Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1286 Views 1 Reply Latest reply: Nov 4, 2011 5:31 PM by Hayton RSS
taurus12 Newcomer 1 posts since
Nov 4, 2011
Currently Being Moderated

Nov 4, 2011 4:46 PM

What is a polymorphic virus

I have discovered that I have a polymorphic virus. I have no clue where I was infected but I noticed it's affecting my comp. I am running Stinger right now and it's taking for ever to finish. Has anyone else contracted one of these nasty little bugs.

  • Hayton Volunteer Moderator 4,599 posts since
    Sep 27, 2010
    Currently Being Moderated
    1. Nov 4, 2011 5:31 PM (in response to taurus12)
    Re: What is a polymorphic virus

    "Polymorphic" is just a description of how the malware code delivers the infection. There are several viruses which use this technique, and they can be difficult to deal with. There have undoubtedly been users posting here who have encountered a polymorphic virus. If Stinger can't fix it you will probably need to request help from tech support.

    1. Polymorphic virus

      Polymorphic viruses create varied (though fully functional) copies of themselves as a way to avoid detection by anti-virus software. Some polymorphic virus use different encryption schemes and require different decryption routines. Thus, the same virus may look completely different on different systems or even within different files. Other polymorphic viruses vary instruction sequences and use false commands in the attempt to thwart anti-virus software. One of the most advanced polymorphic viruses uses a mutation engine and random-number generators to change the virus code and its decryption routine. Also see: mutating virus.   (From McAfee threat glossary)

     

     

     

     

    And from Wikipedia :

    Polymorphic code

    Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses, however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Antivirus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate.[21]

    Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for antivirus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.

     


    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points