nod32sse.hotserv.dk/index.php?year=All&show=list&seek=Win32/Polip&sog=Go

Perhaps it detects all variants....

 

McAfee released a Stinger tool dedicated to remove Polip:
http://vil.nai.com/vil/stinger/polipstinger.asp
(At this time, repair of any infected file requires Stinger for W32/Polip standalone remover.)
http://vil.nai.com/vil/content/v_139296.htm

 

Re: New p2p-virus....Win32.Polipos Mabey FIX?

I got the Win32.Polip virus and have worked for a week trying to get rid of it
I ran BitDefender on all my files and it said it fixed the files (it changed the Icon to a dos Icon), only Norton and AVG still found the virus in the files that BitDefender said it fixed.
I ran Dr. Web and it said all the files were clean, but the exe were dead! And I didn't want to delete them.
I got a bright idea (very seldom do I get those) and changed the extension from exe to zip on several of these files.
I ran Dr. Web again and it found the virus and cured it
I changed the extension back to exe and the icon changed back to original.
I ran Norton and Avg on these files and NO VIRUS WAS DETECTED.
I installed the programs with no hitch. Checked my system for Virus's and everything was Clear.
This Worked for me I hope it works for you.
Steve

 

Re: New p2p-virus....Win32.Polipos Mabey FIX?

Nice work around Steve.

 

Just a note for what I did on clearing the Win32.polip I changed the extension with Norton running then diabled it when I ran Dr. Web. Dr Web said the files were ok until I disabled Norton, then Dtr. Web found the virus in the new extension and cured it. I changed the extension back and then enabled Norton again

 

Peter Ferrie released his Polipop Write-Up
http://pferrie.tripod.com/vb/polip.pdf

Especially interesting is what he states in the Conclusion at the end of this article about Dr.Web
Doesn't this sound somehow familar what other AV people said before?

 

If we summarize all it look like that for some people its hard to detect and requre a lot of work while for some others its easy