The Polymorphic Virus: What It Is and How to Remove It

This ever-changing malware duplicates itself in numerous ways

A conceptual illustration of a polymorphic virus destroying a laptop computer.

Theresa Chiechi / Lifewire 

If you're a fan of movies with shape-shifters in them, a polymorphic virus might be entertaining to you. But for everyone else, this kind of ever-changing computer virus is not enjoyable at all.

Polymorphic viruses can attack Windows, Linux, or Mac computers; smartphones; tablets; laptops; smart watches, etc. Any type of device that can connect to the internet for any reason is at risk.

What is a Polymorphic Virus?

By definition, polymorphic means something that occurs in multiple forms and can be changed as needed. In computers, the term can be used to describe programming routines that use variables of different types at different times. Developers use polymorphic routines all the time to make all kinds of things run better, faster, and smarter.

A polymorphic virus, however, is not so useful. It is a relentless type of malware that can adapt to almost any kind of computer defense you use. It can replicate endlessly, change its characteristics over and over again, and outwit a large number of antivirus programs.

One reason polymorphic viruses are so dangerous is because they can change signatures many times in a single day, and do it again day after day. Antivirus software that only uses signature-based security features is often rendered useless against these types of viruses, so look for antivirus software that includes additional approaches in real time in order to protect yourself from the next Zero Day attack of this type.

Research by Webroot indicates that nearly all of today's viruses contain polymorphic aspects. Versions of this type of virus were first was discovered in the early 1990s and hackers quickly took notice of the way it could help them. By 2015, it took both FBI and Europol combined to bring down a botnet that was using a polymorphic virus to change itself up to 19 times a day to control about 12,000 private computers around the world. All this, of course, was unknown to the computer owners.

How Does a Polymorphic Virus Work?

A polymorphic virus can work in many different ways, since there are so many ways to attack a computer, then nearly unlimited ways to avoid detection once the virus infects a device. This kind of virus can evade pattern-matching detection software typically used by antivirus providers, which makes it difficult for the antivirus to recognize the malware as a threat and blocklist it. There is no single way that a polymorphic virus works.

At its core, however, a polymorphic virus encrypts and encodes itself to make it appear different even though it technically stays the same the entire time. It's sort of like taking a fingerprint and changing a tiny part one line in it: It's still the original fingerprint; it just looks a little different. That tiny difference, however, is what can confuse antivirus programs trying to track it down.

How Do I Know If I Have This Kind of Virus?

Because a polymorphic virus can come in almost any virus form, you'll need to pay close attention to your computer and what it's telling you. Maybe your system suddenly slows down significantly or you start seeing odd requests from your computer for passwords or sensitive information. You could see your web browser suddenly taking you to sites you didn't ask for or pop-up ads blowing up your screen on sites that don't normally use those types of ads.

You could even see the blue screen of death or your computer might not let you access files and documents you need. There are thousands of viruses released daily so any time you notice anything odd, run an extra check with your antivirus software.

How Did I Get a Virus Like This?

You could have gotten it from anywhere, really. Email attachments, for instance, are notorious for carrying viruses. So are freeware sites that allow you to download software free of charge. Perhaps you visited a website and didn't realize it wasn't a legitimate site so you clicked a few links before leaving it. You might even have clicked on a pop-up ad that seemed perfectly harmless. If you know the name of the specific virus you've contracted, you can sometimes track down the source more quickly. However, the bottom line is that any internet or email activity puts you at risk.

How Do I Get Rid of a Polymorphic Virus?

The best way to remove sneaky and malicious software like this is to use a tough antivirus software program that can find and eliminate all kinds of threats. Even though a polymorphic virus can change itself to avoid detection, the best antivirus programs use heuristic scanning and behavior-based detection processes to seek out crucial components a threat might have or behaviors it might use to steal your sensitive information. Look for an antivirus that uses at least one of these types of processes; it's worth the money if you're serious about protecting your information from hackers.

There are other options you can try:

  1. It might be possible to manually remove a polymorphic virus simply by uninstalling specific apps relating to it. Both Windows and macOS have clear ways to uninstall apps you no longer want to use.

    Once the suspected program is removed, run your antivirus software again to see if the warning still appears. This step is not always easy to perform since you might not know exactly which program triggered the warning. Polymorphic viruses are notoriously difficult to detect and remove plus, when Trojans are involved, they can infect multiple programs, too, so the removal of a single program might not eliminate the problem.

  2. If you're still receiving a warning or noticing a problem on your system, you may have a persistent malware infection that causes the virus to keep coming back repeatedly. To deal with that, you can try removing the virus without using an antivirus application. Most of the time, however, both antivirus and anti-malware will be needed to remove these types of infections.

    If the problem is on a mobile device, you may need to try different techniques to remove the virus from Android.

  3. If none of those steps solve the problem, you can use System Restore to return to an earlier point on your computer before you picked up the IDP.Generic virus. Be sure to select a period of time where you know you definitely didn't already have the virus on your computer. This process is fairly complicated, so be sure you feel confident in your computer knowledge before trying it.

How Can I Avoid Getting a Virus Again?

There are a few crucial ways in which you can lower your chances of being re-infected with a virus of any kind. It comes down to taking a proactive approach and recognizing that a hacker doesn't care who you are; he just wants your information or to use your computer for illegal purposes.

  • Update your antivirus software and malware protection. This is perhaps the single-most important thing you can do to avoid viruses. You can even get an antivirus program for Android devices or for Chromebooks, so there's no excuse for not having one installed.
  • Update your operating system. This helps ensure that any security issues are fixed quickly, and it's harder for a virus to infect your computer. 
  • Be wary of new programs. It's important to know the source of the programs and apps you've downloaded. Less reputable sites can include potentially unwanted programs (PUPs) that often contain these kinds of viruses. 
  • Stick to well known websites. Viruses can infect your computer through the suspicious websites you might browse. Clicking on the 'wrong' link or a pop-up ad can lead to you downloading a virus in seconds.